3-port firewall DMZ using single Expressway-E LAN interface

Hello Experts !
                     I have a query , if the firewall does not support nat reflection than how can i install expressway solution in 3 port firewall scenario . ?
Regards;
KV

Sorry if I wasn't clear. Please see the attached updated network diagram. I created a firewall rule that allows all traffic from any WAN1 source to my 71.123.123.11 destination. Thus if I'm sitting at Outside computer S, I can connect (via SSH) to DMZ computer C using the address (71.123.123.11). Likewise, if I'm sitting at LAN computer A, I can connect (via SSH) to DMZ computer C using the address (71.123.123.11). So far so good. I'd like to add a firewall rule that blocks all connections "from the outside" except for port 80. (Basically I want to lock down the DMZ computer C so that it only serves web pages to the outside.) Thus SSH connections from computer Outside computer S to DMZ computer C need to be blocked, but HTTP requests (port 80) from S to C need to still work. I can add this firewall rule to implement the block using the WAN IP 71.123.123.11, and that works fine. But doing that will also prevent LAN computer A from being able to SSH into DMZ computer C. That's my problem. I was thinking that if I could use a "local address" (e.g. 10.4.20.x) for DMZ computer C, then I could set up a different firewall rule for that and allow the SSH connection. Is this possible? Or is there a better way to do this?

Similar Messages

  • Sending EDI To Multiple Partners Using Single Send Port in Orchestration

    Hi Guys,
    I am having a scenario where i am receiving a Xml(which can be in between 11-15). I am having 150 Trading Partners with whom these datsets have to be shared. Now every Trading partner is having there own character Sets and unique numbers so i have created 150
    party agreements for all the Trading partners. I am interested to use a single port. I have created an orchestration to achieve this. Below are the steps i used to create orchestration :-
    1) Receiving 11 XML from receive shape.
    2) Extracting the value of Node TSP(this value is used to know the trading partners unique number on which i am deciding to which party agreement this Xml needs to go) using xpath.
    3) I am constructing the message in construct.                                                                                                                     
    3.1) Mapping  from XML To EDI.                                                                
    3.2) As all 11 datasets are having different version. So i am overidding the value ISA and GS in Message Assignment(SourceName).
    4) Decide shape to decide on the value of TSP to which port it has to be send.
    But according to me this is not an optimized solution. Below are reasons:-
    1) I have to create 150 branch into decide shape. As i am receiving 11 different Xml messages i need to create decide shape for all the different Xml messages.
    2) I have to create 150 different ports which are having 15 operation(depanding upon Xml we received).
    Note:- I have to create 150 different Send Ports only because of Party Agreement. So is there any solution? i only want Single Send port and i can select the party Agreement in the orchestrations.

    Duplicate thread.  See:
    http://social.msdn.microsoft.com/Forums/en-US/c12a377e-ccf6-4fbe-9986-14da63d72282/sending-edi-to-multiple-partners-using-single-send-port-in-orchestration?forum=biztalkgeneral

  • Design Help - Firewall/DMZ

    Hi,
    I am about to purchase two 5515-X next generation firewalls and I need to decide what to do as far as the design goes so I need some help from the experts. This appliances seem to come with 6 1Gbps ports which is enough. In our LAN, we have two 6500 running on VSS mode and we are also going to get our second ISP. Doing the obvious which is cross-connect each firewall with the two 6500s and possibly with the internet routers. Is it something else you recommend?
    Planning to trunk a couple interfaces and connect them to a DMZ switch; however, how do I make that one switch redundant? Some of the vendors currently connected do not offer a redundant link in case of failure.
    I'll be deploying the devices as active/standby and this is because I have VPNs configured which it is my understanding that both devices can't be active with this type of configuration. Can someone advise on this matter? However, the company wants to use them both at the same time.
    Using two ISPs, how do I deal with the Public-Internal NAT?
    Any help is greatly appreciated. Thanks.

