Hi All
I have some SLES Server need perform online update, but a question, base on security policy, I could not let these server direct access internet.
I need create a firewall policy to limit SLES only access server which are indeed need when I perform register customer center and online update.
Whether I just open SLES Server connect nu.novell.com by HTTPS or not ?
thanks!!
wencheng
Hi wencheng,
Whether I just open SLES Server connect nu.novell.com by HTTPS or not ?
these update servers are obviously hosted at Akamai, there’s no way to predict when the actual IPs of the server(s) might change (and most likely there are multiple servers to cover the various regions):
[QUOTE]Non-authoritative answer:
nu.novell.com canonical name = nu.novell.com.edgekey.net.
nu.novell.com.edgekey.net canonical name = e4579.c.akamaiedge.net.
Name: e4579.c.akamaiedge.net
Address: 2.22.6.147
[/QUOTE]
Your question seems to target packet filter rules. May I suggest a different firewalling approach? How about setting up a Squid proxy that is permitted to do http/https to the Internet, but enforces a rule that only requests to nu.novel.com may be served?
Of course the details of your firewalling depend on the overall structure of your network setup (is the server in question directly connected to the Internet? Can you route traffic from that server through other systems?) and security requirements.
Regards,
Jens