As we work to bring the new Nagios system on-line, there's a lot of firewall changes that need to get made.

Comtech has established a range of addresses for all OIT devices meant for monitoring, and the intention is to open this address range (referred to as "OIT-Monitor") for incoming access for monitoring protocols for all datacenter subnets. This will make firewall settings easier and quicker for ComTech, and allow everyone less back and forth in setting up firewall rules for new VLANS.

The monitoring servers in the OIT-Monitor range of addresses should have incoming access to the following ports for all OIT servers:

echo-reply
echo-request
dest-unreach

UDP and TCP 161 (SNMP read)
TCP 5666 (Nagios NRPE)
UDP 1161 (SMC)
TCP 9999 (MRTGEXT)
tcp/524 (NCP)
tcp/427 (SLP)
tcp/389 (LDAP)
tcp/636 (LDAPS)
tcp/13782 (Netbackup)

Eric and I have just confirmed that the issues previously thought to be DNS problems using ns60 were in fact a firewall problem.

Eric is going to identify a bunch of test vms and provisioning servers, and I'm going to look for admin vms and servers at Monday's WAL meeting to set to use ns60 using a GPO.  The idea is that we eat our own dogfood while the CAB deliberates on pushing ns60 out wholesale to all ACSAD workstations.