    Planning  to trunk a couple interfaces and connect them to a DMZ switch; however,  how do I make that one switch redundant? Some of the vendors currently  connected do not offer a redundant link in case of failure.
    Well, you could use the 6500s if you have enough free interfaces on it.  Create the DMZ VLAN on the 6500s as well as on the new DMZ switch.  On the 6500 and the DMZ switch configure the ports as trunk but only allow the single VLAN on that trunk.  Create a subinterface on the ASA and place that subinterface in the new DMZ VLAN and give it an IP.
    I'll be deploying the devices as  active/standby and this is because I have VPNs configured which it is my  understanding that both devices can't be active with this type of  configuration. Can someone advise on this matter? However, the company  wants to use them both at the same time.
    What the company wants isn't always what is the best solution and they should be told that, from time to time.  However, it is possible to configure the ASAs in an Active/Active setup.  This will require that the ASAs are configured in multiple context mode.  On one ASA context 1 is active while context 1 on the second ASA is in standby mode. then on the second ASA context 2 is the active context and on ASA context 2 is in standby mode.  This setup will alow the use of both ISP connections and be able to maintain VPN connections.  Keep in mind that the VPN connections will not be active on both ASAs.  It wil only be active on the active context, but will failover to the standby context if a failure occurs.
    Using two ISPs, how do I deal with the Public-Internal NAT?
    the ASA does not support two active default gateways, and therefore support for two ISPs is not supported in single context mode.  So if you have a requirement to use both ISP connection simultaneously then you need to have multiple contexts. Each context is a virtual firewall and completely seperate from eachother.
    So, back to the active contexts.  context 1 on ASA1 is the active context and is connected to ISP1.  context 2 on ASA2 is the active context and is connected to ISP2.  You would perform NAT in the exact same way as you would in a single context ASA no hocus pocus.  The only difference is that the traffic that goes towards each context and subsiquently each ISP are not from the same subnet.  They need to be seperated and then diveded between the two contexts.
    So, context 1 would have traffic for VLANs 1, 3, 5, 7, 9 and context 2 would have traffic for VLANs 2, 4, 6, 8, 10.
    here is a link on how to configure active/active failover.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/ha_failover.html#wp1163513
    Please remember to rate and select a correct answer

  • Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

    Hi Everyone
    I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
    Note: I have just one machine for demonstration with Win2003 Enterprise
    First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
    1- Portal should be integrated with oracle forms and reports with single sign-on
    2- AS, should have single sign-on authentication to work on port 80 only.
    3- Portal should be integrated with BI Publisher 10.3
    For the objectives mentioned above i have done the following:
    1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
    2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
    3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
    So, could anyone please guide me in problem 2 and 3.
    Thanks in advance.
    Anas

    a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
    SNC is not required for sso in bi 4.0
    http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
    http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
    Best Regards

  • Wat is the use of ports those are used for EMconsole

    hi all;,
    Could anyone please tell me
    1. the use of the agent,rmi and jms ports used for the dbconsole?
    2. if i block those ports can i use dbconsole?
    3. what are all the ports used for the database like listener, dbconsole http, dbconsole agent etc. and use of those.
    Thanks & Regards,
    Sagar Maram

    What is the use of the rmi and jms ports i mean how those are getting used internally. if block those ports with firewal then wat happend to dbconsole.?They are more appserver related components and to be clear..if the apps and DB are in the same server...then if you block these ports your DBConsole/Appconsole continues to work as long you have not blocked http DBconsole/Appconsole ports...
    But if you apps and DB are across network with a firewall between them then there is a possibility some of the functionality might not work but http console should work as long as http console port is opened in the firewall.....

  • Soap port already in use (856B) GW 703

    Anyone run into this problem where if you have multiple POA's on single server and if you enable SOAP to use default port of 7191 on both POA's, one or other POA complains about "soap port already in use (856B)" and shuts down that POA.
    BES doesn't seem to have option for add'l port number assignments? Or is there a workaround to allow both POA's to listen on same port number?
    Any help is greatly appreciated!
    Thanks

    On Tue, 22 Sep 2009 13:36:02 +0000, josejimenez wrote:
    > Anyone run into this problem where if you have multiple POA's on single
    > server and if you enable SOAP to use default port of 7191 on both POA's,
    > one or other POA complains about "soap port already in use (856B)" and
    > shuts down that POA.
    Makes sense. You can't run multiple services on the same server using
    the same IP address and port.
    > Or
    > is there a workaround to allow both POA's to listen on same port number?
    Use multiple IP addresses and bind each POA to a specific IP.
    Joe Marton
    Novell Knowledge Partner
    SUSE Linux Enterprise 11 is ready for action.

