2 Replies Latest reply on Apr 25, 2007 2:53 PM by Bill Robinson

    Provisioning Behind a firewall hangs at step 4

    Bill Robinson

      I'm trying to do a bare-metal provision in a firewalled environment. the pxe/tftp server is in the provisioning vlan and can talk to the db through the firewall. the provisioning vlan can talk to 9831 through the fw to the app server. the app server can talk to the prov vlan via 4750.


      the bare metal server pxe boots and shows up in prov manager. i use the provisioning wizard and then it stops at step 4. on the bare metal box it pxe boots again, then 'hangs' at trying to contact the app server on 9831. then the BM box reboots.


      what's the deal ?


      this is w/ 7.2

        • 1. Re: Provisioning Behind a firewall hangs at step 4

          tcp keepalive.


          your bare metal client has an established tcp connection with the appserver which goes away when your bare metal client reboots. when it comes back up, a new tcp session is attempted. unfortunately, i think the firewall to the appserver side of the original connection still exists...


          when the bare metal client tries to initiate the new connection, it's using the same port (9831), same originating address (assigned to the bare metal client via dhcp) to the same target (appserver IP), but with a different numbering sequence on the tcp packets. for most firewalls, this is seen as a spoof attack, and the traffic is dropped.

          • 2. Re: Provisioning Behind a firewall hangs at step 4
            Bill Robinson

            this seems to be the case. we changed the ip address (dhcp reservation) around and rebooted the bare metal box and the provision process would continue. i guess we need to change the idle session timeout to < 60 min which is what is it now... maybe something more like 2 min...