SAN certificate for external access for edge server and reverse proxy

Similar Messages

• Port forwarding for external access to VNC server on multiple machines

  I will have 10 PCs connected to the WRT54GL wireless AP. I am testing with 1. It has a static addresses 10.155.22.51. It is running a VNC server at port 5951.
  If I  set my VNC client up to access 10.155.22.51:5951 it works through the WRT54GL wireless AP.
  I set the WRT54GL port forwarding to 5951 - 5951, set the IP address to 10.155.22.51 and enable. The external address of the AP is 10.155.0.29 on the company LAN.
   So I set the VNC client to access the AP address with the VNC port, i.e. 10.155.0.29:5951. I expect the AP to change the address to 10.155.22.51:5951. This does not work.
  Note: the problem could be that the AP is going through NATting because I can also access it at 10.155.22.9 along with all the other PCs on that LAN, i.e. I can access the LAN directly from elsewhere on the company net.

  You can try changing the IP of the AP manually ... connect it to the Computer  ..... access the setup page using http://192.168.1.245  .... use password as admin ....
  Configure the IP settings first ...
  Again login with new IP address .... configure wireless settings .....
  Power down the AP & then the router ....
  Wait for few minutes .... then power on the router ...first then the AP ...

• Distributed Authentication Service Server or Reverse Proxy

  My environment have two layers firewall in place. The DMZ is sitting on the first-tier firewall as general web sites while I plan to put Access Manager server on the second-tier firewall. As we know that, AM have to send SSO token back to the browser after authenticated. In this configuration, based on security policy we don't allow direct connection between the browser and AM. That's why we put DSSS or Reverse proxy on the DMZ zone and act as the gateway for internal & exteranl traffic.
  Can anyone post the comparison, pros and cons between DSSS and Reverse Proxy? Which one is better in term of features and easy-to-implement?
  Finally, Is there any other alternatives if don't want to use both DSSS and Reverse proxy? I ask this question because AM will be single point of failure of the whole system. If AM have been attacted from whether direct or indirect, all services will be unaccessable.
  Best Regards,
  mthekid

  Bernhard,
  Thanks for your response. Because my major concern is security so I want to prevent denial of service on Access Manager. It look like writing my own dist-auth equal mechanism will help. However, I have 3 different platforms in single sign-on environment. Does this mean I have to create 3 dist-auth-like ones ?
  Do you think if they are worth to do (I hope I can find documentation and guideline at http://docs.sun.com) ? Please tell me frankly. I am semi-technical and presales. If they are too complex and time consuming, I may decide to with dist-auth.

• Configure security realm for external Access Manager in App server 8.1

  Hi All,
  I would like to protect my j2ee application using access manager running on an external host.
  I would like to configure the security realm in Sun app Server 8.1 for the external Access Manager
  external host & port of AM is:
  http://svrd234d.dnn.com.au:58765
  Please verify if these are the correct settings for the agentRealm configuration on Sun App server 8.1.
  classname="com.sun.amagent.as.realm.AgentRealm"
  property name="jaas-context" value="agentRealm"
  property name="base-dn" value="ou=People,dc=dnn,dc=com,dc=au"
  property name="hostURL " value="http://svrd234d.dnn.com.au:58765"

  Did you download AS8.1 agent under http://www.sun.com/download/products.xml?id=4266924d?
  If you can unjar am_as81_agent_2_1.jar after installing the J2EE agent, you will find AgentRealm.class under com.sun.amagent.as.realm.
  Please also note that page 161 of J2EE agent guide shows how to disable AgentRealm to better fit your agent policy mode. Check it out http://docs-pdf.sun.com/816-6884-10/816-6884-10.pdf
  Jerry