  • RMI server behind firewall--must use host as name, not IP

    Server is running behind a firewall, which runs such that any machine behind the firewall cannot use the external IP to get back to itself.
    That is:
    - outside IP = 192.171.20.5 (port forwards 1099 to 192.168.1.5:1099)
    - inside IP = 192.168.1.5 (rmi server listens on 1099)
    from the machine inside (192.168.1.5), it is IMPOSSIBLE to create a socket to [outside ip](192.171.20.5), port 1099, and expect it to get back to the machine inside--the firewall prohibits this.
    I -can- use name-based lookups, such that I can edit the hosts file on the inside box to route (myhost.com to 192.168.1.5). So, if everyone's DNS resolves myhost.com -> 192.171.20.5, then clients anywhere can go to myhost.com:1099 and will be redirected to my internal machine (192.168.1.5:1099).
    The problem with this is that the names get translated to IPs and sent back to the client.
    Is there a way to keep the names as names, so that both client (using external real-world DNS entries) and server (using local hosts file) can both resolve to the proper IP addresses?
    I'm starting server, as follows:
    java -Djava.rmi.server.codebase=http://myhost.com/rmi/ -Djava.security.policy=/policypath/policy -Djava.rmi.server.hostname=myhost.com mypkg.myclass
    The client connects and gets this message (from a connection exception):
    java.rmi.ConnectException: Connection refused to host: 192.168.1.5;

    Server is running behind a firewall, which runs such
    that any machine behind the firewall cannot use the
    external IP to get back to itself.I dont really understand this statement.. Machines behind the firewall referring to the external ip would be going to the gateway, not themselves.. Or do you have an internal AND external ip on the machines behind the firewall? Or are we referring to the gateway machine as an internal machine as well as external?
    That is:
    - outside IP = 192.171.20.5 (port forwards 1099 to
    192.168.1.5:1099)
    - inside IP = 192.168.1.5 (rmi server listens on
    1099)looks good, what kinda OS/firewall? If we're talking linux/ipchains (or iptables) with ip masquerading, I may be of some use to you...
    from the machine inside (192.168.1.5), it is
    IMPOSSIBLE to create a socket to [outside
    ip](192.171.20.5), port 1099, and expect it to get
    back to the machine inside--the firewall prohibits
    this.If you're on the internal network, why can't you just go for the internal ip addr? If I'm understanding correctly, you want internal dns requests for myhost.com to resolve to 192.168.1.5, and external dns requests to resolve to 192.171.20.5? That should't be a problem...
    I -can- use name-based lookups, such that I can edit
    the hosts file on the inside box to route (myhost.com
    to 192.168.1.5). So, if everyone's DNS resolves
    myhost.com -> 192.171.20.5, then clients anywhere can
    go to myhost.com:1099 and will be redirected to my
    internal machine (192.168.1.5:1099).the hosts file has nothing to do with routing, it's simply a dns-type thing... If your dns is giving external users a 192.168 address as the ip for myhost.com, they will never get to it. 192.168 is not routable on the internet, i think most inet routes will drop packets from 192.168.x.x or 10.x.x.x.
    Is there a way to keep the names as names, so that
    both client (using external real-world DNS entries)
    and server (using local hosts file) can both resolve
    to the proper IP addresses?As long as your dns is working correctly, java doesn't care if you use ips or host names.. Hostnames are preferable, so when you change your network around, you wont affect your rmi server.
    I'm starting server, as follows:
    java -Djava.rmi.server.codebase=http://myhost.com/rmi/
    -Djava.security.policy=/policypath/policy
    -Djava.rmi.server.hostname=myhost.com mypkg.myclass
    The client connects and gets this message (from a
    connection exception):
    java.rmi.ConnectException: Connection refused to host:
    192.168.1.5;Is your server compiled with the 192.171 ip? That's not gonna work, you have to use the same IP the server is running on. I'm still not clear on your network layout, is 192.171.20.5 and 192.168.1.5 the 2 gateway ip's, or is 192.168.1.5 a physically different machine? I'd be willing to bet that your server is compiled with the external address, and if that's not the same machine, then there's no chance of that working....
    There's more than port forwarding going on.. IIRC, java rmi keeps track of its own ip's.. A client request to an external ip will not connect to a server running on the internal ip, even if you forward the port, rmi itself doesn't recognize the internal as the ip it's trying to get to (even if it is true), so it bombs out.. This can happen if you run the rmi server on a gateway, and compile the server with the external ip, and try to connect to the internal ip.. If you want external machines to connect, you MUST run the server on an external ip.
    Give a little more info, we'll getcha running... I'm also assuming you have full control of your network (ie, firewall/dns)
    doug

