Configuring SunScreen Firewall on Solaris 8

Hi,
I'm trying to configure SunScreen Firewall on Solaris 8 and i would like to know what is 'tcp/ip high ports" ? And i have to configure NAT also on the same machine so that few of the machines behind firewall can
communicate to the Server host infront of firewall. And currently i've the configuration like this.
-- Firewall is configured with single policy
--And the Rules are added correctly for NAT.
And after the policy is verified successfully, the communication is across the Firewall. But after this
following rules are added to configure tcp/ip high ports.(not sure about the service).
-- The rules are configured like this.
edit> add rule common localhost * ALLOW COMMENT "Allow firewall access out"
edit> add rule tcp-high-ports hme0.net * ALLOW
edit> add rule udp-high-ports hme0.net * ALLOW
Now i'm unable to communicate to the server infront of Firewall after policy is activated successfully.
I would appreciate if someone can help me on this.
Thanks,
Mullapudi

HI,
i don't know sunscreen, but i can tell you that high-ports are ports above 1023.
J

Similar Messages

  • Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

    Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

    4195bee8-4db0-4799-a674-18f89aa500cb wrote:
    i dont have access to My Oracle Support can u send text or html of document please?
    Moderator Action:
    No they cannot send you a document that is available only to those with access to MOS.
    That would violate the conditions of having such service contract credentials.
    Asking someone to violate such privileges is a serious offense and could get that other person's organization banned from all support and all their support contracts cancelled.
    Your post is locked.
    Your duplicate post that you placed into the Audit Vault forum space has been removed (it had no responses).
    This thread which you had placed in the Solaris 10 forum space is moved to the Audit Vault forum space.
    That's the proper location for Audit Vault questions.

  • 4402 anchor in DMZ, how to configure the Firewall

    Hello,
    I am not sure if there is a document or thread on this topic aleady though I have been looking.
    We have a 5508 foreign controller
    We have a 4402 anchor controller
    We have a DMZ layer 2 only switch
    We have a ASA5520 firewall
    I have configured both WLC controllers for guest wireless to the DMZ. They see each other in the mobility group.
    I have added vlan800 (arbitrary vlan we chose) in the DMZ switch. Currently is does not have any ip address on it and we would prefer if it stays that way.
    We want the anchor to also provide the dhcp scope for all guest wireless which is why we created vlan800 on the DMZ switch as well as in the Anchor controller.
    The Anchor controller vlan800 has an ip address 172.18.1.2/24.
    The guest wireless network is 172.18.1.x/24 (again, provided by the anchor controller).
    My firewall has a DMZ address of 172.16.67.1/24
    Ok here is where I get more fuzzy, How do i configure my firewall to accept traffic from the new ip scope i created?
    The firewall does not have anymore free physical ports so I think I have to somehow make the existing physical DMZ interface a trunk or give it a secondary ip address of 172.18.1.1/24 to become the gateway for the guest wireless traffic. (besides setting up the allow/deny rules for internet access in the firewall).
    I have not been able to find a document that goes into the DMZ requirements for wireless so far.
    Thanks!

    Hi Dennis,
    Yes I have gotten the two controllers talking to one another and able to do both ping test eping and the other one (i forget the name).
    I do believe I have a working understanding of the anchor to foreign controller configuration.
    My question is specific in as much as it relates to the DMZ switch and firewall.
    The configuration of the DMZ switch and firewall is the documentation I am unable to locate with examples of this configuration.
    I cannot seem to get to any link that has the word "partner" in it even though I log into my cisco account.
    If there is a different link I would be happy to check it out.
    As for your question about trunking the port, can you clarify which device your speaking of?
    I have the DMZ switch port trunked that connects to the Anchor controller.
    Thanks

  • How to configure network on Oracle Solaris 10

    Hi All,
    I have created a new virtual machine on Windows Server 2003 and installed Oracle Solaris 10 on VMWare. Now I need to configure network on my Solaris virtual machine, So that i can access Solaris machine outside the VMWare. Can somebody help me out?
    Regards,
    S.Rizi

    Hi,
    I have created a new virtual machine on Windows Server 2003 and installed Oracle Solaris 10 on VMWare. Now I need to configure network on my Solaris virtual machine, So that i can access Solaris machine outside the VMWare. Can somebody help me out?Refer below thread.
    Hope helps :)
    http://www.linuxquestions.org/questions/solaris-opensolaris-20/configure-solaris-network-on-vmware-847849/
    thanks,
    X A H E E R

  • How to turnoff firewall on solaris 10?

    hey everybody,
    do you know how to turn off the firewall on solaris 10 ?, because i installed 3 rd party program, and need to disable the firewall...
    thank you so much, for your help

    Hi,
    Can you please let me know how to disable firewall on Solaris 9.
    Does this command [*svcadm disable ipfilter*] disable firewall even on Solaris 9?
    Please let me know.
    TIA.
    Regards,
    Prashanth.

