5520 to 5525 all access rules being ignored.

Similar Messages

• Open firewall Ports despite DENY- ALL access rule

  Hi,
  See below my firewall rules.
  Despite the deny all, runnning nmap from outside still reveals open ports.
  name 202.1.53.41 fw1.outside.irc.com
  interface GigabitEthernet0/0
   nameif inside
   security-level 0
   ip address fw1.inside.irc.com 255.255.252.0 standby 172.16.86.219
  interface GigabitEthernet0/1
   nameif SSN-DMZ
   security-level 0
   ip address 10.20.2.1 255.255.255.0 standby 10.20.2.2
  interface GigabitEthernet0/2
   nameif Outside
   security-level 0
   ip address fw1.outside.irc.com 255.255.255.248 standby NAT-202.1.53.45
  interface GigabitEthernet0/3
   description Internet Access for Wireless clients on the guest network
   nameif GuestInternet
   security-level 0
   ip address 192.168.154.2 255.255.254.0
  interface Management0/0
   nameif management
   security-level 10
   ip address 10.10.200.14 255.255.255.0 standby 10.10.200.15
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 any host WWW.IRC.COM-PRIV
  access-list inside_access_in remark Deny POP3, SSH, TELNET to Deny-Host-Group 172.16.86.246/249
  access-list inside_access_in extended deny object-group DENY-HOST-GROUP object-group DENY-HOST-GROUP-1 any
  access-list inside_access_in remark Allow SMTP external access to Mail Servers group
  access-list inside_access_in extended permit tcp object-group MAIL-GW-GROUP any eq smtp
  access-list inside_access_in remark Deny Any other Users from sending mails via smtp
  access-list inside_access_in extended deny tcp any any eq smtp
  access-list inside_access_in extended deny ip object-group Botnet_Blacklist any
  access-list inside_access_in extended deny ip any SPAM_MACHINE 255.255.255.0
  access-list inside_access_in extended deny ip any host SPAMIP
  access-list inside_access_in extended permit ip object-group Socialsites_Allowed object-group Facebook
  access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_8 any object-group Facebook
  access-list inside_access_in remark Rule to block Internal users from accessing youtube
  access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_9 any object-group YoutubeIPs
  access-list inside_access_in remark Suspected Virus Ports
  access-list inside_access_in extended deny tcp any any object-group DM_INLINE_TCP_17
  access-list inside_access_in remark Ports Commonly used by Botnet and Malwares
  access-list inside_access_in extended deny tcp any any object-group IRC
  access-list inside_access_in remark Allow Access to External DNS to ALL
  access-list inside_access_in extended permit object-group DNS-GROUP object-group DNS-SERVERS object-group External_DNS_Servers
  access-list inside_access_in remark Allow Any to Any on Custom TCP/UDP services
  access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_12
  access-list inside_access_in remark Allow Any to Any VPN Protocols group
  access-list inside_access_in extended permit object-group VPN-GROUP any any
  access-list inside_access_in extended permit ip any host pomttdbsvr
  access-list inside_access_in remark Allow Access to DMZ from Inside
  access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_10
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_5 any 10.20.2.0 255.255.255.0
  access-list inside_access_in extended permit tcp any any eq pop3
  access-list inside_access_in extended permit object-group Web-Access-Group any any
  access-list inside_access_in remark DNS RATING SERVICE FOR BLUECOAT SG510 PROXY
  access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_4 eq www inactive
  access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group DM_INLINE_TCP_3
  access-list inside_access_in remark Yahoo Messenger Test
  access-list inside_access_in extended permit tcp any any object-group YahooMessenger
  access-list inside_access_in extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
  access-list inside_access_in extended permit tcp any any object-group smile
  access-list inside_access_in extended permit udp any host smile.telinet.com.pg object-group smile-udp
  access-list inside_access_in remark testing access for mobile phones behind wireless router
  access-list inside_access_in extended permit ip host Wireless-Router any inactive
  access-list inside_access_in extended permit tcp any any object-group FTP-Service-Group inactive
  access-list inside_access_in extended permit ip host mailgate.irc.com any
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_2 any object-group NTP
  access-list inside_access_in extended permit tcp any any object-group web-email-services
  access-list inside_access_in remark Murray PC
  access-list inside_access_in extended permit ip host 10.100.20.36 any
  access-list inside_access_in extended permit tcp any any object-group Itec-Citrix
  access-list inside_access_in extended permit ip host EP200 any
  access-list inside_access_in extended permit tcp any any object-group TCP-SMTP
  access-list inside_access_in extended permit tcp any host 202.165.193.134 eq 3391
  access-list inside_access_in extended permit ip object-group IT-Servers any
  access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
  access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_14 any inactive
  access-list inside_access_in extended permit ip host 10.100.20.23 any
  access-list inside_access_in extended permit tcp host NOC-NMS-CDMA host 202.165.193.134 object-group DM_INLINE_TCP_4
  access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_12 object-group Bluecoat-DNS-Rating eq www
  access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_13 any
  access-list inside_access_in extended permit udp host solarwinds-server any eq snmp
  access-list inside_access_in extended permit tcp host kaikai any object-group test-u inactive
  access-list inside_access_in extended permit tcp any host fw1.outside.irc.com object-group TCP-88
  access-list inside_access_in extended permit udp host solarwinds-server any object-group DM_INLINE_UDP_1
  access-list inside_access_in extended permit ip host IN-WEB-APP-SERVER any
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host KMS-Server any object-group KMS
  access-list inside_access_in extended permit tcp any any object-group TeamVIewer-TCP
  access-list inside_access_in extended permit icmp any any traceroute
  access-list inside_access_in extended permit ip host KMS-Server any
  access-list inside_access_in extended deny ip any host 87.255.51.229
  access-list inside_access_in extended deny ip any host 82.165.47.44
  access-list inside_access_in extended permit ip host InterConnect-BillingBox any
  access-list inside_access_in extended permit icmp any host fw1.outside.irc.com
  access-list inside_access_in extended permit icmp any any
  access-list inside_access_in remark For ACCESS MPLS team
  access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group RDP-MPLS-Huawei
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host mailgate.irc.com any eq domain
  access-list inside_access_in extended permit tcp any host 66.147.244.58 object-group SMTP-26
  access-list inside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any object-group Airfiji-SW
  access-list inside_access_in extended permit tcp host chief.bula.irc.com any
  access-list inside_access_in extended permit ip host Avabill86.181 any
  access-list inside_access_in extended permit ip any object-group AVG
  access-list inside_access_in extended permit ip host solarwinds-server any
  access-list inside_access_in extended permit tcp host 172.16.87.219 any object-group TCP-4948
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_10 any host Avabill_Consultant_IP_Sri-Lanka
  access-list inside_access_in extended permit tcp any host 69.164.201.123 eq smtp inactive
  access-list inside_access_in extended permit tcp any any object-group GMAIL inactive
