About SteelHead Central Controller : About connecting to managed appliances through a firewall
  
About connecting to managed appliances through a firewall
The SCC allows you to set up an SSL authentication port for SteelHeads when it is behind a firewall that restricts access to ports 443 and 80. This ensures SteelHeads can still communicate with the SCC. You configure the SSL authentication port through the SCC command-line interface (CLI).
For example, as shown in the following diagram, a SteelHead (SH-1) can connect directly to the SCC on port 443 without a firewall. Another SteelHead (SH-2) connects through a firewall that blocks ports 443 and 80. In this case, you can configure the SCC to use an alternative SSL authentication port (such as 7443) for SH-2 communication.
SCC with custom authorized port 7443
You can configure one additional authentication port in addition to the existing port 443.
The SSL authentication port feature is only available via the CLI; it isn’t available in the SCC Management Console.
For detailed information about connecting and using the Riverbed CLI, see the Riverbed Command-Line Interface Reference Manual.
Troubleshooting the connection
On the SCC:
The port number should have an appropriate entry when you run the netstat command. On the SCC, via the shell, at the system prompt enter:
netstat -an |grep <port-number>
The port number should be listed in the Apache /etc/httpd/http.conf file:
Listen <port-number>
If the port number doesn’t appear, restart the HTTP service on the SCC:
pm process httpd restart
On the managed appliances:
Enter the show ocd connections command. It should list the port number as Auth Port and Status “Connected.”
To ensure registration is successful, enter these commands:
amnesiac # show scc
amnesiac # show cmc
Connecting to the SCC Management Console
To connect to the Management Console, you must know the host, domain, and administrator password that you assigned in the configuration wizard.
Cookies and JavaScript must be enabled in your web browser. Before you begin, clear your browser cache and cookies to ensure the user interface displays correctly.
1. Enter the URL for the SCC in the location box of your browser:
<protocol>://<host>.<domain>
<protocol> is http or https. The secure HTTPS uses the SSL protocol to ensure a secure environment. When you connect using HTTPS, you’re prompted to inspect and verify the SSL certificate. This is a self-signed certificate used to provide encrypted web connections to the SCC.
<host> is the IP address or hostname you assigned the SCC during initial configuration. If your DNS server maps the IP address to a name, you can specify the DNS name.
<domain> is the full domain name for the SCC.
The SCC Sign In page appears.
2. In the text box, specify the user login: admin, monitor, a login from a RADIUS or a TACACS+ database, or a previously configured role-based management (RBM) account.
The default login is admin. Users with administrator privileges can configure and administer the SCC. Users with monitor privileges can view SCC reports but they can’t configure the system.
3. In the Password text box, specify the password you assigned in the configuration wizard of the SCC.
The SCC is shipped with password as the default password.
4. Click Log In to log in to display the dashboard.