  • How to Enable Firewall in Solaris 10 SPARC

    How to Enable Firewall in Solaris 10 SPARC

    What exactly are you looking for? By default Solaris is a secure operating system, but can be tuned to be more or less secure. The link above on IP Filtering is one way to make a system more secure, and is can be used to set up a firewall.
    -- Alan

  • About Inbuilt Firewall in SOlaris 10

    Hi
    As I want to know that is there any firewall available inbuilt with Solaris 10 like IPTABLES in Linux.
    Also as I have heared about Sun Screen Firewall was available upto Sun Solaris 8. Why it was stopped after Solaris 9 & 10.
    Can you give me more details on same.
    Thanks
    Rajan

    The built-in firewall in solaris is called ipfilter.
    It is much like iptables with a slightly different syntax but it is just as easy to use.
    To start using it all you need to do is edit two files and give two commands (with fingers crossed).
    You can find extensive instructions elsewhere but here is a quick overview.
    Edit /etc/ipf/pfil.ap and de-comment the appropriate device name (use ifconfig -a to figure out what it is).
    Edit /etc/ipf/ipf.conf to your liking. Check online documentation for the syntax. Becareful since it reads from top to bottom and other things that iptables does differently.
    Here is a quick example of one of my machines*(careful this is an output from 'ipfstat -io' and not what you would necessarily want.
    #this machine talking with others
    pass out quick on bge0 proto tcp from xxx.xxx.xxx.xxx/32 to any keep state
    pass out quick on bge0 proto udp from xxx.xxx.xxx.xxx/32 to any keep state
    pass out quick on bge0 proto icmp from xxx.xxx.xxx.xxx/32 to any keep state
    #open up trusted local networks
    pass in quick on bge0 from xxx.xxx.xxx.0/24 to any
    #outside world
    pass in quick on bge0 proto tcp from any to any port = ssh
    pass in quick on bge0 proto tcp from any to any port = 80
    block in on bge0 all
    Those last two passins are wide open but I use sshblack to monitor those ports. You can easily modify that for ipfilter from iptables.
    http://www.pettingers.org/code/sshblack.html
    After you are all set do
    svcadm enable pfil
    svcadm enable ipfilter
    There are a pile of things that may cause either pfil or ipfilter to fail (svcs -vx to check) but you can google the answers or search these forums for how to fix them.

  • How to configure tape to sun solaris server?

    Hi
    We have a tape "Quantum Super DLT 600 tape drive" connected to Sun solaris 9 and working properly.
    Now we want to connect and configure it to Sun solaris 10 server. I want to know how we can do it?
    I checked in st.conf file , "#tape-config-list=" is commented in both solaris 9 while in solaris 10 it is not there.
    I think i will just have to connect the tape to new srver(solaris 10) and do a reconfiguration boot. Right??
    Also, what do i need to do for connecting the tape back to solaris 9 server.
    Thanks

    You really don't need to reboot the server. Connect the tape to the server and type devfsadm -Cv. Then type dmesg and check whether Solaris detect the tape or not.
    if not do a reboot and see.
    after doing one of above, insert a tape to the tape drive and type "mt stat" and see you got any output about a tape.
    Refer Solaris 9 and Solaris 10 System Administration Guides.
    Edited by: Thusith.M on Jul 31, 2009 9:24 AM

  • How to configure Proxy server on Solaris 10 - SPARC

    Hi All
    Please guide on how to configure Proxy server on Solaris 10 - SPARC ?
    What tool should be used?

    Proxy configurations are most often done within the application software that needs that function and not necessarily done in the OS.   That permits you to make very specific settings and not just generic global settings that could conflict with other software.
    Can you tell us what research you have done on the topic? 
    For example, have you glanced through a Google search on "solaris web proxy" ?
    If you are hoping to use a specific web server application your forum post might be better placed in a forum space for that software instead of in a general OS forum space.   What application software will you be using?

