- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-26-2023 10:24 AM
I am having to step in during a transition and I cannot seem to get my configuration right, and I am hoping someone can provide me examples of what rules (NAT and Security) that I might need to allow iDRAC access to a couple of servers that reside in our untrusted zone from a specific public ip. I have assigned the iDRAC controllers public ip's on the firewall, but I am unable to get them to show up via https. Any help or pointers would be greatly appreciated.
07-31-2023 10:37 AM
Hi @SCS_BPotts ,
If you would like external iDRAC access you will need to create a DNAT policy and Security Policy.
The DNAT rule will translate the incoming public IP to the internal IP of the respective server. This will allow external access to the servers via their iDRAC IPs.
DNAT Rule
Src Zone: Untrust
Dst Zone: Untrust
Src Address: Enter the specific public IP
Dst Address: Public iDRAC IP
Service: Specify which port
Src Translation: dynamic ip and port, specify the internal address/interface
Dst Translation: Specify the internal IP
Then create your security policy to allow the public IP to the internal IP.
Src Zone: Untrust
Src Address; Public IP
Dst Zone: Zone where the server is in
Dst Address: Internal IP
Service: Port if you would like
Application: Application you would like
Hope this helps or gets you in the right direction.
07-31-2023 04:05 PM
Thank you. I was able to figure it out, and set it up late last week, and was able to get it to show a bad request page initially. Then I was able to determine that the bad request page was due to the firmware on the iDRAC coupled with the iDRAC web server not liking the headers when the packets went from internal to external and vice versa via static ips. Updating the firmware and setting a dns entry for the outside address in the iDRAC webserver fixed that and now it is working like it should.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!