How to setup Nimsoft Monitor Tunnels

Document ID : KB000034262
Last Modified Date : 18/04/2018
Show Technical Document Details
Introduction:

How to setup Nimsoft Monitor Tunnels

 

Environment:
UIM 8.5.1
Instructions:

Tunnel Setup:


The decision has to be made which side of the hubs will act as tunnel server (receiving the connection) and tunnel client (making the connections). All in all, only one port will need to be opened on tunnel server end: default is 48003 but any available port can be used e.g 443. Please note that tunnel traffic is NOT an HTTPS traffic, if using port 443.

Following are high level steps, please refer to Installation Guide for detailed information on tunnel concepts and detailed steps.

 

1- On Tunnel Server:


I-Setup CA(Certificate Authority):
a-    Enable Tunneling (if it is not already enabled) 
•    In hub probe GUI, in General section, select the checkbox next to "Enable Tunneling". It will enable "Tunnels" tab.
•    In Tunnels section, select "Active" checkbox in "Server Configuration".
•    In the "Certificate Authority Setup" window, fill out the field accordingly.
•    Select "Security Settings" as desired. Note that if you choose Medium and above, the encryption will be stronger but on the cost of processing resources
•    Click Apply button and restart the hub probe

      Note: If first probe port is set on hub's controller, then you should also set first probe port in hub GUI Tunnels->Advanced section to offset it from e.g 48000 range.
 

II-Create Tunnel Client Certificate:

•    In hub probe GUI, go to "Tunnels->Server Configuration" section
•    Click on New button under "Issued Certificates" section
•    In "Client Certificate Setup" Window, fill out "Who", "Where"fields accordingly. The fields under "Authentication" should be filled out as:
o    Common Name: The tunnel client's connection IP address. If client is NAT'ed i-e its external IP address is different than internal IP, then use client's external IP address in this field. You can also use wild-card i-e either one asterisk '*' or four asterisks '*.*.*.*' (without quotes) to setup only one certificate which can then be used for multiple tunnel clients
o    Password: Make note of this password, as you will use it on client side of the hub when installing the certificate.
o    Expire days: The default is 365 days, depending on the requirements and the length of the client tunnel's life, this can be increased to avoid re-generating tunnel certificate and reset the tunnel client

III-Copy Tunnel Client License:

•    In hub probe GUI, in "Tunnels->Server Configuration" section, click View under "Issued Certificates" section
•    Click Copy button , it will copy the Certificate to your clipboard
•    Open Notepad application and do a CTRL+v or right-click Paste
•    Save the file, name it accordingly and make sure that no extra character is inserted in to the file
•    Now, copy the file to tunnel client or have it available so that you can copy/paste on tunnel client side

 

2- On Tunnel Client:

Note 1: During hub installation, you are given an option to "initialize Security", which creates a local copy of security.cfg file and sets up Nimsoft 'administrator' user password. This is a required step on tunnel clients as you need to login to hub as 'administrator' user to setup tunneling

Note 2: Normally, Infrastructure Manager will not be installed/available on tunnel client side. You can use "Nimsoft Using DMZ Tunnel Setup Wizard" ("Nimsoft Monitoring->Tools" application group):

I-Using Infrastructure Manager:
•    Login to tunnel client hub
•    In hub probe GUI, enable "Tunneling" option in General section
•    Switch to Tunnels tab and then to "Client Configuration"
•    Click New button
•    Deselect "Check Server Common Name" if Tunnel Server is NAT'ed
•    Fill out fields accordingly. Use the Password which you setup in step 3 of "Create Tunnel Client Certificate"
•    Paste client certificate in "Certificate" field, you created in step 3 of "Create Tunnel Client Certificate" and copied in step 5 of "Copy Tunnel Client License"
•    Click on OK and then Apply and restart the hub probe

Now, if all goes well, your tunnel client will connect to tunnel server. If you get errors accessing new hub, refer to Troubleshooting section.

II-Using "Nimsoft DMZ Tunnel Wizard”:
•    Open up "Nimsoft DMZ Tunnel Wizard" from Program's menu
•    Select "Client" in first screen
•    You will be prompted for administrator password
•    Fill in the fields appropriately and tunnel certificate

 After finishing up, do not login to new hub till the Enabled status shows up in Security column of Infrastructure Manager
If you get errors accessing new hub, refer to Troubleshooting section
 
Note: Tunnel doc is attached in .doc format which contains troubleshooting section as well
.

keywords: tunnel tunnels SSL enable enablement DMZ different network networks certificate client server Nimsoft wizard NAT tunneling setup config configuration NAT'ed install security encrypted

File Attachments:
TEC000002642.zip