No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Local HA System Software Installation Guide (SUSE Linux + MySQL + OMMHA) 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Do If eSight Cannot Be Accessed Through NAT Mapping

How Do I Do If eSight Cannot Be Accessed Through NAT Mapping

Question

How do I do if eSight cannot be accessed through NAT mapping?

Answer

NOTE:
  1. Operations in this section are applicable to eSight V300R009C00 or later versions.
  2. In an HA system, operations in this section need to be performed only on the active node.
  1. Modify the esightsso.ssoclient.ext.xml file.

    File path: eSight installation directory\AppBase\etc\oms.sso\ext\esightsso.ssoclient.ext.xml

    Add the following information to the servers section in the file. If the servers section does not exist, create it.

    NOTE:

    Replace 6.6.6.6 with the public IP address. In a local HA system, replace 10.120.50.118 with the floating IP address. In other systems, replace 10.120.50.118 with the system IP address of the eSight server.

    <config name="server"> 
        <param name="entryAddressMapping">6.6.6.6</param> 
        <param name="name">10.120.50.118:8087</param> 
        <param name="public">https://6.6.6.6:31942/sso</param> 
        <param name="private">http://10.120.50.118:8087/sso</param> 
        <param name="logout">https://6.6.6.6:31942/sso/logout</param> 
    </config>

    Example:

    <?xml version="1.0" encoding="UTF-8"?> 
    <config name="oms"> 
        <config name="sso"> 
            <config name="client"> 
                <param name="enabled">true</param> 
                <param name="isShowWhiteListPage">true</param> 
            </config> 
            <config name="servers"> 
                <config name="server">                
                <param name="entryAddressMapping">6.6.6.6</param>                
                <param name="name">10.120.50.118:8087</param>                
                <param name="public">https://6.6.6.6:31942/sso</param>                
                <param name="private">http://10.120.50.118:8087/sso</param>               
                <param name="logout">https://6.6.6.6:31942/sso/logout</param>           
            </config> 
            </config> 
        </config> 
    </config>

  2. Modify the esightsso.sso.ext.xml file to add the public IP address to the client-trusted-ip section.

    File path: eSight installation directory\AppBase\etc\oms.sso\ext\esightsso.sso.ext.xml

    NOTE:
    • Replace 6.6.6.6 with the public IP address.
    • If the esightsso.sso.ext.xml file does not contain the client-trusted-ip section, go to Step 3. If the file contains the client-trusted-ip section, skip Step 3.

    <param name="client-trusted-ip">10.120.50.118,6.6.6.6</param>

  3. Modify the sso.xml file to add the public IP address to the client-trusted-ip section.

    File path: eSight installation directory\AppBase\etc\oms.sso\sso.xml

    NOTE:

    Replace 6.6.6.6 with the public IP address.

    <param name="client-trusted-ip">10.120.50.118,6.6.6.6</param>

  4. If the APM is installed, modify the ssoconfig.xml file.

    File path: eSight installation directory\APM\apm\core-server\webapps\oceanserver\WEB-INF\classes\ssoconfig.xml

    NOTE:

    Replace 6.6.6.6 with the public IP address.

    <sso.ssoserver.url>https://6.6.6.6:31942/sso</sso.ssoserver.url>

    <sso.client.bindIp>10.120.50.118,6.6.6.6</sso.client.bindIp>

  5. Restart the eSight server.
  6. Map ports 8080, 31942, 31943, 8088, and 31945 of the public IP address (6.6.6.6) to ports 8080, 31942, 31943, 8088, and 31945 of the system IP address of eSight, respectively.

    Take the USG firewall as an example. Log in to the USG firewall and run the following commands:

    [device]system-view
    <device>nat server for_eSight_1 protocol tcp global 6.6.6.6 8080 inside 10.120.50.118 8080 no-reverse
    <device>nat server for_eSight_1 protocol tcp global 6.6.6.6 31942 inside 10.120.50.118 31942 no-reverse
    <device>nat server for_eSight_1 protocol tcp global 6.6.6.6 31943 inside 10.120.50.118 31943 no-reverse
    <device>nat server for_eSight_1 protocol tcp global 6.6.6.6 8088 inside 10.120.50.118 8088 no-reverse
    <device>nat server for_eSight_1 protocol tcp global 6.6.6.6 31945 inside 10.120.50.118 31945 no-reverse
    NOTE:

    If the port number set during eSight installation is not 8080, you need to replace 8080 in the commands with the port number set during eSight installation. In the commands, for_eSight_1 is the server name, 6.6.6.6 is the public IP address, and 10.120.50.118 is the eSight system IP address.

Download
Updated: 2019-09-02

Document ID: EDOC1100011856

Views: 90889

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next