How Do the Directives for Detection Servers Connecting Over VPN Work?

book

Article ID: 159952

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor

Issue/Introduction

 Information regarding the four directives in the model.properties file. 

Resolution

The model.properties file defines the connection between the Symantec DLP Network Monitor and Symantec DLP Enforce server. This file is located in the C:\Vontu\Protect\config directory. When connecting over a VPN, four directives in the model.properties file must be modified. These directives are: model.notification.host, model.notification.port, model.notification.bindaddr, and model.notification.serverobject.host.

model.notification.host: This property directive represents the IP address or host name of the computer that is running the VontuNotifier service.

model.notification.port: This property directive represents the port used by the VontuNotifier service to listen for client registration requests. For example, various monitor and Symantec DLP Enforce (TM) processes register themselves with the VontuNotifer service to receive notification of database events.

model.notification.bindaddr: This property directive represents the IP address of the network interface card to which database (DB) event listeners and the VontuNotifier service are bound (this card is used for network communication). This setting is relevant only on systems with multiple network interface cards. If this value is not specified, the VontuNotifier service will listen for client requests on all network interface cards and client requests will use any one of the interface cards to communicate with the VontuNotifier service. This can cause problems on monitor systems where not all network interface cards (NICs) are TCP/IP enabled and/or are not on the same network as the Symantec DLP Enforce server.

model.notification.serverobject.host: This property directive represents the IP address/host name that is reachable from the Symantec DLP Enforce server.

How the model.notification.serverobject.host property directive works: The database event notification uses the Java Remote Method Invocation (Java RMI) procedure call facility (over TCP/IP). Clients that want to be notified of DB events register a callback object with the VontuNotifier service. Any time a record is inserted, updated or deleted from the database, the VontuNotifier service signals each registered listener by executing a method/function on the client’s listener callback object.

By default, Java RMI specifies one of the “physical” IP addresses when negotiating a connection with a remote object. For example, when the client callback object registers with the VontuNotifier service, Java RMI tells the service to use one of the physical IP addresses to communicate with the client callback listener.

This default behavior does not work when the Symantec DLP Enforce server and monitors are connected through a VPN because the reachable IP addresses within that network are not the physical addresses.

To configure the model.notification.serverobject.host property on a monitor, set the property to the IP address/host name of the monitor that is reachable from the Symantec DLP Enforce server.