Apple Service Toolkit Firewall Rules

Similar Messages

• Apple service toolkit 1.5.9 required

  Dear sir,
  I have lost the apple service toolkit V1.5.9 file so, i have required it.In gsx showing new version AST 1.5.10 download link, kindly requested to give the exact link for downloading it.
  I am waiting for your response as soon as .
  Thanks,
  Dipankar

  Andy,
  This is the reply I got from AST's support:
  Unfortunately AST currently does not support bonded ethernet which is why Gateway Manger is not launching. As AST shares it's configuration settings this is also why Gateway Manager on your portable did not launch. There is currently no work around besides to unbind the ethernet port or to use a separate NIC for AST/Netbooting.
  I actually have another open NIC on the server and I would go that route, except our switches don't allow any more iphelpers, which is required to netboot across subnets.  So we are out of luck.

• Help me...Apple Service Toolkit  Where can I download

  I need to Apple Service Toolkit
  But do not know where to download

  Can not meet the requirements, I am just an Apple user, has a large number of machines, each machine fault are very troublesome, so I need to repair

• Apple Service Toolkit

  Does anyone know if your school district has a GSX account can it install and run Apple Service Toolkit, or is it just for AASPs only.

  If you have a GSX account (your school is set up as an SSA then I assume?) then you should be able to install and run AST.

• Apple Service Toolkit 1.2.3 doesn't show any triage tools

  I just installed the AST 1.2.3 with OS3,OS4, and OS5 on a 10.6 server with an existing netboot image.  When I netboot, AST and my casper image both show.  When I choose AST, it boots and shows me the casper netboot image but not any of the triage tools.
  Has anyone else seen this?  Do you have any ideas how to fix it?
  Thanks!
  Mark

  Try deleting your Aperture thumbnails and rebuilding them in Aperture and see if this works
  Control + click your 'Library' Folder in Aperture and select 'Delete Previews for Library'. When that is done, Control + click again and select 'Update Previews'

• Bootable Snow Leopard alongside Apple Service Toolkit

  Hi everyone,
  I was hoping for some input on this. I'd like to have a bootable Snow Leopoard image alongside AST. Not an install image, but an image to boot to and be able to run like a locally booted OS. Is this possible, and how can I do it without screwing up AST?
  Thanks!
  Server is Snow Leopard server.

  Just an update, I was able to get an image of 10.6 booting over the network, and it seems to work great.
  The only thing is, I had booted the image on one machine to get it set up and install some programs, and then when I tried to boot it on another machine, I was brought to Snow Leopard setup, even though I had already set it up and everything. How can I get changes to "stick"? Or is that a limitation of netboot?
  In the meantime, I'm going to try it again with an image pre-setup and with apps already installed to see how that works. But in the future, I'd like to be able to add things to the image without having to prebuild it locally on a machine.
  Edit: I just realized you said initally that I need to configure a workstation just how I want it, my mistake. I'll give that a shot. So does that mean it's a limitation of netboot to not be able to add anything to the image, after it's been created?