• Use Same URL for Internal and External Access for CRM 2015 IFD

  I have setup a CRM2015 server for IFD access.
  ADFS and CRM are on separate servers.
  CRM server all roles
  ADFS 2.0 server.
  Using the internal URL I am able to access CRM without entering my details (as expected)
  Using the external URL I am authenticated by ADFS as expected and can sign in.
  We have an internal domain domain.local
  We have an external domain domain.com (the certificate is for *.domain.com)
  We have a DNS zone created internally for domain.com.
  CRM URLs
  internal : internalcrm.domain.com
  External : externalcrm.domain.com
  I would like all users to use the same link regardless of them being internal or external, but I would like so that any user who is on the domain is automatically logged in without entering their username and
  password. What is the best way to do this?
  I have tried creating a cname record on the internal domain.com zone pointing externalcrm.domain.com to internalcrm.domain.com but that didn't work, I still get the ADFS sign in page.
  Thanks

  So fair warning, what you're asking for isn't really a supported deployment method of CRM.
  That said, you should be able to do some DNS trickery internal to your network that points your "crm.domain.com" to "crm.domain.local" and then hopefully CRM will treat the connection as if it came from an internal network.
  Otherwise, you're likely going to have to accept that everyone gets the ADFS login page internal and external to your network.
  The postings on this site are solely my own and do not represent or constitute Hitachi Solutions' positions, views, strategies or opinions.

• Exchange 2010 .Disable external access for Autodiscovery and RPC

  Hi Team,
  Once i publish my Owa page in exchange 2010 .Automatically i was able to access.
  https://domainname.com/autodicovery
  https://domainname.com/rpc
  https://domainname.com/owa/oma
  I need to block access from external world to these websites.Pls help

  Hi,
  Before we go further, I'd like to confirm if you want to block external Outlook access. If yes, we can disable Outlook Anywhere since external Outlook access use Outlook Anywhere to connect to server.
  Additionally, there are three methods for external Outlook users to connect to Autodiscover service. If we don't add public A record and SRV record, Autodiscover cannot work.
  And we can separate web sites for internal access and external access and don't add Autodiscover and RPC virtual directories in the external access web site. and here is an article about OWA virtual directory, and you can refer to the article for Autodiscover
  and RPC:
  http://blogs.technet.com/b/messaging_with_communications/archive/2011/05/02/how-to-block-owa-for-external-users.aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• ADFS setup for external access

  Hi all, I would like to setup ADFS for the following scenario below:
  Internal intranet:
  URL: https://intranet.acme.com
  domain: ACME
  ACME domain users: Acme\johndoe
  External Vendor:
  domain: ABC
  ABC domain users: ABC\lucysmith
  Goals: allow external vendor users ABC domain access internal intranet
  https://intranet.acme.com via SharePoint-ADFS
  Questions:
  1. Do I need to setup ADFS on both ACME & ABC domain or just one side? If it is one side, then which one - ACME or ABC?
  2. When I setup SharePoint web application for
  https://intranet.acme.com, will this URL will be served for both internal and external users or do I have to extend it as different URL for external users?
           a. If
  https://intranet.acme.com served for both internal and external vendor users, will internal user get normal NT prompt for authentication or it will redirect to ADFS login page just like external user?
           b. If we need to extend web application for external vendor user, let's say
  https://abcexternal.acme.com, will we only need to config adfs for this extended web application so external vendor user will get adfs redirect login where internal user got NT prompt for authentication?
  Thanks

  Hello
  1) you would  need to setup ADFS on ABC and configure SharePoint to consume their ADFS token
  2) I would recommend enabling a default zone for NTLM and extend that to use for your ADFS users (intranet)
  MCITP-EA | "Never test how deep the water is with both feet"

• Creating alias for Web access to SQL Server Reporting Services

  Hello colleagues.
  I have MS SQL Server 2012 with SQL Server Reporting Services in domain "domain.local". In the local network at the entrance via Web browser to "mdr.domain.local/Reports" get into Reports of SQL Server Reporting Services and it's work fine.
  Necessary that the SQL Server Reporting Services could include via Web browser from alias "reports2.domain.local/Reports". To do this:
  1) I created a new A record "reports2" in the DNS leading to IP mdr.domain.local
  2) in Reporting Services Configuration Manager on a tab "Web Service URL" in "Report Server Web Service URLs" I add new record "http://reports2:80/ReportServer" (host Header Name: reports2)
  BUT "reports2.domain.local/Reports" is not work. When entering to "reports2.domain.local/Reports" I see page "An error in the security certificate for this Web Site..." and when I click "Continue to ...", then "Unable
  to find a web page."
  What and where I must add/change for work of alias "reports2.domain.local/Reports" by analogy with "mdr.domain.local/Reports"?
  I hope for your help.
  Thanks.