  access-list inside_access_in extended permit tcp any any object-group NOC1
  access-list inside_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
  access-list inside_access_in extended permit tcp any host smile.telinet.com.fj object-group tcp-20080-30080
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group SIP-5060-5062
  access-list inside_access_in extended permit ip host LYNC-2013-SERVER any
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 object-group Lync_Servers any
  access-list inside_access_in extended permit object-group VPN-GROUP host 10.100.20.94 any inactive
  access-list inside_access_in remark Pocket Solutions -TEMP
  access-list inside_access_in extended permit ip host 10.100.20.121 any
  access-list inside_access_in extended permit tcp host John_sibunakau any object-group JohnTESTPort inactive
  access-list inside_access_in extended permit ip host CiscoRadiusTestPC any
  access-list inside_access_in extended permit ip any host HungaryServer inactive
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq ssh
  access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group itec-support-tcp-udp
  access-list Outside_access_in remark Allow All to NAT Address on SSL/SSH/SFTP(2222)
  access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_9
  access-list Outside_access_in remark Allow All to Outside On Fujitsu and 777-7778 ports
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_8
  access-list Outside_access_in remark Allow all to Outside on Custom ports
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_7
  access-list Outside_access_in remark Allow Inbound HTTP to WWW.IRC.COM
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq www
  access-list Outside_access_in extended permit icmp any host fw1.outside.irc.com
  access-list Outside_access_in extended permit object-group TCPUDP any host fw1.outside.irc.com object-group BrouardsGroup
  access-list Outside_access_in remark Allow ALL to RealVNC ports
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group RealVNC-TCP5900
  access-list Outside_access_in remark Allow ALL access to 202.1.53.43 on RealVNC ports
  access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group RealVNC-TCP5900
  access-list Outside_access_in remark Allow DNS queries from Internet to DNS server
  access-list Outside_access_in extended permit object-group TCPUDP object-group ITEC-Group-Inbound host fw1.outside.irc.com object-group itec-sftp
  access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_14
  access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host SkyTel host fw1.outside.irc.com
  access-list Outside_access_in remark Telinet/Inomial temp access to test machine M.Orshansky
  access-list Outside_access_in extended permit tcp host 203.92.29.151 host fw1.outside.irc.com eq 3390
  access-list Outside_access_in extended permit tcp any host NAT-202.58.130.43 object-group RDP
  access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group ITEC-Group-Inbound host fw1.outside.telikompng.com.pg object-group INTEC-Service
  access-list Outside_access_in extended permit tcp host 220.233.157.98 host fw1.outside.irc.com eq ssh inactive
  access-list Outside_access_in extended permit ip any host fw1.outside.telikompng.com.pg
  access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group CRM
  access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8010-CRM
  access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8005-CRM
  access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group NTP
  access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group DNS
  access-list Outside_access_in remark Ultra VNC connection to 172.16.84.34@nadi Exchange
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC-HTTP
  access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group POP3-SSL
  access-list Outside_access_in extended permit object-group EMAIL-SMARTPHONES any host fw1.outside.irc.com
  access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group exchange-RPC
  access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group exchange-RPC
  access-list Outside_access_in extended permit icmp any host NAT-202.1.53.43
  access-list Outside_access_in remark Access to Solarwinds Management box
  access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group Solarwinds
  access-list SSN-DMZ_access_in remark Permit DNS Quiries out of DMZ
  access-list SSN-DMZ_access_in extended permit object-group TCPUDP any any eq domain
  access-list SSN-DMZ_access_in remark Allow SQL ports out of DMZ to Host 172.16.86.70
  access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.70 object-group SQL-Group
  access-list SSN-DMZ_access_in remark Allow Custom protocols out of DMZ to host 172.16.86.27
  access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.27 object-group DM_INLINE_TCP_2
  access-list SSN-DMZ_access_in extended permit tcp host suva-vdc-int2.suva.irc.com host WWW.IRC.COM=PRIV eq 3389
  access-list SSN-DMZ_access_in extended permit object-group Web-Access-Group host WWW.IRC.COM-PRIV any
  access-list SSN-DMZ_access_in extended permit tcp any host WWW.IRC.COM.-PRIV object-group DMZ-WebAccess
  access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_access any
  access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_webcon any
  access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_AV any
  access-list inside_nat0_outbound extended permit ip any 192.168.254.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 host 10.10.200.1
  access-list inside_nat0_outbound extended permit ip any host WWW.IRC.COM-PRIV
  access-list inside_nat0_outbound extended permit ip host ns.irc.com any
  access-list inside_nat0_outbound extended permit ip any 10.200.200.0 255.255.255.0
  access-list Outside_nat0_outbound extended permit ip 192.168.254.0 255.255.255.0 any
  access-list Outside_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
  access-list alcatel-my remark Allow Alcatel-my access to TIRC(1)
  access-list alcatel-my standard permit 172.16.24.0 255.255.252.0
  access-list alcatel-my remark Allow Alcatel-my access to TIRC(2)
  access-list alcatel-my standard permit 172.16.84.0 255.255.252.0
  access-list 131 extended permit ip host MICHAEL any
  access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 mcr_Management 255.255.255.0
  access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_5
  access-list management_access_in extended permit object-group Web-Access-Group host 10.10.200.1 any
  access-list management_access_in extended permit ip host 10.10.200.1 host 172.16.87.47
  access-list management_access_in extended permit ip host 10.10.200.1 host IN-WSC
  access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_8
  access-list management_access_in extended permit tcp host 10.10.200.1 object-group DM_INLINE_NETWORK_3 eq 3389
  access-list management_access_in remark To BlueCaot Appliances
  access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_1
  access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_7
  access-list management_access_in extended permit tcp 10.10.200.0 255.255.255.0 object-group Management_Hosts object-group RDP
  access-list management_access_in extended permit icmp host 10.10.200.1 any traceroute
  access-list management_access_in extended permit ip host 10.10.200.1 host NOC-NMS-CDMA
  access-list management_access_in extended permit object-group DM_INLINE_SERVICE_3 host 10.10.200.1 any
  access-list management_access_in extended permit tcp host 10.10.200.1 any eq ftp
  access-list management_access_in extended permit tcp host bula host 10.10.200.1 object-group RDP inactive
  access-list management_access_in extended permit tcp host 10.100.20.23 host 10.10.200.1 object-group RDP
  access-list management_access_in extended permit ip host 10.10.200.1 any
