Geneos ["Geneos"]
["Geneos > Netprobe"]["User Guide"]

Restrict Gateway hosts


In order to provide an extra level of security, it is possible to configure a Netprobe to only accept connections from a nominated 'trusted' list of Gateway hosts.

This is done by setting the TRUSTED_GATEWAY_HOSTS variable, either in the Windows registry, or as an environment variable on Linux and other platforms. The variable should be set to the names of the trusted hosts, separated by commas. For more information, see Setting variables for Netprobe on Windows platforms in Netprobe variables.

TRUSTED_GATEWAY_HOSTS may contain a host alias as defined in /etc/hosts file. If TRUSTED_GATEWAY_HOSTS is set to +, then any Gateway is trusted—this is equivalent to not setting the TRUSTED_GATEWAY_HOSTS variable.

Non-trusted hosts attempting to connect will cause a warning message to be logged on the Netprobe and to all connected Gatewayand Active Console Event Tickers.

For security, you can only set the TRUSTED_GATEWAY_HOSTS setting on the machine running the Netprobe. You cannot set it as part of the probe configuration on the Gateway.

A similar setting, TRUSTED_GATEWAY_NAMES, can be configured to restrict Gateways connecting to Netprobe in the same manner as TRUSTED_GATEWAY_HOSTS. This setting checks the Gateway name rather than the host.

Note: Only one Gateway should attempt to connect to each Netprobe. If multiple Gateways connect to a single Netprobe, then only the first connection attempt will get a successful connection. The succeeding connection attempts will be rejected.