• Appending Firewall Rules to vShield Edge with PowerCLI Script

  Hi,
  I have a script which enables us to upload 4k worth of firewall rules, but every time it executes, all existing rules are over written.
  Is this something to do with the API or just a scripting issue - if so, can anyone suggest how to append on to the existing set?
  Update:
  So obviously the following line seems to create a new instance of the firewall:
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  Because the next 3 lines after are setting the main firewall parameters again - something you wouldn't need to do if we were just adding new rules to the existing firewall.
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  Is there a way to use a PowerShell command such as add-member rather than new-object?
  param (
  [parameter(Mandatory = $true, HelpMessage="vCD Server")][alias("-server","s")][ValidateNotNullOrEmpty()][string[]]$CIServer,
  [parameter(Mandatory = $true, HelpMessage="Org")][alias("-vOrg","o")][ValidateNotNullOrEmpty()][string[]]$orgName,
  [parameter(Mandatory = $true, HelpMessage="OrgNet")][alias("-orgNet","n")][ValidateNotNullOrEmpty()][string[]]$orgNet,
  [parameter(Mandatory = $true, HelpMessage="CSV Path")][alias("-file","f")][ValidateNotNullOrEmpty()][string[]]$csvFile
  # Add in the VI Toolkit
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Core
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Cloud -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Cloud
  try {
  Connect-CIServer -Server $CIServer 2>&1 | out-null
  } catch {
  Exit
  #Search EdgeGW
  try {
    $myOrgNet = Get-Org -Name $orgName | Get-OrgNetwork -Name $orgNet
    $edgeHREF = $myOrgNet.ExtensionData.EdgeGateway.Href
    $edgeView = Search-Cloud -QueryType EdgeGateway -ErrorAction Stop | Get-CIView | where {$_.href -eq $edgeHREF}
  } catch {
  [System.Windows.Forms.MessageBox]::Show("Exception: " + $_.Exception.Message + " - Failed item:" + $_.Exception.ItemName ,"Error.",0,[System.Windows.Forms.MessageBoxIcon]::Exclamation)
    Exit
  #Item to Configure Services
  $edgeView.Configuration.EdgeGatewayServiceConfiguration
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  $fwService.FirewallRule = @()
  Ipcsv -path $csvFile |
  foreach-object
  $fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
  $rowNum = $_.Num -as [int]
  $fwService.FirewallRule[$rowNum].description = $_.Descr
  $fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
  switch ($_.Proto)
  "tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }
  "udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }
  "any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  default { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  $fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP
  if ($_.SrcPort -eq "any" ) { $srcPort = "-1" } else { $srcPort = $_.SrcPort }
  $fwService.FirewallRule[$rowNum].sourceport = $srcPort
  $fwService.FirewallRule[$rowNum].destinationip = $_.DstIP
  $fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange
  $fwService.FirewallRule[$rowNum].policy = $_.Policy
  #$fwService.FirewallRule[$rowNum].direction = $_.Direction
  #$fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)
  $fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)
  $fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)
  #configure Edge
  $edgeView.ConfigureServices($fwService)
  Thanks,
  Scott.

  Hi,
  Agree with Ed, you can publish CAS array VIP to internet, and use it to configure Federated Delegation.
  Thanks.
  Niko Cheng
  TechNet Community Support

• Where is the firewall rules file??

  I had to tweak a bunch of firewall rules following this latest Apple security update (it broke my mail services). In the log (G5 Xserve running 10.4.11), it now says
  "mail servermgrd_ipfilter:ipfw config:Error:Failure code returned by ipfw command: 64, message: Line 22: recv,xmit via require interface name or address"
  but I only have 19 rules in my "Active rules". Where would this bad "line 22" be located?
  Mike

  I'm not sure about 1.5, but normally there isn't one. The defaults are just used unless there is one.
  Look here
  http://java.sun.com/j2se/1.5.0/docs/api/javax/swing/UIManager.html

• Null Values From MS Web Services Toolkit Client

  Hi,
  I've been bashing my head against a wall on this one for too long now.
  I've got a JAX-WS web service deployed to Glassfish v2 b33 which works fine when called by a Java client. It also works fine when methods with no parameters are called from the MS client, i.e. simple and complex types are returned as they should be. However the problem I am having is that when the web service methods that take parameters are called from the MS client, the values received by the service are always null. I've montitored the service and values are being sent in the soap request, but a simple System.out.println statement in the first line of the method indicates a null value. I've captured a request from the Java client and the MS client to show the difference:
  A java request:
  <soapenv:Envelope
       xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
       xmlns:xsd="http://www.w3.org/2001/XMLSchema"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <soapenv:Header/>
      <soapenv:Body>
       <ns0:getConfig xmlns:ns0="http://ws.firestorm.alternativenetworks.com/">
               <arg0>Inbound</arg0>
       </ns0:getConfig>
      </soapenv:Body>
  </soapenv:Envelope>and a request from the web services toolkit:
  <SOAP-ENV:Envelope
       xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
       xmlns:SOAPSDK1="http://www.w3.org/2001/XMLSchema"
       xmlns:SOAPSDK2="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:SOAPSDK3="http://schemas.xmlsoap.org/soap/encoding/">
       <SOAP-ENV:Header/>
       <SOAP-ENV:Body>
             <SOAPSDK4:getConfig xmlns:SOAPSDK4="http://ws.firestorm.alternativenetworks.com/">
            <SOAPSDK4:arg0>Inbound</SOAPSDK4:arg0>
       </SOAPSDK4:getConfig>
       </SOAP-ENV:Body>
  </SOAP-ENV:Envelope>I've tried everything I can think of, including changing the style from RPC/LITERAL to DOCUMENT/LITERAL, but the Java web service just seem to like the way the SOAP message is wrapped up.
  Any help on this would be greatly appreciated.
  Cheers
  Tony

