Hi Pekka, Pekka Savola wrote: > Are you saying some of the following: > > 1) ISMS specs should specify that the monitored hosts can/should > certainly keep open a TCP session so the network management (in both > ways) can happen over that session. (This seems pretty trivial..) > > 2) We should specify how network management hosts could reside behind a > firewalls which block the management ports (I don't think this is needed > or should be done). Depending on what you mean by "network management hosts" it could be (1) or (2) ;-) I'm saying if there is a device that wishes to to be managed through a firewall, allow it to open a connection on a specified port (just so that firewalls can block it). Remember, your laptop does this today with HTTP on port 80 or HTTPS on port 443 (worse because you can't even inspect). Eliot _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf