|
Should the console server sit on the network edge or behind a firewall?
In general the Opengear console servers will be located on Management LAN inside an existing firewalled network. The console servers have multiple layers of robust in built security:
- all have a fully functional firewall with configurable IPtables
- OpenSSH provides secure remote console server access and tunneling to attached devices
- authenticated dial-in or broadband access path with dial back and trusted network features ensures secure out of band access
However Opengear has not included web config tools and auto-update facilities for the firewall facility. So we generally do not recommend the console server be used as the edge device directly connected to the public network.
The IMG4xxx and IM42xx console servers have additional Ethernet network ports that can be configured as a management gateway. So these console servers can be providers of the Management LANs (rather than just sitting on them :) The IMG4xxx and IM42xx provide a management LAN gateway with firewall, router and DHCP server. With an IM42xx you will need to connect an external LAN switch to Network 2 to attach hosts to the management LAN. Whereas the IMG4xxx has an integrated four or twenty four port management LAN switch (i.e. it provides a firewall, router, DHCP server and VLAN switch).
|