  • Query to get all ports assigned and used by EBS instance.

    Hi,
    Can some one pleaase help to get
    Query to get all ports assigned and used by EBS instance.
    Help is appreaciated.
    Regards,
    Milan

    MILAN RATHOD wrote:
    Hi,
    Can some one pleaase help to get
    Query to get all ports assigned and used by EBS instance.
    Help is appreaciated.
    Regards,
    MilanIn addition to the thread referenced above by Helios, please check the context files and (Oracle E-Business Suite R12 Configuration in a DMZ [ID 380490.1] -- F. List of Ports to Open in a DMZ Configuration).
    Thanks,
    Hussein

  • Writing multiple port data report into single excel file

    I'm working on a STTE automation of an power management unit in which data's from 6 different channels are received from the unit which has to be tested and then verified and co-related with the digital and analog inputs given by the user. So my question is finally how to write all dese six channel's data to a single excel file with multiple work sheets..... Like channel-1 one in sheet1,ch-2 in sheet2 so on.... (these data's from 6 different are received from 6 different serial communication port.)
     pls guide how to forward in the final report generation for abv mentioned requirement in labview

    As nyc mentioned you will have to use ActiveX if you want to do exactly what you discribed but if you're new to LabVIEW that can be a big step.
    In the VI you posted you write your data to xls file but the fact is that you use the write to text file function, so in the end your file is just a simple text file, and of course Excel can open this type of file.
    Maybe you could have your VI to write txt files and then have another bit of code that would transfert the data in each text file to differnt worksheet in a Excel file.
    Or maybe another option would be to write all your data to the same TDMS file (on channel per port) and then use the TDMS Excel Add in to generate an Excel file from the TDMS.
    Feel free to ask more questions :-o
    When my feet touch the ground each morning the devil thinks "bloody hell... He's up again!"

  • BT HH 2.0 - Blocking Ports / Firewall

    Is there a way to block all ports except http / smtp?  or are there other firewall settings that can be accessed apart from the 3 choices in the configuration.
    Thanks - Gary

    gpmcclean wrote:
    Thanks for the reply Tommy and the welcome.
    My goal is to block all possible P2P ports as my daughters are eating away at my 40GB allowance far to quickly.
    I have a Netgear DGN2000 which I used with Plus.net before I moved to BT Infinity back in Oct.
    Cheers - Gary
    Then you need to block all the port venues that their P2P Applications are capable of using perhaps even legitmatate ports that you use for you own needs? 
    A far better solution is to be firm but fair when dealing with their Internet access, it requires more discussion & time but it is usually a far better long term option with less friction.
    On a slight diversion, blocking ports may only a short term solution anyway, is your router properly IPV6 aware. (very few are )
    Take al look at these links.
    IANA, ARIN, and the IPv4 run-out
    The .net domain joins the DNSSEC fold
    The exaustion IPV4 addresses & the expected signing of the .com domain to DNSSEC early next year should make 2011 an interesting one.
    "I have this awful feeling someone is watching every move I make (one of my pet hates is router location tagging)." Marvin (A paranoid Android)

  • Port 80 In Use

    Attempting to run Apache 2.2.9 on a freshly updated system; can't get it to start, however, as something else appears to be holding port 80 and is denying a socket connection.  I haven't any idea what service it is, other than what I can garner from
    a quick probe via a telnet client:
    HTTP/1.1 400 Bad Request
    Content-Type: text/html; charset=us-ascii
    Server: Microsoft-HTTPAPI/2.0
    Date: Wed, 04 Feb 2015 15:12:57 GMT
    Connection: close
    Content-Length: 326
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
    <HTML><HEAD><TITLE>Bad Request</TITLE>
    <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
    <BODY><h2>Bad Request - Invalid Verb</h2>
    <hr><p>HTTP Error 400. The request verb is invalid.</p>
    </BODY></HTML>
    netstat -ao identifies it as PID 4, but that's simply "System", so it leads nowhere.
    Older information mentioned this could be the Web Deployment Agent Service but this doesn't appear to exist in Win10.  There's no good information in the Firewall or Event Viewer.

