If a customer is not using CTI apps, and has an available static IP, we normally throw in a cheap router on our own.

Something like a Netgear 318 for 7200s and 7400s then port forwarding for the MCP, MGI/OAS, SVMi internal IPs. That makes sense and relieves us of the grief of dealing with the data guys.

NOW - on 7100s, 7030s, 7200-S systems where everything is embedded onto one card - I've noticed people saying that put them right on a public WAN IP. No firewall/router.

Is that acceptable? Is there anything to really 'hack' without IT tool and a password?

Just curious if people that set up their own remote maintenance outside/before the customer's network firewall if that is an option - just plugged right into the Wild Wild West. No QOS req or anything like that, just talking strictly about remote programming access.

Probably not the best idea... pm sent

Thanks. We will keep putting a cheap router in front in those situations.

Ive always wondered about that to. The Tech that i replaced was natoriuos for puting every thing on the public which took 3 public addresses for the mcp/mgi/vm.I prefer to put them on the private and port foward but I dont see why that is any different than putting them on the public since you cannot change the ports on OSM and VM and stuff like that. Genisis I would like to here your Pm to Noisy and get another take on this. Thanks

Well to put it vaguely IT tool or OSM are not the only way into the 7000's, 100's, 500's, or the MGI cards for that matter. Granted no one will be reprogramming your systems these ways but they can cause you some serious problems and money.

Thats what I thought the concern was about but just wanted someone to reassure the concern. Thanks.

I should add that I was only considering doing it on the 7030, 7100, and 7200-S where normally everything is at just one address.

If I had a 7200 with MCP, SVMi, OAS I definitely wouldn't use statics/direct on internet. That just doesn't seem to clean for communication between the backplane devices.

When the manual states that the MCP, SVMi, and MGI/OAS must be "on the same network" I don't think they meant using the public internet as that network .

Just the cheapest Linksys or Netgear does the job. I like the Netgear 318. Cheap and easy to program for port forwarding.

Funny about installing all three devices on a public/dirty switch!! Now that was a tech that didn't want to deal with a router ....

I would be a little more concerned than that. The "tech only" ports used are not the big issue and are not likely to be trouble. The one to one NAT and or port forwarding are the biggest issues. Not that I condone the public side use, but bare with me here. What is the point behind port forwarding if it can not be monitored? Small cheap routers offer no security in this area.

K nuff of this, I will continue in private if you guys want. But the Public forum is not the place.

Ok emailed you, thanks.

I can add that when we were writing additional Network Monitor software for OS 7000 systems, we found one bad thing about MCP LAN interface. If you try to send for example 100 by second TCP/IP packets to it ( we used TCP/IP packet with one byte symbol and sent it to the TCP Alarm port for alive checking, and mistakenly sent them so often ) MCP will hang-up and will return to life only after reset. DDOS problems are present…

Thanks. We have decided that not putting them directly on the public/dirty internet is a safer choice.

When we have put PCs directly on a public WAN IP for testing we have noticed that it just takes a few minutes before it gets hammered. Anything that can be pinged from the net is like wearing a bullseye.

I was just originally curious if we were just being too paranoid. Better safe then sorry.

Wrichey, you can feel free to close this thread if you like, all has been covered here that needs to be .... thanks.