Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Best Practice Public Access and NRPE

https://support.nagios.com/forum/viewtopic.php?t=9318

Page 1 of 1

Best Practice Public Access and NRPE

Posted: Tue Feb 12, 2013 5:14 pm
by asmgiadmin
What is best practice in making Nagios server available to public internet?

I'd like to implement in public DMZ and allow clients communication with core network. What firewall configs / firewall rules should be in place if NRPRE requires TCP 5666?

Re: Best Practice Public Access and NRPE

Posted: Tue Feb 12, 2013 5:30 pm
by sreinhardt
If you wish to allow access to the public internet, I would suggest only allowing port 443 incoming and unless you have external checks, also restrict apache to https only. Allow as few if any external ports as well. Secondly a Web Application Firewall(WAF) would not be a bad idea, whether physical host in front of it or mod_security type setup.

NRPE would need 5666 coming from the nagios machine to the internal network, then back out only as an established connection.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited