Configuring the Remote Management Module for Gen 4 (T-800/T-1200) Appliances

Overview

The remote management module (RMM) or management port in Tufin appliances lets you connect to an administration web interface for the appliance. You can configure RMM network settings using BIOS or using SSH or a Console

Prerequisites

The following ports must be open between the appliance and the TufinOS installation host:

Use

Port
HTTP 80 (TCP)
HTTPS 443 (TCP)

IPMI Virtual media

623 (UDP/TCP)

Remote console

5900, 5901 (TCP)

SSH

22 (TCP)

WS-MAN

5985 (TCP)

Configure RMM Network using BIOS

If TufinOS is installed on your appliance, you can configure RMM using SSH or a console.

  1. Reboot or start the appliance and press DEL to enter BIOS setup.

  2. Select IPMI > BMC Network Configuration.

  3. Set Update IPMI LAN Configuration to YES.

  4. Edit the settings as required.

  5. Set Update IPMI LAN Configuration back to No.

  6. Save settings and reboot the appliance.

Configure RMM using SSH or a Console

  1. Make sure that the MGMT port for the appliance is connected to the network.

  2. Connect the appliance via SSH or a console and set the following network settings:

    [<ADMIN> ~]# ipmitool lan set 1 ipaddr <RMM IP Address>
    ipmitool lan set 1 ipaddr <RMM IP Address>
    [<ADMIN> ~]# ipmitool lan set 1 netmask <Subnet Netmask>
    ipmitool lan set 1 netmask <Subnet Netmask>
    [<ADMIN> ~]# ipmitool lan set 1 defgw ipaddr <Default Gateway IP Address>
    ipmitool lan set 1 defgw ipaddr <Default Gateway IP Address>

  3. Verify the configuration:

    [<ADMIN> ~]# ipmitool lan print 1
    ipmitool lan print 1

  4. Ping the RMM IP address to confirm connectivity:

    [<ADMIN> ~]# ping <RMM IP Address>
    ping <RMM IP Address>

  5. Configure the user settings:

    1. Check the existing user list:

      [<ADMIN> ~]# ipmitool user list 1
      ipmitool user list 1

    2. Create or modify users. This command will create a new user or overwrite settings for an existing User ID.

      [<ADMIN> ~]# ipmitool user set name <user_id> <username>
      ipmitool user set name <user_id> <username>
      [<ADMIN> ~]# ipmitool user set password <user_id>
      ipmitool user set password <user_id>
      [<ADMIN> ~]# ipmitool channel setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]
      ipmitool channel setaccess <channel number> <user id> [callin=on|off] [ipmi=on|off] [link=on|off] [privilege=level]

      For example:

      ipmitool user set name 3 myuser
      ipmitool user set password 3
      ipmitool channel setaccess 1 3 callin=on ipmi=on link=on privilege=4

    3. Enable the new user:

      ipmitool user enable <user_id>
      ipmitool user enable <user_id>

  6. In a browser, log into the web interface and confirm that you can connect using the username and password defined in the previous step.

    https://<RMM IP Address>
    https://<RMM IP Address>
If you cannot connect to login to the user interface, see Troubleshooting Appliances.

Now you can securely connect to the RMM to do remote administration tasks.

For complete IPMI documentation, see the IPMI Users Guide (PDF)