  • Configure 5515x firewall in below scenario

    Dear all,
    I need to configure 5515x firewall in existing network
    in existing network two workstations are connected with different vlans in 3750G switch with respective SVIs hence both vlans are communicated with each other.
    now we are planing to keep firewall in between switch and 2-workstations. 
    Note: two workstations are used as fail over for other workstations which are in different vlan.
    for better understand find network architecture.....
    Thanks in advance

    Hi,
    Firewall is required between VLAN20 and 30, correct?
    If yes then there are two ways to add firewall.
    1. Add ASA in transparent mode between 20 and 30 VLAN
    2. Configure these 2 VLAN SVI on firewall.
    Let me know if any quetsions.
    Regards
    Daljeet Singh

  • Configure sendmail client  on solaris 9

    Hi,
    I am facing problem in configuring sendmail client on solaris 9 .I was able to receive mail if I send mail to any indiviual email id but I was unable to send mail to alias group even after run new aliases .
    Regards
    Kumar

    Please post the error message and the sendmail logging so we can see what goes wrong.

  • Blizzard download tells me I have to configure my firewall or the download will not complete. How do I do this?

    I have finished downloading the initial game. When I go into the game from my desktop, I am directed to the WOW Patch Notes, which attempts to download. At download attempt, I received the message that I have to configure my firewall in order for the download to complete.

    Clear the cache and the cookies from sites that cause problems.
    "Clear the Cache":
    * Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
    "Remove Cookies" from sites causing problems:
    * Tools > Options > Privacy > Cookies: "Show Cookies"

  • HT200259 Configuring adaptive firewall for VNC and RDP connections

    Hello, I'm using Yosemite with OSX Server.  Is there a way of configuring adaptive firewall for VNC and RDP connections?

    Apple has never documented what the adaptive firewall really does, as far as I know. It seems that the built-in network services send it some kind of notification whenever there is a connection attempt. The Screen Sharing service is one of those, so it should be protected. There is no built-in RDP service, so if you somehow added one, it would not be protected.

  • Getting SunScreen work in Solaris 9

    Hi all,
    I installed Sunscreen in Solaris 9 from the CD, path
    /cdrom/sol_9_1202_sparc_2/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc
    Now i am trying:
    root# ssadm edit policyname
    could not acquire read lock.
    From sun docs:
    """""" could not acquire read lock
    Return code: 242
    Indicates that the configuration editor could not acquire a read lock.
    Likely the lock file is corrupt or some process is hanging.
    ss_lock -c policy is likely to be needed. """"""
    Then i try root# ss_lock -c
    ss_lock: Command not found.
    root# locate ss_lock
    Nothing comes.
    Does anyone have an idea how can i configure it?
    Thanks in advance ...
    Bellow the interesting outputs from command locate sunscreen:
    /dev/screen
    /dev/screen_ipsec
    /dev/screen_skip
    /devices/pseudo/clone@0:screen
    /devices/pseudo/clone@0:screen_ipsec
    /devices/pseudo/clone@0:screen_skip
    /etc/init.d/plumbsunscreen
    /etc/init.d/plumbsunscreen2
    /etc/init.d/sunscreen
    /etc/init.d/sunscreenft
    /etc/init.d/sunscreentr.sh
    /etc/rc?.d/ (startup scripts here)
    /etc/sunscreen
    /etc/sunscreen/configs
    /etc/sunscreen/configs/template.policy
    /etc/sunscreen/configs/template.registry
    /etc/sunscreen/httpd (and subfiles)
    /etc/sunscreen/ike/crls
    /etc/sunscreen/ike/publickeys
    /etc/sunscreen/ipsec.algorithms
    /etc/sunscreen/location
    /etc/sunscreen/name
    /etc/sunscreen/proxies
    /etc/sunscreen/secret
    /etc/sunscreen/secret/ike.privatekeys
    /etc/sunscreen/tmpcerts
    /etc/sunscreen/version.txt
    /usr/lib/sunscreen (and subdirs)
    /usr/lib/sunscreen/etc
    /usr/lib/sunscreen/lib
    /usr/lib/sunscreen/ssadm
    /usr/lib/sunscreen/ssadm/activate
    /usr/lib/sunscreen/ssadm/active
    /usr/lib/sunscreen/ssadm/algorithm
    /usr/lib/sunscreen/ssadm/backup
    /usr/lib/sunscreen/ssadm/certdb
    /usr/lib/sunscreen/ssadm/certlocal
    /usr/lib/sunscreen/ssadm/certrldb
    /usr/lib/sunscreen/ssadm/cmg
    /usr/lib/sunscreen/ssadm/configure
    /usr/lib/sunscreen/ssadm/configure_ts
    /usr/lib/sunscreen/ssadm/debug_level
    /usr/lib/sunscreen/ssadm/domain
    /usr/lib/sunscreen/ssadm/edit
    /usr/lib/sunscreen/ssadm/filter
    /usr/lib/sunscreen/ssadm/ha
    /usr/lib/sunscreen/ssadm/lock
    /usr/lib/sunscreen/ssadm/log
    /usr/lib/sunscreen/ssadm/logdump
    /usr/lib/sunscreen/ssadm/logmacro
    /usr/lib/sunscreen/ssadm/logstats
    /usr/lib/sunscreen/ssadm/patch
    /usr/lib/sunscreen/ssadm/policy
    /usr/lib/sunscreen/ssadm/product
    /usr/lib/sunscreen/ssadm/restore
    /usr/lib/sunscreen/ssadm/skip
    /usr/lib/sunscreen/ssadm/spf2efs
    /usr/lib/sunscreen/ssadm/sys_info
    /usr/lib/sunscreen/ssadm/traffic_stats
    /usr/lib/sunscreen/ssadm/welfmt
    /usr/lib/sunscreen/support/ (and subdirs)

