Out of band management?

[saint]

I have a temperamental firewall I can't replace right now due to budget. Occasionally locks up. I need a remote access device that can:

1. Allow me to connect via modem or network
2. Access the firewall through a serial console
3. Power off/on the firewall

Any suggestions?

[ChadTower]

Need more info like capacity scale etc.  How many subnets?  Are we talking your house or your job?

[ChadTower]

Not if he has to manage it while he's not at his house.

[saint]

Single device, single subnet, located at work. Want to be able to power cycle it from home if needed. Firewall appliance has a serial console port as well as normal keyboard/video/mouse.

If the firewall appliance locks up, its KVM and ethernet connections are no good. Its serial port may still be viable depending on how badly it's locked up.

So - I can still VPN into my network if that firewall is locked up. That means if I had a device plugged into the firewall's serial port and power, I could first try to safely reboot the firewall via the console login. If that's hosed, I'll have to remotely power off/on.

So the device I want to hook up needs to have network connectivity for when I can VPN in to the network, and dial up connectivity in case I can't VPN in for some reason.

[ChadTower]

Hrm.  It's the power cycling that complicates it... maybe you could put that appliance on a UPS that allows you to remotely power cycle?  Then you could just put a standard PC there for "remote" management.

[MonMotha]

This is going to sound crazy, but an external modem (remember those?) in auto-answer mode will probably accomplish this.  The only issue is the "hard reboot" option.  A small timer circuit and relay would potentially let you use the "BREAK" signal to accomplish this (dial up, notice "it's dead, Jim", then send BREAK to cycle the relay or the PC's reset line).  I'm sure someone makes a little box to do something like this, but it also shouldn't be terribly difficult to build.

Any reason you need the VPN option?  Ma Bell's system rarely breaks, and when it does, the data services usually go with it, even if Ma Bell isn't your ISP.  Another PC with a serial cable hooked between the two PCs could accomplish this in a simple, albeit bulky manner.  You'd think it would be expensive, but a trash PC is cheaper than these little OOB management devices often are.  Said "companion" PC could also participate in the hard reboot procedure using e.g. the parallel port to toggle the reset line of the firewall.  If you have this PC, you could also just dump the modem in it for dial-up access.

If the appliance is "hackable" (runs a modifiable OS install), you might also look into a watchdog solution.  If it locks up, this will power cycle it.  Such a solution could also consist of an external PC to monitor status (e.g. ping something) and reboot the firewall if that fails.  I've even seen people rig up CD trays to hit power buttons for this purpose!

[gryhnd]

Try googling for "remote ip power switch" and related. You'll get stuff like this.

[ChadTower]

Those are pretty cool.   

[koz319]

http://wti.com/console-power-combo.html

They do what you want, but seem a little on the pricey side.

Good luck!

Koz

[Xiaou2]

 I had a Goonies moment  hehe.  Though, its probably not really a viable idea..
its kinda funny

1)  Build/Find a junker pc.
2)  Have it connected without going thru the firewall.  (Possible?)
3)  Remote access it.
4)  Tell the PC to eject the CD tray.
5)  The CD tray will push a switch, which is wired to the firewall reset button.
6)  The CD tray is limited in travel by a custom bracket...so will close upon hitting it.


 Edit: Ooops,  read the replies, and the idea was posted already  !   lol    

[Ed_McCarron]

And here I thought you were retiring from being a roadie.

[Aceldamor]

Not sure about the all in one thing, but you can get a Cisco ASA fairly inexpensively. This will cover the firewall/VPN/Remote admin piece, though you will have to speak the language : )