  access-list management_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
  access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
  access-list management_access_in extended permit ip any any
  access-list management_access_in extended permit ip host 10.10.200.1 host bula inactive
  access-list management_access_in extended permit ip any host solarwinds-server
  access-list management_access_in extended permit ip host solarwinds-server any
  access-list management_access_in extended permit ip object-group PacketFence-Servers 10.10.200.0 255.255.255.0
  access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 object-group PacketFence-Servers
  access-list management_access_in extended permit ip object-group 3750-Switches host solarwinds-server
  access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host 10.10.200.1
  access-list management_access_in extended permit ip host 10.10.200.1 10.10.200.0 255.255.255.0
  access-list Outside_access_in_1 extended permit ip any any
  access-list management_access_in_1 extended permit ip mcr_Management 255.255.255.0 any
  access-list inside-networks remark internal tpng corporate subnetwork
  access-list inside-networks standard permit 172.16.84.0 255.255.252.0
  access-list inside-networks remark dms10
  access-list inside-networks standard permit host 10.10.0.0
  access-list 84-subnet remark 84 subnet
  access-list 84-subnet standard permit 172.16.84.0 255.255.252.0
  access-list 84-subnet remark 4 subnet
  access-list 84-subnet standard permit inside-network-extra-subnet 255.255.252.0
  access-list split-tunnel remark 84 subnet
  access-list split-tunnel standard permit 172.16.84.0 255.255.252.0
  access-list split-tunnel remark 4 subnet
  access-list split-tunnel standard permit inside-network-extra-subnet 255.255.252.0
  access-list split-tunnel remark Access to internal POP3 server
  access-list split-tunnel standard permit host neptune.waigani.telikompng.com.pg
  access-list split-tunnel remark Access to internal SMTP server
  access-list split-tunnel standard permit host minerva.suva.irc.com
  access-list split-tunnel remark Allow access to the 24 subnet
  access-list split-tunnel standard permit 172.16.24.0 255.255.252.0
  access-list split-tunnel standard permit Cisco-VLans 255.255.0.0
  access-list inside_authentication extended permit tcp any object-group DM_INLINE_TCP_11 any object-group DM_INLINE_TCP_13 time-range WorkingHours inactive
  access-list itsupport standard permit NOC 255.255.252.0
  access-list itsupport standard permit 172.16.96.0 255.255.252.0
  access-list itsupport standard permit 10.20.2.0 255.255.255.0
  access-list itsupport standard permit 10.10.200.0 255.255.255.0
  access-list itsupport standard permit 172.16.84.0 255.255.252.0
  access-list itsupport standard permit inside-network-extra-subnet 255.255.252.0
  access-list itsupport standard permit 10.2.1.0 255.255.255.0
  access-list itsupport standard permit 172.16.88.0 255.255.252.0
  access-list itsupport standard permit Cisco-VLans 255.255.0.0
  access-list itsupport remark Access to IT-LAN-UPGRADE Network
  access-list itsupport standard permit IT-NETWORK-NEW 255.255.0.0
  access-list itsupport remark KWU Exchange subnet
  access-list itsupport standard permit 172.16.188.0 255.255.252.0
  access-list itsupport standard permit ATM-Network 255.255.0.0
  access-list global_mpc extended permit ip any any
  access-list management_nat0_outbound extended permit ip any inside-network-extra-subnet 255.255.252.0 inactive
  access-list management_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
  access-list management_nat0_outbound extended permit ip any object-group DM_INLINE_NETWORK_9
  access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group Management_Hosts
  access-list management_nat0_outbound extended permit ip any 172.16.84.0 255.255.252.0
  access-list management_nat0_outbound extended permit ip any MCR_POM 255.255.255.0
  access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_10
  access-list management_nat0_outbound extended permit ip any Cisco-VLans 255.255.0.0
  access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
  access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_15
  access-list Capture extended permit ip any host 192.118.82.140
  access-list Capture extended permit ip host 192.118.82.140 any
  access-list Capture extended permit ip host 192.118.82.160 any
  access-list Capture extended permit ip any host 192.118.82.160
  a
  access-list inside-network-access-only remark Allow Maggie Talig access to the 84 subnet only
  access-list inside-network-access-only standard permit 172.16.84.0 255.255.252.0
  access-list inside-network-access-only remark Allow Maggie Talig access to the 4 subnet only
  access-list inside-network-access-only standard permit inside-network-extra-subnet 255.255.252.0
  access-list SSN-DMZ_nat0_outbound extended permit ip host WWW.IRC.COM-PRIV object-group Internal-Networks
  access-list inside_nat0_outbound_1 extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
  access-list NETFLOW extended permit tcp any any
  access-list NETFLOW extended permit object-group DNS-GROUP any host fw1.outside.irc.com
  access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_6 any host fw1.outside.irc.com
  access-list NETFLOW extended permit udp any host fw1.outside.irc.com
  access-list NETFLOW extended permit tcp any host fw1.outside.irc.com eq smtp
  access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_5
  access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group TCP-8080
  access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_4 any host NAT-202.58.130.43
  access-list NETFLOW remark Reverse Proxy Inbound Rules from Internet- Lync 2013 Project - Lync Simple URLs
  access-list NETFLOW extended permit tcp any host 202.58.130.69 object-group DM_INLINE_TCP_6
  access-list NETFLOW remark Lync Edge Access Inbound Rule - Restricting Inbound
  access-list NETFLOW extended permit object-group pomlynedsvr01_access_Outside_to_DMZ any host 202.58.130.66
  access-list NETFLOW remark Lync Edge Outside to Inside for AV Interface
  access-list NETFLOW extended permit object-group pomlynedsvr01_webcon_outside_to_DMZ any host 202.58.130.67
  access-list NETFLOW extended permit object-group pomlynedsvr01_AV_Outside_to_DMZ any host 202.58.130.68
  access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_11 any host NAT-fijiircdata
  access-list NETFLOW extended deny ip host SPAMIP any
  access-list NETFLOW extended deny ip SPAM_MACHINE 255.255.255.0 any
  access-list NETFLOW extended deny ip host 220.233.157.99 any log debugging
  access-list Huawei-Access-Networks remark HUawei-Network-Elements
  access-list Huawei-Access-Networks standard permit 192.168.200.0 255.255.255.0
  access-list Huawei-Access-Networks remark Access to Ela Beach MPLS network
  access-list Huawei-Access-Networks standard permit 10.100.70.0 255.255.255.0
  access-list Huawei-Access-Networks remark Huawei Network elements
  access-list Huawei-Access-Networks standard permit 192.168.210.0 255.255.255.0
  access-list Huawei-Access-Networks remark Huawei network elements
  access-list Huawei-Access-Networks standard permit 192.168.213.0 255.255.255.0
  access-list management_nat0_outbound_1 extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
  access-list Alcatel-NMS-ACL remark Access allowed to Alcatel NMS devices in NOC
  access-list Alcatel-NMS-ACL standard permit 10.2.1.0 255.255.255.0
  access-list Business-Systems-Access remark Mail Server 1
  access-list Business-Systems-Access standard permit host neptune.waigani.telikompng.com.pg
  access-list Business-Systems-Access remark Mail Server 2
  access-list Business-Systems-Access standard permit host minerva.waigani.telikompng.com.pg
  access-list Business-Systems-Access remark SAP PROD