    Hi all,
    I installed Sunscreen in Solaris 9 from the CD, path
    /cdrom/sol_9_1202_sparc_2/Solaris_9/ExtraValue/CoBundled/SunScreen_3.2/sparc
    Now i am trying:
    root# ssadm edit policyname
    could not acquire read lock.
    From sun docs:
    """""" could not acquire read lock
    Return code: 242
    Indicates that the configuration editor could not acquire a read lock.
    Likely the lock file is corrupt or some process is hanging.
    ss_lock -c policy is likely to be needed. """"""
    Then i try root# ss_lock -c
    ss_lock: Command not found.
    root# locate ss_lock
    Nothing comes.
    Does anyone have an idea how can i configure it?
    Thanks in advance ...
    Bellow the interesting outputs from command locate sunscreen:
    /dev/screen
    /dev/screen_ipsec
    /dev/screen_skip
    /devices/pseudo/clone@0:screen
    /devices/pseudo/clone@0:screen_ipsec
    /devices/pseudo/clone@0:screen_skip
    /etc/init.d/plumbsunscreen
    /etc/init.d/plumbsunscreen2
    /etc/init.d/sunscreen
    /etc/init.d/sunscreenft
    /etc/init.d/sunscreentr.sh
    /etc/rc?.d/ (startup scripts here)
    /etc/sunscreen
    /etc/sunscreen/configs
    /etc/sunscreen/configs/template.policy
    /etc/sunscreen/configs/template.registry
    /etc/sunscreen/httpd (and subfiles)
    /etc/sunscreen/ike/crls
    /etc/sunscreen/ike/publickeys
    /etc/sunscreen/ipsec.algorithms
    /etc/sunscreen/location
    /etc/sunscreen/name
    /etc/sunscreen/proxies
    /etc/sunscreen/secret
    /etc/sunscreen/secret/ike.privatekeys
    /etc/sunscreen/tmpcerts
    /etc/sunscreen/version.txt
    /usr/lib/sunscreen (and subdirs)
    /usr/lib/sunscreen/etc
    /usr/lib/sunscreen/lib
    /usr/lib/sunscreen/ssadm
    /usr/lib/sunscreen/ssadm/activate
    /usr/lib/sunscreen/ssadm/active
    /usr/lib/sunscreen/ssadm/algorithm
    /usr/lib/sunscreen/ssadm/backup
    /usr/lib/sunscreen/ssadm/certdb
    /usr/lib/sunscreen/ssadm/certlocal
    /usr/lib/sunscreen/ssadm/certrldb
    /usr/lib/sunscreen/ssadm/cmg
    /usr/lib/sunscreen/ssadm/configure
    /usr/lib/sunscreen/ssadm/configure_ts
    /usr/lib/sunscreen/ssadm/debug_level
    /usr/lib/sunscreen/ssadm/domain
    /usr/lib/sunscreen/ssadm/edit
    /usr/lib/sunscreen/ssadm/filter
    /usr/lib/sunscreen/ssadm/ha
    /usr/lib/sunscreen/ssadm/lock
    /usr/lib/sunscreen/ssadm/log
    /usr/lib/sunscreen/ssadm/logdump
    /usr/lib/sunscreen/ssadm/logmacro
    /usr/lib/sunscreen/ssadm/logstats
    /usr/lib/sunscreen/ssadm/patch
    /usr/lib/sunscreen/ssadm/policy
    /usr/lib/sunscreen/ssadm/product
    /usr/lib/sunscreen/ssadm/restore
    /usr/lib/sunscreen/ssadm/skip
    /usr/lib/sunscreen/ssadm/spf2efs
    /usr/lib/sunscreen/ssadm/sys_info
    /usr/lib/sunscreen/ssadm/traffic_stats
    /usr/lib/sunscreen/ssadm/welfmt
    /usr/lib/sunscreen/support/ (and subdirs)

