38 IBM Tivoli Remote Control Across Firewalls
configuration file. However, if you decided to change this port, you
need to also review the rc_def_proxy policy. For more information
about the RC Proxies configuration files, refer to
IBM Tivoli Remote
Control User’s Guide
, SC23-4842.
Sometimes, the Controller could be in a secure zone and managed by a local
Tivoli Endpoint Gateway and the Target could be in another secure zone and
also be managed by a local Tivoli Endpoint Gateway. In this case, two firewalls
separate the Controller and its RC Target Proxy from the Target and its RC
Controller Proxy. The TFST Relay could be installed in the zone between the two
secure zones and used to pass the information between the RC Target Proxy
and the RC Controller Proxy.
In order to implement the Remote Control session to use Remote Control
Proxies, the rc_def_proxy default policy method needs to be configured as
shown in Example 1-14.
Example 1-14 The rc_def_proxy default policy method for Remote Control
#!/bin/sh
#
# Default policy method for Remote Control Proxy
#
# This policy method determines whether to use Remote Control Proxies.
# If you use Remote Control Proxies, rc_def_proxy defines how the controller
# uses the Remote Control Proxies to start a session with a target across a
# firewall.
#
# Possible values:
#
# NO Do not use the Remote Control Proxies.
#
# YES <configuration type> <rc proxy ip address> <rc proxy port>
# Use the Remote Control Proxies, where:
#
# <configuration type>
# Identifies the following scenarios:
#
# auto
# The controller and Remote Control Proxies
# search the route to the target using the
# information stored by
# Tivoli Firewall Security Toolbox.
#
# manual
# The Remote Control Proxies run as standalone.
# The controller uses the network address that
# you specify in this method to reach