  access-list Business-Systems-Access standard permit host SAP-SAPPROD
  access-list Business-Systems-Access remark Avabill Application Server
  access-list Business-Systems-Access standard permit host Avabill86.177
  access-list Business-Systems-Access remark Backup Avabill Application Server
  access-list Business-Systems-Access standard permit host Avabill84.170
  access-list Business-Systems-Access remark HRSelfcare
  access-list Business-Systems-Access standard permit host HOST-172.16.86.248
  access-list Business-Systems-Access remark Intranet Server
  access-list Business-Systems-Access standard permit host 172.16.85.32
  access-list IT-Systems-Support remark Access to inside network
  access-list IT-Systems-Support standard permit 172.16.84.0 255.255.252.0
  access-list IT-Systems-Support remark Access to IN netwwork
  access-list IT-Systems-Support standard permit 172.16.88.0 255.255.252.0
  access-list IT-Systems-Support standard permit Cisco-VLans 255.255.0.0
  access-list Systems-XS remark Access to 84 subnet
  access-list Systems-XS standard permit 172.16.84.0 255.255.252.0
  access-list Systems-XS remark Access to .4 subnet
  access-list Systems-XS standard permit inside-network-extra-subnet 255.255.252.0
  access-list Systems-XS remark Access to 10.100.x.x/24
  access-list Systems-XS standard permit Cisco-VLans 255.255.0.0
  access-list Huawei-NOC standard permit 172.16.84.0 255.255.252.0
  access-list Huawei-NOC standard permit Cisco-VLans 255.255.0.0
  access-list Huawei-NOC standard permit HASUT 255.255.255.0
  access-list Huawei-NOC standard permit IT-NETWORK-NEW 255.255.0.0
  access-list efdata remark Allow efdata access to above device as per request by chris mkao
  access-list efdata standard permit 172.16.92.0 255.255.252.0
  access-list test standard permit 172.16.92.0 255.255.252.0
  access-list Ghu_ES_LAN remark Allow efdata access to fij ES LAN
  access-list Ghu_ES_LAN extended permit ip any 172.16.92.0 255.255.252.0
  access-list GuestInternet_access_in extended permit ip any any
  global (inside) 1 interface
  global (SSN-DMZ) 1 interface
  global (Outside) 1 interface
  global (management) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 0 access-list inside_nat0_outbound_1 outside
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (SSN-DMZ) 0 access-list SSN-DMZ_nat0_outbound
  nat (SSN-DMZ) 1 WWW.IRC.COM-PRIV 255.255.255.255
  nat (Outside) 0 access-list Outside_nat0_outbound
  nat (GuestInternet) 1 0.0.0.0 0.0.0.0
  nat (management) 0 access-list management_nat0_outbound
  nat (management) 0 access-list management_nat0_outbound_1 outside
  nat (management) 1 10.10.200.1 255.255.255.255
  static (inside,Outside) tcp interface 10103 mailgate.irc.com 10103 netmask 255.255.255.255
  static (SSN-DMZ,Outside) tcp interface www WWW.IRC.COM-PRIV www netmask 255.255.255.255
  static (inside,Outside) tcp interface smtp mailgate.irc.com smtp netmask 255.255.255.255
  static (inside,Outside) tcp interface telnet HOST-172.16.84.144 telnet netmask 255.255.255.255
  static (inside,Outside) tcp interface pcanywhere-data HOST-192.168.1.14 pcanywhere-data netmask 255.255.255.255
  static (inside,Outside) udp interface pcanywhere-status HOST-192.168.1.14 pcanywhere-status netmask 255.255.255.255
  static (inside,Outside) tcp interface ssh InterConnect-BillingBox ssh netmask 255.255.255.255
  static (inside,Outside) udp interface ntp confusious.suva.irc.com ntp netmask 255.255.255.255
  static (inside,Outside) tcp interface 10002 HOST-172.16.200.121 10002 netmask 255.255.255.255
  static (inside,Outside) tcp interface 10003 HOST-172.16.200.122 10003 netmask 255.255.255.255
  static (inside,Outside) tcp interface 10004 HOST-172.16.41.26 10004 netmask 255.255.255.255
  static (inside,Outside) tcp interface 10005 HOST-172.16.41.27 10005 netmask 255.255.255.255
  static (inside,Outside) tcp interface https Avabill86.181 https netmask 255.255.255.255
  static (inside,Outside) tcp interface 7778 Avabill86.181 7778 netmask 255.255.255.255
  static (inside,Outside) tcp interface 8080 Avabill86.181 8080 netmask 255.255.255.255
  static (inside,Outside) tcp interface 7777 Avabill86.181 7777 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.45 https Avabill86.177 https netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 2222 daywalker.suva.irc.com 2222 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 ftp waigani-pdc-int2.suva.irc.com ftp netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 www neptune.suva.irc.com www netmask 255.255.255.255
  static (inside,Outside) tcp interface 5900 Primary1352CM 5900 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 5900 Backup1352CM 5900 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 https neptune.suva.irc.com https netmask 255.255.255.255
  static (inside,Outside) tcp interface 24 HOST-172.16.86.87 24 netmask 255.255.255.255
  static (inside,Outside) udp interface domain ns.irc.com domain netmask 255.255.255.255
  static (inside,Outside) tcp interface pop3 neptune.suva.irc.com pop3 netmask 255.255.255.255
  static (inside,Outside) tcp interface 7780 Apache-WebServer 7780 netmask 255.255.255.255
  static (inside,Outside) tcp interface 8000 CRM-SERVER2 8000 netmask 255.255.255.255
  static (inside,Outside) tcp interface 8010 CRM-SERVER4 8010 netmask 255.255.255.255
  static (inside,Outside) tcp interface 8005 CRM-SERVER3 8005 netmask 255.255.255.255
  static (inside,Outside) tcp interface 123 confusious.suva.irc.com 123 netmask 255.255.255.255
  static (inside,Outside) tcp interface imap4 neptune.suva.irc.com imap4 netmask 255.255.255.255
  static (inside,Outside) tcp interface domain ns.irc.com domain netmask 255.255.255.255
  static (inside,Outside) tcp interface ftp telitgate.irc.com ftp netmask 255.255.255.255
  static (inside,Outside) tcp interface 5901 uvnc-server 5901 netmask 255.255.255.255
  static (inside,Outside) tcp interface 5801 uvnc-server 5801 netmask 255.255.255.255
  static (inside,Outside) tcp interface 5902 172.16.84.200 5902 netmask 255.255.255.255
  static (inside,Outside) tcp interface 5802 172.16.84.200 5802 netmask 255.255.255.255
  static (inside,Outside) tcp interface 995 neptune.suva.irc.com 995 netmask 255.255.255.255
  static (inside,Outside) tcp interface 993 neptune.suva.irc.com 993 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 6001 neptune.suva.irc.com 6001 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 6002 neptune.suva.irc.com 6002 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 6004 neptune.suva.irc.com 6004 netmask 255.255.255.255
  static (inside,Outside) tcp interface 6001 minerva.suva.irc.com 6001 netmask 255.255.255.255
  static (inside,Outside) tcp interface 6002 minerva.suva.irc.com 6002 netmask 255.255.255.255
  static (inside,Outside) tcp interface 6004 minerva.suva.irc.com 6004 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 8720 solarwinds-server 8720 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 9000 solarwinds-server 9000 netmask 255.255.255.255
  static (inside,Outside) tcp interface 2055 solarwinds-server 2055 netmask 255.255.255.255
  static (inside,Outside) tcp interface 88 A-10.100.20.250 88 netmask 255.255.255.255
  static (inside,Outside) tcp interface 10000 ns.irc.com 10000 netmask 255.255.255.255
  static (inside,Outside) udp Ext-R2-Outside-Interface 2055 solarwinds-server 2055 netmask 255.255.255.255
  static (inside,Outside) udp Ext-R2-Outside-Interface snmp solarwinds-server snmp netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 135 neptune.suva.irc.com 135 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 3389 BT-DesktopPC 3389 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.65 www IN-WSC www netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.65 https IN-WSC https netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 ssh Avabill86.176 ssh netmask 255.255.255.255