  WooW it's work!!! Thank you
  JJordheim  you are the best!
  With my PKI I create new certificate for "reports2.domain.local" and Import it to MDR server (in Personal). I create new network adapter and configure Reporting Services Configuration on "Report manager URL" tab (for SSL):
  mdr.domain.local - certificate "mdr.domain.local" - network adapter №1
  reports2.domain.local - certificate "reports2.sygroup.local" - network adapter №2
  And all work fine.
  If I configure all to 1 network adapter it's doesn't work.
  Thanks for help!

• Restrict OWA for external access by ADFS 3.0 after business hours

  Hello Everyone all right?
  I'm trying to block access to OWA for external users except for a group of AD users that will be allowed
  I used the article https://technet.microsoft.com/en-us/library/hh526961%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396 in scenario 4, but instead of allowing the User groups it locks and the other groups are allowed.
  I have in hybrid environment office 365 with Exchange 2007 + Exchange 2103 and installed ADFS 3.0 in the organization of my customer.
  Can anyone help?
  Regards,
  Leonardo Fogaça de Almeida

  another part
  I have Office 365 too.
  Regards,
  Leonardo Almeida

• Setting Up Time Capsule for External Access

  Hello all,
  I am trying to set up my Time Capsule to be accessed without local Wi-Fi. I can use Back to My Mac to access the Time Capsule from my iMac, but not from my iPhone as Back to My Mac isn't intergrated into iOS. I use File Browser on my iPhone to access my TC from LAN, and it seems likely the TC can also be accessed through 4G using File Browser, too.
  My first question is, can the Time Capsule be accessed through the internet (by port forwarding or something)?
  Second question if the first is possible, how do I do so? (step by step instructions please)
  I have the latest model of Time Capsule and AirPort Utility.
  Thanks!
       - Noah

  Filebrowser can be used to remotely access the TC.
  There are instructions in the filebrowser website.. have you tried those?
  http://www.stratospherix.com/support/gsw_timecapsule.php?page=6remote
  The one area where I think you might have issues is global domain name.. as that has been problematic.
  You really need a static public IP from your ISP for this to be successful.
  See Tesserax doco on remote access especially the global domain instructions.
  https://discussions.apple.com/docs/DOC-3413
  There is a hugely better method BTW..
  Buy a vpn router and substitute that for the Time Capsule.. which can then be bridged behind the router.
  VPN client is built into iOS and every mainline OS available. It is robust and has far superior security.
  Note carefully the method you are going to use with iphone is opening your TC to attack. They have hidden the SMB port, but in reality.. any hacker will one day do a port scan on you and find it open.. no matter what port it is translated to.. at that point your password will be the only thing stopping access to outsider.. and they can often get around that.. or mount Man in the Middle type attack, since passwords in SMB are not secure.
  Not that I think a hacker is going to waste their time doing it.. but it is just so you know.. it is fundamentally wrong. 

• How to create a networkdrive for external access?

  i am using an iMac with a time capsule. There is an internet access availbale. the iMac and time capsule are connected via WLAN.
  now I would like to create a network drive which can be accessed from the internet either by my laptop or iPad and iPhone.
  what do i have to do to create this access?
  Please peovide some inside.
  Thank you

  i am using an iMac with a time capsule. There is an internet access availbale. the iMac and time capsule are connected via WLAN.
  now I would like to create a network drive which can be accessed from the internet either by my laptop or iPad and iPhone.
  what do i have to do to create this access?
  Please peovide some inside.
  Thank you

