Discovery on private network without access to internet

shill · ‎05-21-2016

We are currently discovering our corporate network and we have an isolated network that is not allowed to connect to the internet that we would like to start discovering and possibly some orchestration.

Is it possible to install a mid server in the isolated network and have it talk to a corporate network mid server and then up to the instance?

I'm thinking I might be able to convince security to allow this via some firewall rules as other systems do communicate between the networks (very restrictively though).

If that is not possible, are there any other options?

doug_schulze · ‎05-21-2016

Steven,

Unfortunately not.. The only option you have is set up a proxy that allows the necessary access. I had one friend whose servers were locked down mission impossible style, we worked with their security to setup a network proxy with full traffic monitoring that allowed only this one midserver out to their instances IP from their source IP over only a single port during only a specific time..

It passed their muster, maybe it can work for your security team...

View solution in original post

doug_schulze · ‎05-21-2016

Steven,

Unfortunately not.. The only option you have is set up a proxy that allows the necessary access. I had one friend whose servers were locked down mission impossible style, we worked with their security to setup a network proxy with full traffic monitoring that allowed only this one midserver out to their instances IP from their source IP over only a single port during only a specific time..

It passed their muster, maybe it can work for your security team...

shill · ‎05-23-2016

Thanks Doug. I kind of figured that would be the case, but just needed confirmation.

bharath10 · ‎05-06-2018

Hello Doug,

I have one concern, which best way to get connectivity when you say ' allowed only this one midserver out to their instances IP from their source IP over only a single port during only a specific time..'

A. Can i request to allow traffic to snow instance IP address ? Or

B. Can i request to allow traffic to snow instance urls? is there any chance to change of (snow instance) ip address. just because if ip is changed for the instance and connectivity is lost. Is ip address assign to instances are fix ?

i am new to this, need expert comment !

Thanks

Bharat

doug_schulze · ‎05-07-2018

Yes you sure can.. here is a docs link that I outline the type of connections you can setup with your network team..

https://docs.servicenow.com/bundle/helsinki-servicenow-platform/page/product/mid-server/reference/r_MIDSvrExtConnectRequirements.html

If you use Ip, which you can find on HI after logon that 'could' change.. So URL is always the best option so you don't have to deal with re-configuring the IP address in the rare chance it would change.