  static (Outside,inside) tcp 10.100.20.36 5432 smile.telinet.com.pg 5432 netmask 255.255.255.255
  static (inside,Outside) tcp interface 222 chief.suva.irc.com ssh netmask 255.255.255.255
  static (inside,Outside) tcp interface 5061 LYNC-2013-SERVER 5061 netmask 255.255.255.255
  static (inside,Outside) tcp interface 5432 10.100.20.36 5432 netmask 255.255.255.255
  static (inside,Outside) tcp NAT-202.58.130.43 182 dadbsvr www netmask 255.255.255.255
  static (SSN-DMZ,Outside) 202.58.130.69 pomlynrprx01 netmask 255.255.255.255
  static (SSN-DMZ,Outside) 202.58.130.66 pomlynedsvr01_access netmask 255.255.255.255
  static (SSN-DMZ,Outside) 202.58.130.67 pomlynedsvr01_webcon netmask 255.255.255.255
  static (SSN-DMZ,Outside) 202.58.130.68 pomlynedsvr01_AV netmask 255.255.255.255
  access-group inside_access_in in interface inside
  access-group SSN-DMZ_access_in in interface SSN-DMZ
  access-group Outside_access_in_1 in interface Outside control-plane
  access-group NETFLOW in interface Outside
  access-group GuestInternet_access_in in interface GuestInternet
  access-group management_access_in_1 in interface management control-plane
  access-group management_access_in in interface management
  route Outside 0.0.0.0 0.0.0.0 Ext-R1-Inside-Interface 1
  route inside 10.2.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.8.0.0 255.255.255.0 VPNGATE 1
  route inside 10.9.254.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.10.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.10.2.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.10.3.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.10.4.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.10.5.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.10.10.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 10.15.100.0 255.255.255.0 fw1.outside.irc.com 1
  route inside Cisco-VLans 255.255.0.0 Cisco7200 1
  route inside VLan20-2F 255.255.255.0 Cisco7200 1
  route inside 10.100.67.0 255.255.255.0 IPVPN-Router 1
  route inside 10.100.74.0 255.255.255.0 172.16.86.0 1
  route inside 10.100.75.0 255.255.255.0 172.16.86.0 1
  route inside 10.100.76.0 255.255.255.0 172.16.86.0 1
  route inside LAE 255.255.255.0 172.16.86.0 1
  route inside 10.100.91.0 255.255.255.0 172.16.86.0 1
  route inside 10.100.110.0 255.255.255.0 172.16.86.0 1
  route inside 10.100.111.0 255.255.255.0 172.16.86.0 1
  route inside 10.100.114.0 255.255.255.0 172.16.86.0 1
  route inside 10.200.200.0 255.255.255.0 Cisco7200 1
  route inside A-10.250.0.0 255.255.0.0 Cisco7200 1
  route inside 10.254.2.0 255.255.255.252 IPVPN-Router 1
  route inside 11.11.3.0 255.255.255.0 172.16.86.0 1
  route inside 11.11.4.0 255.255.255.0 172.16.86.0 1
  route inside 11.11.8.0 255.255.255.0 172.16.86.0 1
  route inside 11.11.9.0 255.255.255.0 172.16.86.0 1
  route inside 20.200.200.0 255.255.255.0 172.16.86.17 1
  route inside inside-network-extra-subnet 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.8.0 255.255.252.0 Cisco7200 1
  route inside 172.16.12.0 255.255.252.0 172.16.86.197 1
  route inside 172.16.24.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside NOC 255.255.252.0 172.16.87.187 1
  route inside 172.16.48.0 255.255.252.0 172.16.84.41 1
  route inside 172.16.52.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.56.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.60.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.64.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.68.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.72.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.76.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.80.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.84.185 255.255.255.255 172.16.86.217 1
  route inside CRM-SERVER1 255.255.255.255 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.88.0 255.255.252.0 Cisco7200 1
  route inside 172.16.92.0 255.255.252.0 Cisco7200 1
  route inside 172.16.96.0 255.255.252.0 172.16.87.172 1
  route inside 172.16.104.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.108.0 255.255.252.0 IPVPN-Router 1
  route inside 172.16.112.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.120.0 255.255.252.0 TFIJIG-CORE-INT-ROUTER 1
  route inside 172.16.124.0 255.255.252.0 IPVPN-Router 1
  route inside 172.16.128.0 255.255.252.0 172.16.86.185 1
  route inside 172.16.132.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.136.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.140.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.144.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.148.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.152.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.156.0 255.255.252.0 IPVPN-Router 1
  route inside 172.16.160.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.164.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.168.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.172.0 255.255.252.0 172.16.87.172 1
  route inside 172.16.180.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.184.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.188.0 255.255.252.0 172.16.86.85 1
  route inside 172.16.188.0 255.255.252.0 Cisco7200 1
  route inside 172.16.192.0 255.255.252.0 172.16.86.194 1
  route inside 172.16.200.0 255.255.252.0 172.16.87.11 1
  route inside 172.16.204.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.208.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.212.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.220.0 255.255.252.0 IPVPN-Router 1
  route inside 172.16.224.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.236.0 255.255.252.0 172.16.87.254 1
  route inside 172.16.240.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
  route inside 172.16.248.0 255.255.252.0 IPVPN-Router 1
  route inside 172.17.84.0 255.255.255.224 IPVPN-Router 1
  route inside 172.18.252.0 255.255.252.0 172.16.84.15 1
  route inside 172.20.0.0 255.255.252.0 172.16.87.11 1
  route management 172.20.1.32 255.255.255.240 10.10.200.18 1
  route inside 192.167.5.0 255.255.255.0 172.16.86.42 1
  route inside 192.168.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 192.168.1.0 255.255.255.0 HOST-172.16.84.144 1
  route inside 192.168.1.96 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
  route inside 192.168.1.128 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
  route inside 192.168.2.0 255.255.255.0 172.16.87.192 1
  route inside 192.168.5.0 255.255.255.0 HOST-172.16.84.144 1
  route inside 192.168.11.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 192.168.150.0 255.255.255.0 IPVPN-Router 1
  route inside 192.168.200.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 192.168.201.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 192.168.202.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
  route inside 192.168.210.0 255.255.255.0 Cisco7200 1
  route inside 192.168.213.0 255.255.255.0 Cisco7200 1
  route inside 192.168.254.0 255.255.255.0 fw1.outside.irc.com 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  class-map inspection_default
   match default-inspection-traffic
  class-map flow_export_class
   match access-list global_mpc
  policy-map global_policy
   class inspection_default
    inspect dns
    inspect esmtp
    inspect h323 h225
    inspect h323 ras
    inspect icmp error
    inspect ipsec-pass-thru
    inspect mgcp
    inspect rsh
    inspect sip  
    inspect skinny  
    inspect snmp
    inspect tftp
    inspect ftp strict
    inspect icmp
   class flow_export_class
    flow-export event-type all destination solarwinds-server
  policy-map type inspect dns migrated_dns_map_1
   parameters
    message-length maximum 512
  service-policy global_policy global
  smtp-server 172.16.86.16
  prompt hostname context
  Cryptochecksum:24270eebd6c941fb7b302b034e32bba1
  : end

