*techsupport tunnelについて [#j6a5ac61] RIGHT:更新日&lastmod(); IronPortの動作に問題等がある場合、メーカーより直接IronPortに ログインして内部状態を確認する場合 ***トンネルの開始 [#z68b88d0] techsupport tunnnelを有効にすると、IronPort自体から 「upgrades.ironport.com」に対して、TCPで接続する。 この接続はSSHにより暗号化される。 デフォルト設定では、TCPポート25で接続する。これは、メール送信 で使用する通信と同じポートなので、IronPort機器から直接インター ネットに対してメールを送信しているネットワーク構成では、F/W等に 特別にポートをあける必要はなし。 他、 22, 53, 80, 443, 4766ポートを指定して接続することも可能。 DNSにて「upgrades.ironport.com」の名前解決が可能である必要 techsupport tunnelを利用する場合、以下の2点の情報が必要。 -筐体のシリアル番号 -暫定パスワード iron.mie-chukyo-u.ac.jp> techsupport Service Access currently disabled. Serial Number: 001******CA-******C1 0015C5FA82CA-9SSDGC1 Choose the operation you want to perform: - SSHACCESS - Allow an IronPort customer service representative to remotely access your system, without establishing a tunnel. - TUNNEL - Allow an IronPort customer service representative to remotely access your - SSHACCESS - Allow an IronPort customer service representative to remotely access your system, without establishing a tunnel. - TUNNEL - Allow an IronPort customer service representative to remotely access your system, and establish a secure tunnel for communication. - STATUS - Display the current techsupport status. []> tunnel Enter a temporary password for customer support to use. This password will not be able tobe used to directly access your system. - the password must be between 6 and 128 characters long; - it cannot be blank or consist only of spaces; - it must be different from the administrator's password. []> ***** <=ここは***の伏字ではなく普通に表示した Enter the port number for tunnel connection: [25]> <==Port25を使用するのでEnter Are you sure you want to enable service access? [N]> y Service access has been ENABLED. Please provide your temporary password to your IronPortCustomer Support representative. Waiting for ssh tunnel to connect, Ctrl-C to cancel... <==ここで少し時間がかかる You have enabled the SSH tunnel and it is now connected. iron.mie-chukyo-u.ac.jp> ''終了したらこんなメールが届いた'' Date: 18 Mar 2008 13:49:12 +0900 From: "IronPort C100 Alert" <alert@iron.mie-chukyo-u.ac.jp> To: okada@mie-chukyo-u.ac.jp Subject: Info <System> iron.mie-chukyo-u.ac.jp: Tech support: Service tunnel has been enabled, port 25 Message-Id: <20080318044900.5BE351CAC697@mail.mie-chukyo-u.ac.jp> The Info message is: Tech support: Service tunnel has been enabled, port 25 Version: 5.1.0-320 Serial Number: 001**********-9S***** Timestamp: 18 Mar 2008 13:49:12 +0900 To learn more about alerts, please visit our Knowledge Base. In many cases, you can find further information about this specific alert. Please click the Knowledge Base link after logging into our Support Portal at: http://www.ironport.com/support/login.html If you desire further information, please contact your support provider. To open a support request for this issue, access the IronPort C100 and issue the "supportrequest" command. The command sends an email with diagnostic information directly to your IronPort support provider to facilitate a rapid diagnosis of the problem. Thank you. ***トンネルの停止 [#qae8d90d] 1,techsupportコマンド実行 ironport.soliton.co.jp> techsupport Service Access currently ENABLED (0 current service logins). There is currently a secure tunnel between your machine and IronPort Customer Support. Serial Number: ***********-******* 2,disableコマンドを実行します。 Choose the operation you want to perform: - DISABLE - Prevent IronPort customer service representatives from remotely accessing your system. - STATUS - Display the current techsupport status. []> disable 3,確認メッセージに[y]を入力 Are you sure you want to disable service access? [N]> y 4,下記メッセージが表示されれば切断完了。 Service access has been disabled. ironport.soliton.co.jp>