  • Trouble configuring SunScreen 3.2

    "--Adding interfaces & interface addresses
    --Applying edits
    --Activating configuration
    _I_MUXID2FD::: Invalid argument
    33
    /usr/lib/sunscreen/lib/ss_activate: ss_default_drop failed, return code 33 -- Exiting...
    An error occurred while activating the configuration.
    The configuration has not been activated."
    I get it all the time. What's that MUXID2FD? All required packages seem to be installed.
    My specs for SunScreen configuration are:
    Routing/Local Administration/Permissive Security/DNS.
    2xNIC (3COM/Realtek 8139) Solaris 9 x86 machine is acting as DHCP/Samba PDC server and router between 10.0.0.1/255.0.0.0 and 192.168.0.1/255.255.255.0. Uses DNS relay (ISP DNS servers) as name service.

    I forgot to mention that this PC is acting as an Internet server on rtls0 (192.168.0.1/255.0.0.0), and it's elx0 (10.0.0.1/255.0.0.0) is used to connect to ISP via ADSL with PPPoEd SUN PPPd 4.0. So there's an additional interface sppp0.
    # ifconfig -a
    lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
    inet 127.0.0.1 netmask ff000000
    elx0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
    inet 10.0.0.1 netmask ff000000 broadcast 10.255.255.255
    ether 0:60:97:80:5b:ca
    rtls0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
    inet 192.168.0.1 netmask ffffff00 broadcast 192.168.0.255
    ether 0:30:84:a:81:ba
    sppp0: flags=10008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,IPv4> mtu 1492 index 4
    inet 213.219.89.165 --> 213.219.88.1 netmask ffffff00
    ether 0:0:0:0:0:0
    Killing pppd and unplumbing sppptun (pppoe/pppoed) from elx0 produces the following while #ssadm configure with the same settings as above:
    --Adding interfaces & interface addresses
    --Applying edits
    --Activating configuration
    status:: SIOCGLIFFLAGS: No such device or address
    33
    /usr/lib/sunscreen/lib/ss_activate: ss_default_drop failed, return code 33 -- Exiting...
    An error occurred while activating the configuration.
    The configuration has not been activated.
    I could only wonder what's a SIOCGLIFFLAGS and 33... :(

Maybe you are looking for

  • Alv-top-of-page

    Hi all, In my alv report,when Iam executing top of page is shown only once,but when Iam checking print preview it being dispalyed twice,when Iam comming back to normal view it is shown 4 times. why Iam getting this type of error.can any one tell me w

  • FBL3N - ALV Field Catlog

    I have modified the FBL3N standard Zprogram “RFITEMGL” to add some fields for display in the report. I have changed the input parameters for the Function Module ‘FI_ITEMS_DISPLAY’ in RFITEMGL like it_items = ‘My_table_item’ to display modified table

  • ICal crashes while opening

    I've read all the other posts about iCal crashing when opened and none of the fixes have worked for me. HelvelticaNeue.dfont is in the right place, moving the plist file had no effect, all of my software is up to date, iCal doesn't even open so I can

  • CS6 Wave Warp not working anymore

    The Phase dial on the Wave Warp effect doesn't seem to work anymore. I opened a CS5.5 file that uses the effect and now it's movement is jittery. When I tested it out on a completely new comp the phase dial has no effect. Am I the only person with th

  • ITunes 11.3 will not open

    My working iTunes 11.3 was running fine and all of a sudden stopped opening (without errors). The Dock icon would show that it is opened and I could even right click to play a recent song but not window or menu bar. I've uninstalled and reinstalled a