  Hi,
  NMAP gives the report for the first firewall interface it hits. In your case you have allowed tcp any any where it allows all the ports. I have mentioned only one example.... There are many in your case....
  Also NMAP results will be effective once when you directly connect to outside interface or directly on to the outside LAN.
  Regards
  Karthik

• How to pull all Access Rules details from CSM

  Currently we having around 10 Firewalls managed by CSM, and we looking for solution to pull all Firewalls Access Rules into one file by automatically, so giving possibility to compare what rules have changed on every week and make it document to excel file ... is that possible?

  Hi,
  You can create procedure to move file from application server to oracle server.
  Code for list all files in directory
  ops$tkyte@8i> GRANT JAVAUSERPRIV to ops$tkyte
    2  /
  Grant succeeded.
  That grant must be given to the owner of the procedure..  Allows them to read
  directories.
  ops$tkyte@8i> create global temporary table DIR_LIST
    2  ( filename varchar2(255) )
    3  on commit delete rows
    4  /
  Table created.
  ops$tkyte@8i> create or replace
    2     and compile java source named "DirList"
    3  as
    4  import java.io.*;
    5  import java.sql.*;
    6 
    7  public class DirList
    8  {
    9  public static void getList(String directory)
  10                     throws SQLException
  11  {
  12      File path = new File( directory );
  13      String[] list = path.list();
  14      String element;
  15 
  16      for(int i = 0; i < list.length; i++)
  17      {
  18          element = list;
  19 #sql { INSERT INTO DIR_LIST (FILENAME)
  20 VALUES (:element) };
  21 }
  22 }
  23
  24 }
  25 /
  Java created.
  ops$tkyte@8i>
  ops$tkyte@8i> create or replace
  2 procedure get_dir_list( p_directory in varchar2 )
  3 as language java
  4 name 'DirList.getList( java.lang.String )';
  5 /
  Procedure created.
  ops$tkyte@8i>
  ops$tkyte@8i> exec get_dir_list( '/tmp' );
  PL/SQL procedure successfully completed.
  ops$tkyte@8i> select * from dir_list where rownum < 5;
  FILENAME
  data.dat
  .rpc_door
  .pcmcia
  ps_data
  http://asktom.oracle.com/pls/asktom/f?p=100:11:3597961203953876::::P11_QUESTION_ID:439619916584

• UC 9.1 Transfer Rules being Ignored

  The system is playing standard greetings only.  Even if the standard transfer rule is set to goto an extension the standard greeting will be called upon.  All of the night greetings stopped functioning in the system as well.  Only the standard greetings are being applied.  This just started happening.  Any ideas?
  Thanks,
  ~H           

  I just got off the phone with TAC on this.  A couple months ago we went from Unity to UC.  Some call handlers are set with an always closed schedule that has no time opened times selected.  TAC advised me that in UC the schedules at least need to have some times specified or UC doesn't know how to handle it and it treats it as an open schedule since no times are selected.  When testing the call handlers I was using ones that call upon the "always closed" schedule.  As a temporary solution until I root through all the call handlers I set the always closed schedule up with an open time of 11:50 - 11:55pm on Sunday night. 
  Is there anyway to do a search to see which call handlers are using a certain schedule?
  Thanks,

• CS-150-LAN extra content rule disables all access to website

  We have a CS-150-LAN Content switch with software version 6.10Build203. Yesterday for no apparent reason we lost connectivity to our website through our CSS. To get around this issue we removed all content rules except for the "everything-else" rule.
  owner http://www.acmi.net.au
  content AIC
  add service acmi-web3
  url "//www.acmi.net.au/AIC*"
  protocol tcp
  port 80
  vip address 203.14.59.174
  content everything-else
  add service acmi-web1
  vip address 203.14.59.174
  protocol tcp
  port 80
  active
  owner http://www.vceart.com
  content everything
  add service acmi-web3
  vip address 203.14.59.175
  protocol tcp
  port 80
  active
  What is happening now is that when l create an addional content rule it then times out all connections to our website http://www.acmi.net.au. If l suspend the additional rule "AIC" the website comes back online. We need these additional content rules for accessing subsites. Please help.
  Thanks

  Here are the sho service summary and show summmary outputs
  Owner Content Rules State Services Service Hits
  www.acmi.net.au AIC Suspended acmi-web3 6
  everything-else Active acmi-web1 243
  acmi-web2 340
  www.vceart.com everything Active acmi-web3 23
  sec-css-11150# sh service summary
  Service Name State Conn Weight Avg State Idx
  Load Transitions
  acmi-web1 Alive 2 1 2 2 2
  acmi-web2 Alive 9 1 23 2 3
  acmi-web3 Alive 1 1 17 2 4
  The content rule AIC is suspended because if l activate it, it then makes the website www.acmi.net.au unreachable and timesout.
  This config was working from day one with the AIC content rule and about another 9 content rules under the owner www.acmi.net.au
  If l add the url "/*" command to the content rule "everything-else this also hangs the site www.acmi.net.au

• Applying new access rules fails.

  Netware 6.5 SP6 BM 3.9
  Ok, new problem. I am trying to add some new access rules to the list in a particular container. When I have defined the rule and click apply I get the following message - Unknown system error. This doesnt happen on the other container which already has rules defined in it. Are the rules from the higher level container being propogated down the tree as I assumed they would be ?
  ---treename 2 explicit deny rules for the whole company
  ------it This container to be exempt. cant add rule to allow all.
  ------helpdesk
  ------etc
  Another aside seems to be that even though "Enforce Access Rules" is always on sometimes the rules do not work and sometimes they do.
  Any help much appreciated.

  JeffSheehan,
  It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com/ to search the knowledgebase and check the other support options available on that page under "Self Support" and "Support Programs".
  - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
  If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• [OIM 9.1.0.2] Access Policy being evaluated to an OIM user disabled.

  Hi Gurus,
  I have an Access Policy being evaluated and provisioning resource (AD) to an OIM user disabled.
  Any tip on what I should take a look?
  Thanks in advance.

  Hi all,
  I have configured out the XL.EvaluateMembershipForInactiveUser System Property as TRUE, but the membership rule does not get evaluated for disabled users. So the user still remain into the group. I have restarted the OIM.
  I need to active the Evaluate User Policies schedule task for this configuration be effective. Or should I do something more?
  Thanks a lot.