    Hi,
    The TCP port: 80 is used by System by default. For your problem, is there any detailed error message with this problem?
    In my opininon, it would be better to use Process Monitor to captuer the Apache start process to find the reason of this problem.
    You can access to the link below to download Process Monitor:
    https://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
    How to capture a Process Monitor trace:
    http://blogs.msdn.com/b/dswl/archive/2010/01/10/how-to-capture-a-process-monitor-trace.aspx
    Learning Example:
    Using Process Monitor to Troubleshoot and Find Registry Hacks:
    http://www.howtogeek.com/school/sysinternals-pro/lesson5/all/
    Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
    On the other hand, if your doubt the port 80 was using by other unknown process, it would be better to use Network Monitor to capture the trace of port 80.
    Roger Lu
    TechNet Community Support

  • Multiple LV instances, web server cannot start, port already in use

    Hi there,
    I have a general question about webserving VIs in case either
    a) multiple instances of the LV development environment are running (this is possible in windows XP for instance when "switch users" is allowed and each user launches LV)
    b) multiple compiled LV executables are run by the same user
    c) any mixture of the two above
    I have an application case when either of the three above would be a very good solution, was not for the problem encountered. Say, b): the user is given two deployed executables, and can decide to run either or both concurrently. Moreover, I want these applications to be visible on the web, so they are compiled with the webserver turned on, default settings.
    The problem I've seen (LV8.5.1, winXp for sure, but I think I've seen it as well in linux and other versions as well) is that each new instance of the LV engine tries to get hold of the tcp port (default 80), so that all instances beyond the first complain about "The Web Server cannot start. Is the Web Server port already in use?"
    While I can understand the origin of the message, and found some posts on the forums somehow related to it, I don't like it too much. 
    I could think only of two workarounds here: 1) set different web server ports for each LV instance, and instruct the remote users to direct their browsers to a webserverort link to access each VI; 2) run all the applications from the same instance of the LV dev system. The latter is not so convenient for me, due to conflicts in global VIs between all instances of the applications [compiling executables IS a way to privatize memory spaces in this case, AND global variables are imho well justified for the fairly complex application I have in mind here].
    Is there a third, more elegant solution perhaps, which I'm missing?
    Thanks, Enrico

