No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Local HA System Software Installation Guide (SUSE Linux + Oracle + Veritas) 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Do If eSight Cannot Be Accessed Through NAT Mapping

How Do I Do If eSight Cannot Be Accessed Through NAT Mapping

Question

How do I do if eSight cannot be accessed through NAT mapping?

Answer

In an HA system, operations in this section need to be performed only on the active node.

  1. Modify the esightsso.ssoclient.ext.xml file.

    File path: eSight installation directory\AppBase\etc\oms.sso\ext\esightsso.ssoclient.ext.xml

    Add the following information to the servers section in the file. If the servers section does not exist, create it.

    In a local HA system, replace 10.120.50.118 with the floating IP address. In other systems, replace 10.120.50.118 with the system IP address of the eSight server.

    <config name="server"> 
        <param name="entryAddressMapping">Public network IP address</param> 
        <param name="name">10.120.50.118:8087</param> 
        <param name="public">https://Publick network IP address:31942/sso</param> 
        <param name="private">http://10.120.50.118:8087/sso</param> 
        <param name="logout">https://Public network IP address:31942/sso/logout</param> 
    </config>

    Example:

    <?xml version="1.0" encoding="UTF-8"?> 
    <config name="oms"> 
        <config name="sso"> 
            <config name="client"> 
                <param name="enabled">true</param> 
                <param name="isShowWhiteListPage">true</param> 
            </config> 
            <config name="servers"> 
                <config name="server">                
                <param name="entryAddressMapping">Public network IP address</param>                
                <param name="name">10.120.50.118:8087</param>                
                <param name="public">https://Public network IP address:31942/sso</param>                
                <param name="private">http://10.120.50.118:8087/sso</param>               
                <param name="logout">https://Public network IP address:31942/sso/logout</param>           
            </config> 
            </config> 
        </config> 
    </config>

  2. Modify the esightsso.sso.ext.xml file to add the public IP address to the client-trusted-ip section.

    File path: eSight installation directory\AppBase\etc\oms.sso\ext\esightsso.sso.ext.xml

    If the esightsso.sso.ext.xml file does not contain the client-trusted-ip section, go to Step 3. If the file contains the client-trusted-ip section, skip Step 3.

    <param name="client-trusted-ip">10.120.50.118, Public network IP address</param>

  3. Modify the sso.xml file to add the public IP address to the client-trusted-ip section.

    File path: eSight installation directory\AppBase\etc\oms.sso\sso.xml

    <param name="client-trusted-ip">10.120.50.118,Public network IP address</param>

  4. Check eSight installation directory\AppBase\etc\iemp.esight\roa_ext_esight.properties.

    • If http.host.white.list exists and the value is * (for example, http.host.white.list=*), no further action is required.
    • If http.host.white.list exists but the value is not *, add the public IP address to the end of http.host.white.list.

    Example: http.host.white.list=10.120.50.118:31943,10.120.50.118:8080,10.120.50.118:31942,10.120.50.118:32020, Public network IP address:31943, Public network IP address:8080, Public network IP address:31942, Public network IP address:32020

  5. Check eSight installation directory\mttools\etc\iemp.esight\roa_ext_esight.properties.

    • If http.host.white.list exists and the value is * (for example, http.host.white.list=*), no further action is required.
    • If http.host.white.list exists but the value is not *, add the public IP address to the end of http.host.white.list, for example, http.host.white.list=10.120.50.118:31945,10.120.50.118:8088,10.120.50.118:31942, Public network IP address:31945, Public network IP address:8088, Public network IP address:31942

  6. Restart the eSight server.
  7. Map ports 8080, 31942, 31943, 8088, and 31945 of the public IP address to ports 8080, 31942, 31943, 8088, and 31945 of the system IP address of eSight, respectively.

    Take the USG firewall as an example. Log in to the USG firewall and run the following commands:

    For details, see the firewall product documentation of the corresponding version. The commands may vary slightly according to the version.

    [device]system-view
    <device>nat server for_eSight_1 protocol tcp global Public network IP address 8080 inside 10.120.50.118 8080 no-reverse
    <device>nat server for_eSight_1 protocol tcp global Public network IP address 31942 inside 10.120.50.118 31942 no-reverse
    <device>nat server for_eSight_1 protocol tcp globalPublic network IP address 31943 inside 10.120.50.118 31943 no-reverse
    <device>nat server for_eSight_1 protocol tcp global Public network IP address 8088 inside 10.120.50.118 8088 no-reverse
    <device>nat server for_eSight_1 protocol tcp globalPublic network IP address 31945 inside 10.120.50.118 31945 no-reverse

    If the port number set during eSight installation is not 8080, you need to replace 8080 in the commands with the port number set during eSight installation. In the commands, for_eSight_1 is the server name, and 10.120.50.118 is the eSight system IP address.

Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044372

Views: 30050

Downloads: 26

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next