• Being ignored

  My name is David and I've been a Verizon Wireless customer for the past few years. A couple of months ago, I began having issues with a brand new jetpack device. The device was using absurd amounts of data and I had no clue why. I contacted customer service and eventually got in touch with (removed) Smith, a supervisor. We talked about three times over the phone, on separate occasions, trying to figure out what was causing the problem. We reset the device, changed the password, etc., but nothing was fixing the problem. In the meantime, I had taken multiple steps to make sure nothing was using the data on my end. I set up a metered connection, which tracked exactly how much data went through my computer and it was not even close to what the jetpack was saying, despite being the only device connected to it. Ms Smith gave me her email address to stay in closer contact with her while we were trying all of the steps to fix the issue, so I could let her know exactly what I was seeing. The email address she gave me was (removed) Our contact first started in November and she sent me the first email on 12/1/13. The device began using even more data, now at a very alarming rate. In one night, it used 12.5 GBs of data. I spoke with her again on 12/14/13 when I first noticed how much data it had been using. She eventually sent me a new device, stating that the one I had was faulty and she wanted me to let her know when I got the new one so she could monitor the activity and see if it was following the same pattern or if it was acting normal. It ended up working 100% fine and not like the faulty device I had sent back in. She had told me over the phone that she would fix all of the overage charges from when I first got the device since it was messed up. She gave me credit for the total of overage from the first 3 months with the device, but she hadn't fixed the bill that had used 55 GBs of data, which was the last cycle in which I had that particular device.
  The last time I heard from Ms. Smith was on 12/31/13 when she had told me she was going to fix the charges. In the meantime, I was left waiting to hear that the fourth and final month had been taken care of, so the $460 worth of overages was still sitting on my bill. On 12/31/13, she emailed me asking for my number to reach me on so she could call me that day. I responded with my number, but never received a call. A week later on 1/6/14, I emailed her again with my number, telling her that I wasn't sure if she had received my email or not, but I was still waiting. As of 1/21/14, I had still not received a call, so I emailed her again telling her I needed to talk to her ASAP so we could get everything resolved and I could pay my bill. I also mentioned that I needed to have my data plan changed back to normal (16 GBs) rather than the 30 GB plan because it was too much. I had been bumped up to 30 GBs during that big month of overages, to try and prevent extra charges. A little less than a week later on 1/26/14, I emailed Ms. Smith once again, telling her I was worried about my service getting cut off and I needed to speak with her ASAP. I mentioned that I did not want to have to start from scratch with someone else.
  On 2/6/14, I woke up to discover that my service had indeed been turned off. I called and spoke with someone in customer service, explaining what had been going on. I was told by that representative that her supervisor would call me between 8-10 PM that night, but in the meantime my service would be temporarily restored. I never received a call. Around 10:30, I called back to try and speak with someone else. I was put through to another representative, once again having to explain what had been going on. This representative told me that I would have to wait for a call back from his supervisor, because he would be leaving at 11:00 PM. I explained to the representative that I was already promised a call back that night and didn't receive a call, so I had to have it taken care of because my service was shut off. His supervisor took my call and told me that there wasn't much they could do, because Ms. Smith had already started my case. He said they would send her an email, telling her she needs to contact me. He told me that he would have someone from his team call me back within 24-48 hours to see if she got in touch with me and if not, I would start from scratch with them.
  In the meantime, I sent Ms. Smith an email the next day on 2/7/14, telling her my service had been shut off and I tried calling the night before to speak with someone else, but they couldn't do much for me because she had already been working with me. Again, I never did get a response.
  Monday 2/10/14 had come along and once again my service was turned back off. I never did receive a call from the supervisor I spoke with on 2/6/14, who had promised me his team would call me back no later than 48 hours. So, again, I called to try and speak with someone else. I eventually got through to another supervisor, but after I explained to him what had been going on, the call was disconnected. I waited for about 30 minutes to see if he'd call back, but he didn't. Once again, I called to try and speak with someone else. I was directed towards the financial department and I explained to them that I was just talking with someone and was disconnected, so I was hoping to get back to them. I was told that there was no way to trace me back to the man I was speaking with. I then explained to that representative what was going on and she told me that if I paid the actual monthly access portion of my outstanding bill, my service would be restored and she would promise to put a note on my account to not turn it off again, because I was working to have the charges fixed. I paid the monthly access and she then transferred me to technical support to have someone in that department help me further. I then explained my story to the technical representative and she told me that her supervisor was not on-duty at the time, but she was preparing an email to send to her and she would definitely get back to me by the end of the week. That was two weeks ago from today and I've yet to receive a call from anyone.
  Once again, I woke up today to find that my service had again been shut off. I called in and spoke with financial services and explained to them what has been going on and she said if I went ahead and paid my bill that had just come due for last month, she could turn it on. So, that's what I did, but I'm still left in the dark as for the future.
  I am so beyond frustrated with this entire situation, that I have no clue what to do. I've told this story to at least ten people and I've gotten no where. To say that I feel like I'm being ignored, is an understatement. I can send y'all the entire transcript of emails with myself and Ms. Smith, proving that I've been trying to contact her for the past month and a half. This whole situation has gone further than the simple problem of the overage charges. It has now risen to a ridiculous level that I am being ignored by what seems like the entire company as a whole. How many times do I have to call to where I can finally work with one person who will help fix the problem? How many times can one customer be told that he will be contacted and he never receives a call? At this point, I am more than prepared to go over to Sprint and cancel my service with Verizon. The $460 that I am being raked trough the coals for will be nothing compared to not having my business for years to come. I am also prepared to contact and file complaints with the FCC or BBB for the fact that I have done absolutely everything in my power, including going in to a local store, to speak with someone about my issues. Like I said, I have the emails proving that I've been ignored and I can show them to y'all or to them. I don't know what to do anymore and I'm tired of calling and starting over with a new representative then being transferred around in loops where I have to re-tell the entire story again, so this is my last resort. If I don't get help by the end of the day, I'll be somewhere else tomorrow.
  Private info removed as required by the Terms of Service.
  Message was edited by: Admin Moderator

  Hi Barry,
  I am sorry about the mix up with the order, could you send me a PM of your contact details? Please include the email address you used to contact support.

• I have replied to you three times now without reply. I DID NOT authorise a payment of £9.99 for NowTV. What is the solution to getting my money refunded. I think you assume I will go away after being Ignored. No I will not go away. I find now that you hav

  I have replied to you three times now without reply. I DID NOT authorise a payment of £9.99 for NowTV. What is the solution to getting my money refunded. I think you assume I will go away after being Ignored. No I will not go away. I find now that you have DISABLED MY APPLE ID. Is this a punishment you use to anyone who takes up a stand against charges being made unauthorised on their account?. Please tell me why you have disabled my account. When will my account be restored? If not when will you refund ALL my purchases made to APPLE/ITUNES? I can then move on to another brand and hopefully better customer service. After reading articles regarding APPLE ID DISABLED it appears common practice from your company to DISABLE anyone's account if they question unknown charges. Please reply with your intentions regarding  the unauthorised payment and the DISABLING of my account.
  David Forrester.
  Sent from my iPad
  On 18 Mar 2014, at 09:20, iTunes Store <[email protected]> wrote:
  Follow-Up: 319042795
  Hello again,
  I wanted to send a quick note to see if you are still experiencing any difficulties with the iTunes Store. Resolving your issue is important to me, so please don't hesitate to reply if you need any further assistance.
  Sincerely,
  iTunes Store Customer Support
  http://www.apple.com/support/itunes/ww/
  Dear David,
  Welcome to iTunes Store Customer support.
  I understand that you have been charged an additional 9.99 GBP for a purchase that not authorized. I know how eager you are to know more about this purchase and I am happy to look into this for you.
  David, the purchase worth 9.99 GBP was for a day pass from "NOW TV for Apple TV." To review your iTunes Store account's purchase history, please follow the steps in this article:
  iTunes Store &amp; Mac App Store: Seeing your purchase history and order numbers
  http://support.apple.com/kb/HT2727
  Please reply to this email and let me know if this purchase was unauthorized.
  Thank you for being an iTunes Store customer. Have a great day!
  Sincerely,
  iTunes Store Customer Support
  http://www.apple.com/support/itunes/ww/
  Lang_Country: en_gb
  User Storefront: UK
  Concern Type: Problem Not Listed
  Web Order #:
  Content Title: NOW TV Day Pass
  Provider Name: BSkyB
  Track IDs: []
  Purchase Date : 2014-03-16 12:33:48 Etc/GMT
  Purchase Device : Apple TV
  Comments : I am being charged for what is listed plus another _9.99 for Apple TV pass. Did not authorise this _9.99 charge and not sure what it is exactly.
  <Personal Information Edited by Host>

  This is a user-supported board. You are not addressing Apple here. Nor is it a good idea to post your private information to a public forum. You should edit your post immediately.
  Unfortunately no one here can access your support history. You must respond to the emails directly.

• RV082 Access Rules

  Good Day To All,
       We recently purchased a RV082 Firewall Router and I am having the headache of a lifetime with the access rules and port forwarding. I have read EVERY post possible and still cannot come to a conclusion of what I am doing wrong...
  First Question is the MAIL SERVER.. I could not get our email server to talk when setting this device to DMZ so for the time being I put it on LAN2 and attempted to set up an access rule Port 25 to the IP of the mail server. NO GO.. I had to port forward or it would not work.
  Now I want to deny access on port 25 over WAN1 201.X.X.108 but allow access over port 25 on WAN2 201.X.X.109 and this is where it's a NO GO. It doesnt matter what order I put the rules in, its still a no go. Furthermore if I take out the port forward 25 and put in the rules to allow ANY source to reach 25 on the mail server it ALSO does not work...
  This is what I have now and I can still access the email server on EITHER WAN address. I have tried to specifically DENY WAN1 but still no luck.
  FORWARD:
  PORT 25 to 192.168.0.221 is ENABLED
  ACCESS RULES: (in this order)
  ACTION: ALLOW
  SERVICE: SMTP:25
  SOURCE INTERFACE: WAN2
  SOURCE: ANY
  DESTINATION: 192.168.0.221
  TIME: ALWAYS
  ACTION: ALLOW
  SERVICE: SMTP:25
  SOURCE INTERFACE: LAN
  SOURCE: 192.168.0.221
  DESTINATION: ANY
  TIME: ALWAYS
  ACTION: DENY
  SERVICE: SMTP:25
  SOURCE INTERFACE: ANY
  SOURCE: ANY
  DESTINATION: ANY
  TIME: ALWAYS
  Now Second Question is pretty much the same but with SSH on port 22. I did this as a test and enabled SSH to the mail server.
  FORWARD:
  NOTHING SET
  ACTION: ALLOW
  SERVICE: SSH:22
  SOURCE INTERFACE: ANY
  SOURCE: ANY
  DESTINATION: 192.168.0.221
  TIME: ALWAYS
  Why would this not work? The ONLY was I can get an SSH:22 to work is if I port forward it and then the access rule when set to DENY ALL it still allows it on both WAN1 and WAN2...
  CONFUSED!
  HELP!
  PLEASE!
  The Screen shot was my last attempt at making SSH work...