    NathanK wrote:
    What is it in particular that you dislike about the message?
    How would you like LabVIEW to behave in this case?
    No problem with the message, but I'd just be very happy if a single
    web server would serve all my instances of the executables on the same
    port. I.e., if 2.exe is open and wants to start another server on the
    same port used already by 1.exe, then 2.exe becomes served by the
    server already opened. Am I demanding too much? Am I missing some
    necessary logic?
    At the moment, anyway, I'm stuck with the vi being served correctly,
    but not the compiled application, and I can't figure out why. It's
    LV8.5.1, and yes, I have in the .ini
    WebServer.DirectoryIndex="index.htm"
    WebServer.LogPath=C:\Program Files\National Instruments\LabVIEW 8.5\www.log
    WebServer.MimeTypes="htm;text/html;gif;image/gif;j​pg;image/jpeg;png;image/png;txt;text/plain;html;te​xt/html;jpeg;image/jpeg;css;text/css;llb;applicati​on/x-labview-llb;vi;application/x-labview-vi;doc;a​pplication/msword;dot;application/msword;bin;appli​cation/octet-stream;exe;application/octet-stream;r​tf;application/rtf;pdf;application/pdf;ai;applicat​ion/postscript;eps;application/postscript;ps;appli​cation/postscript;csh;application/x-csh;gtar;appli​cation/x-gtar;gz;application/x-gz;sh;application/x​-sh;tar;application/x-tar;zip;application/zip;hqx;​application/mac-binhex40;ua;audio/basic;wav;audio/​wav;tif;image/tiff;tiff;image/tiff;xbm;image/x-xbi​tmap;rtx;text/richtext;qt;video/quicktime;mov;vide​o/quicktime;avi;video/x-msvideo;movie;video/x-sgi-​movie;aif;audio/aif;aifc;audio/aif;aiff;audio/aif;​aim;application/x-aim;dif;video/x-dv;div;video/x-d​v;js;application/x-javascript;pntg;image/x-macpain​t;xlb;application/vnd.ms-excel;xls;application/vnd​.ms-excel;ppa;application/vnd.ms-powerpoint;ppt;ap​plication/vnd.ms-powerpoint;pps;application/vnd.ms​-powerpoint;pot;application/vnd.ms-powerpoint;pwz;​application/vnd.ms-powerpoint;mid;audio/mid;midi;a​udio/mid;enc;video/mpeg;m1v;video/mpeg;mp2;video/m​peg;mpa;video/mpeg;mpe;video/mpeg;mpeg;video/mpeg;​mpg;video/mpeg;psd;image/x-photoshop;bmp;image/bmp​;pic;image/pic;ra;audio/vnd.rn-realaudio;rf;image/​vnd.rf-realflash;rm;application/vnd.rn-realmedia;r​p;image/vnd.rn-realpix;ram;audio/x-pn-realaudio;rm​m;audio/x-pn-realaudio;rnx;application/vnd.rn-real​player;rt;text/vnd.rn-realtext;rv;video/vnd.rn-rea​lvideo;smi;application/smil;ssm;application/stream​ingmedia;sithqx;application/mac-binhex40;sit;appli​cation/x-stuffit"
    WebServer.Port=80  [### or 8000]
    WebServer.Enabled=True
    WebServer.RootPath=C:\Program Files\National Instruments\LabVIEW 8.5\www
    WebServer.TcpAccess="c+*"
    WebServer.ViAccess="+*"
     [hints welcome here]. That is, I'm at the moment unable to use even my workaround 1 above.
    Enrico

  • How to use single ant build to package with and without native extensions

    Hi,
    I am using iOS native extensions for Adobe air. For this I am listing the extensionid in the application descriptor file. Since the package with native extensions are meant to run only on device, I want my build script to work without native extensions too to be able to run on simulator. Is this manadatory that I need two separate application descriptors/basically two build scripts to compile and package them? Please suggest and let me know if more explanation is needed.
    Thanks,
    Swathi.

    why are you wanting to use single frames?
    They allow having the initial frame address stay in the
    address bar, and not
    show the linked page's address. The problems they cause
    usually override any
    value.
    Or- if we aren't using the same words the same way, please
    give an example
    site of what you want to do.
    Alan
    Adobe Community Expert, dreamweaver
    http://www.adobe.com/communities/experts/

  • How to use Single sign On in CRM2007 ?

    Dear All,
    I have created a launch transaction for launching ransactions from R3 (using BOR).
    Now, the problem is when I click on the link in WebUI it gives me a popup for entering R3 User Id and only then it allows navigation to R3 transaction.
    How do I remove this popup ? I want that since user has already eneterd password for WebUI it should further not prompt him/her for the password. How to achieve this ?
    Can we use Single Sign on ? How ?
    Regards,
    Ashish

    Hi Stephen,
    I have done the settings as per the OSS notes. But, I am getting the following error while navigating to R3 from CRM (BOR Launch transaction):-
    - SSO logon not possible; browser logon ticket cannot be accepted
    - Choose "Logon" to continue A dialog box appears in which you can enter your user and password
    - No switch to HTTPS occurred, so it is not secure to send a password
    Also, after this I get the popup where I have to enter R3 User Id and Password and then it continues.
    But, the whole purpose was to remove this intermediate popup.
    What settings are missing / going wrong ?
    Regards,
    Ashish

  • How to use single element as both control as well as indicator in labview

    Hi All,
    I need to use single element for both control and as an indicator.
    I need not want to use its value property os shift register.

    Hi pmg,
                I think this thread will be helpful to you.
               http://forums.ni.com/t5/LabVIEW/Using-a-control-as-both-an-indicator-and-control/td-p/1113158 
    Thanks as kudos only

Maybe you are looking for