• No external access. Lion Server 10.7

  Hi All,
  I have Lion Server 10.7 running on a quad core mac server. Everything is working internally and I can access all the services etc. I have purchased a ssl certificate for the server. With all the correct port forwards in place (using a pfsense router) I can not get any external access to work no matter what I do. I have other servers behind this router and they all work. It seems to be just a OSX thing. Any ideas or has this been seen before. I tried to search for it but couldn't find anything similar.
  Cheers
  Ryan

  Now I feel like a reall idiot! I was looking through the httpd.conf and trying all the complicated solutions... I figured as I had never run into this before it couldn't be. But the more I thought about it the more i realised I haven't actually run a web server here, plenty of others but not http.. Thanks so much!!
  All working now

• Error in registering a provider for External Application for Web Clipping

  Getting Error: The provider URL specified may be wrong or the provider is not running. (WWC-43176)
  when trying to register a provider for an external application for Web Clipping

  Hi Vineet,
  The admins applied a patch to my version of the OracleAS 10g Version 9.0.4. and now I able to register a provider with the same URL but different Provider Name. I added My Yahoo Web Clipping from the Portlet Staging Area. That works fine but when I click on the check mail link in the Web Clipping Studio it gives me the following error. I have tried several times and I get the same error....
  An exception has occured : WCS-514 -- Get status code 403 to URL http://us.rd.yahoo.com/my/prop/mail/*http://mail.yahoo.com/ by method get
  Please click "Cancel" or "Back" in the above panel (if present) to retry. Otherwise, please try to click "Back" (from the browser) to go back to the Oracle Portal page to restart.

• Need advice for external display for my retina Macbook Pro.

  I got my 15-inch retina Macbook Pro (Mid 2014) two months ago. It’s a fantastic machine but I am having some regrets concerning screen size. I want to be able to enjoy movies on my computer but 15-inch is just too small. So I am considering purchasing an external display for my Macbook Pro. I am thinking about a 25’’+ monitor (or TV) which can offer me closest experience to the retina one on my Macbook. I don’t want 4K monitors though, as most of the contents I consume are full HD 1080P. But I do care about PPI a lot (for browsing).
  What kind of display can help me obtain this similar experience I get on my Mac? Any recommendations? Thanks.

  I have the 15" MacBook Pro, Retina, Mid 2012 also, same exact model.  Kind of the same thing is happening with me.  I will intermitentyl get a flickering on the bottom 1/3 of the screen, all the way across.  It flickers/flashes on and off on the bottom half or third of the screen, when I am typing or when I am perfectly stil, doen't really matterl.  Only happens for a split second, but can do it multiple times, or sometimes not at all.  I can go tens of minutes without i hapenning, but I can also go tens of seconds with it happening multiple times.
  It never goes black or grey or "out" at all, just randomly flickers throughout the day.
  I do get burned-in images all the time, but they disappear within seconds.  But this flickering is definitely worrysome.  I did get the the Apple Care, so I am not too worried as Apple is usually good about this kind of thing, but I do have a similar problem to you and wanted to document this.  I didnt find many other people oiut there with this problem, so let me know what has gone on since your post on the New Year.  Any solution?  Did you call Apple?
  Thanks webrian.
  2012 Retina MacBook Pro
  15"
  500GB Flash Drive, 16GB memory
  2.6 Ghz Intel Core i7

• Number range for external id for inbound delivery in SAP MM

  Hi All,
  I have an issue wherein user is not able to see the inbound delivery if external id is exceeding 10 digits..
  Example :- supplier has maintained  EXTid- 1237464123-1.  For this we cant see inbound delivery.
                    but in SAP when we enter 1237464123 we can see the inbound delivery.
  can anyone tell me how to resolve this issue... ? it is getting CRITICAL
  Thanks ,
  forum shah

  Hi,
  Thnx for the info.. but the issue here is that the IDOC is not created bcz GR  is done manually ie thru' VL32N.
  So i dont understand if the system allows the usage of special character for external id.
  When i tried to create the External id using special char in TEST system , i could create it. I dont know abt production...
  wht is the next step to be taken...
  Thanks,
  Forum Shah