  Esentially what I am trying to accomplish is to NOT have the port forward set. But in every case so far it seems as if the access rules DO NOT WORK at all.
  Even if I set SSH:22 to port forward and set a firewall rule to DENY ANY ANY ANY to ANY I can still SSH to the box

• RV220W - port redirection/access rules with multiple WAN IPs

  I've just installed a Cisco RV220W - which works fine for outbound traffic, however for inbound it seems unable to work with multiple WAN IPs.
  We have a block of 6 WAN IPs assigned to us by our ISP, and I want to make use of all of them to expose certain ports on our servers to the outside world.
  I've tried to do this with Access Rules (using HTTP as an example) with the following settings:
  Connection Type: Inbound (WAN (Internet) > LAN (Local Network))
  Action: Always Allow
  Service: HTTP
  Source IP: Single Address
  Start: <one of the WAN IPs>
  Send to Local Server (DNAT IP): <IP of the internal server>
  Use Other WAN (Internet) IP Address: disabled
  Rule Status: Enabled
  Yet the server/port remains inaccessible.
  I've tried:
  rebooting the server with a power off/on again
  implementing the same settings in port forwarding
  triple-checking all IP addresses being used
  The only way I've got it working is by changing the access rule so that it applies to any source address rather than one specific one...  however that's not a solution for us as we need to use specific IP addresses for specific internal servers/ports.
  The router's admin interface certainly suggests this should be possible, however making use of it seems to break all incoming access!
  Any suggestions welcome.

  You should be using "ANY" as the source IP, as you are publishing your internal server to the internet and internet means the request comes from any source IP (you don't know what it is, so it will be any.
  Basically, you want any source IP to hit one of your WAN IPs on port 80, and then your firewall will redirect that request to the internal server's private IP address on same port 80. And when the response comes back from the internal server, the firewall will already have this translate entry in it so the reverse NAT will happen (you don't need configure this, it is default firewall feature).
  I hope I have answered your question well.
  Please mark as correct if you like the response.
  Thanks

• Reporting BM 3.8 access rules

  Hi,
  An auditor has asked for a report of all our Border Manager access
  rules. Is there a tool that will do this? I've looked through NWAdmin
  and DSReport, but I didn't see a way to do this.
  We're running BM 3.5 sp5
  thanks,
  R

  Russ,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• High memory usage and error creating access rules

  Hi guys
  I'm having a problem with the memory and also trying to create some rules on the CISCO ASA. The version that I got installed was the 8.2.5.33 on a CISCO 5520 with 512 RAM, the memory usage is on 99% used, 1% free and because of that when I'm trying to create a new rule the firewall brings me the next error
  So what I did was a downgrade to the version 8.2 (4) 4 and the memory went down a little (82% used, 18% free) but I still got the error when I'm creating an access rule on the device. One thing and I'm not sure if this could affect on the performance are the number of access list and the object groups that are created.
  I already open a case with CISCO TAC and they are checking if the problem is with the memory capacity or maybe a memory leak.
  Also the doubt that I got is with the memory that I got now available should I can create access rules or 82 is still to hig to create a rule or and object group?
  Regards

  Hi,
  Can you check what is the amount of ACEs you have on the ACLs in use?
  I think if you use the command "show access-list " the first line should give you the total amount of ACEs in the ACL
  - Jouni

• /Library/Preferences/loginwindow.plist being ignored by system

  Here's one that I've not seen anyone else report.
  I've been creating a system image of OS 10.4.5 and every time I lay the image down and log in using any user account, the items entered into the global loginwindow.plist file are being ignored. To put it in basic terms, it behaves as if the system doesn't even know that it is there. None of my global login items are being launched.
  I have verified that the plist file is in the correct format, I've checked permissions, and I've even compared it to the same file in my previous system image. The previous system image never gave me this problem. I created both images from scratch using the exact same procedure, which I have documented step by step. There are only two exceptions. The second image (the one that doesn't work) was started by using the 10.4.3 install DVD, whereas the first image I used the 10.4 install DVD. Other than that, the first image was built after having been upgraded to 10.4.3 using Software Update, the second image 10.4.5 using the same method.
  Has anyone seen this before? What else can I try, here? I feel that I have exhausted all options aside from starting over from scratch and using the 10.4 install DVD instead, so any help would be greatly appreciated.

  Oops, it was permissions after all. I was accidently setting the file to 600 after laying down the image. How I could have missed that?? Oh well.

• EjbPostCreate being ignored

  I have a CMP entity bean, and I am having problems creating it:
  I get :
  cannot insert NULL into ("BEAKER"."COMPANIES"."PROFILE_ID")
  ...which means that the ejbPostCreate is being ignored and nothing is being inserted for COMPANIES and PROFILE_ID
  My ejbCreate and ejbPostCreate have identical paramater headers so I am confused why it is not being called. I am using Sun One Application Server 7 which I think could be part of the problem.
  My two methods are as follows :
  * @ejb.create-method
  public LongIdentifier ejbCreate(Profile profile,
  String name,
  Country country,
  Currency currency,
  String userName) throws javax.ejb.CreateException
  try
  setKeyValue(new Long(getSequenceGenerator().getNextCompanyId()));
  catch (SQLException e)
  throw new CreateException(e.getMessage());
  catch (NamingException e)
  throw new CreateException(e.getMessage());
  this.setName(name);
  this.setUpdatedBy(userName);
  this.setUpdatedDate(new Date());
  this.setCreatedBy(userName);
  this.setCreatedDate(new Date());
  this.setActive(true);
  // EJB 2.0 spec says return null for CMP ejbCreate methods.
  return null;
  * Set all CMR fields for the CMP bean
  * @param profile
  * @param name
  * @param country
  * @param currency
  * @throws javax.ejb.CreateException
  public void ejbPostCreate(Profile profile,
  String name,
  Country country,
  Currency currency,
  String userName) throws javax.ejb.CreateException
  //the following print statements are not showing in the log trace
  System.out.println("in ejbPostCreate");
  System.out.println("profile = " + profile.getName());
  System.out.println("country = " + country.getName());
  System.out.println("currency = " + currency.getName());
  setProfile(profile);
  setCountry(country);
  setCurrency(currency);
  //setCreatedBy(user);
  }

  First of all CMP entity bean doesn't need
  this.setName(name);
  It is just
  setName(name);
  and ofcourse need to return null.
  and I can see that you are not set the ID for the Profile_ID
  that's while it is null value. If ID is not auto increasement then you need to set the ID there..