  Thanks Milan, your suggestion put me on the right track, however I've hit another snag.
  I decided the best way to solve the problem was to use the Glassfish Transformation Rules feature to take the SOAP request and transform it to a valid format before reaching the code. The XSLT file I created looks like this (I'm no XSLT guru so this will definitely need some tidying up, but for now it works): <?xml version="1.0" encoding="ISO-8859-1"?>
  <xsl:stylesheet  version="1.0"
       xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
       xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
       xmlns:SOAPSDK1="http://www.w3.org/2001/XMLSchema"
       xmlns:SOAPSDK2="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:SOAPSDK3="http://schemas.xmlsoap.org/soap/encoding/">
       <xsl:output method="xml" indent="yes"/>
       <xsl:template match="*">
            <xsl:copy><xsl:copy-of select="@*"/><xsl:apply-templates/></xsl:copy>
       </xsl:template>
       <xsl:template match="/SOAP-ENV:Envelope/SOAP-ENV:Body/*">
            <xsl:copy>
                 <xsl:copy-of select="@*"/>
                 <xsl:for-each select="*">
                      <xsl:text disable-output-escaping="yes"><arg</xsl:text>
                      <xsl:value-of select="position() - 1"/>
                      <xsl:text disable-output-escaping="yes">></xsl:text>
                      <xsl:value-of select="."/>
                      <xsl:text disable-output-escaping="yes"></arg</xsl:text>
                      <xsl:value-of select="position() - 1"/>
                      <xsl:text disable-output-escaping="yes">></xsl:text>
                 </xsl:for-each>
            </xsl:copy>
       </xsl:template>
  </xsl:stylesheet> which transforms the problem SOAP request: <SOAP-ENV:Envelope
       xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
       xmlns:SOAPSDK1="http://www.w3.org/2001/XMLSchema"
       xmlns:SOAPSDK2="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:SOAPSDK3="http://schemas.xmlsoap.org/soap/encoding/">
       <SOAP-ENV:Header/>
       <SOAP-ENV:Body>
             <SOAPSDK4:getConfig xmlns:SOAPSDK4="http://ws.firestorm.alternativenetworks.com/">
            <SOAPSDK4:arg0>Inbound</SOAPSDK4:arg0>
       </SOAPSDK4:getConfig>
       </SOAP-ENV:Body>
  </SOAP-ENV:Envelope> to the following valid format: <?xml version="1.0" encoding="utf-8"?>
  <SOAP-ENV:Envelope
       xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
       xmlns:SOAPSDK1="http://www.w3.org/2001/XMLSchema"
       xmlns:SOAPSDK2="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:SOAPSDK3="http://schemas.xmlsoap.org/soap/encoding/">
     <SOAP-ENV:Header/>
     <SOAP-ENV:Body>
        <SOAPSDK4:getConfig xmlns:SOAPSDK4="http://ws.firestorm.alternativenetworks.com/">
       <arg0>Inbound</arg0>
        </SOAPSDK4:getConfig>
     </SOAP-ENV:Body>
  </SOAP-ENV:Envelope> But when I load the .xsl file using the Transformation Rules page and call the web service using the Microsoft Web Services Toolkit, I'm getting the following exception: [#|2007-05-11T09:23:46.530+0100|INFO|sun-appserver9.1|javax.enterprise.system.tools.admin|_ThreadID=15;_ThreadName=Thread-15;com.sun.enterprise.admin.event.wsmgmt.TransformationRuleEvent -- server [1 Change(s), Id:1, ts:1178871826530];|ADM1041:Sent the event to instance:[com.sun.enterprise.admin.event.wsmgmt.TransformationRuleEvent -- server [1 Change(s), Id:1, ts:1178871826530]]|#]
  [#|2007-05-11T09:27:31.675+0100|INFO|sun-appserver9.1|javax.enterprise.system.tools.admin|_ThreadID=12;_ThreadName=httpWorkerThread-4848-0;com.sun.enterprise.admin.event.wsmgmt.TransformationRuleEvent -- server [1 Change(s), Id:2, ts:1178872051675];|ADM1041:Sent the event to instance:[com.sun.enterprise.admin.event.wsmgmt.TransformationRuleEvent -- server [1 Change(s), Id:2, ts:1178872051675]]|#]
  [#|2007-05-11T09:28:00.269+0100|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=13;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=89eadb09-2894-4ace-95f6-75043c1e6988;|
  ERROR:  ''|#]
  [#|2007-05-11T09:28:00.285+0100|WARNING|sun-appserver9.1|javax.enterprise.system.stream.err|_ThreadID=13;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=89eadb09-2894-4ace-95f6-75043c1e6988;|
  com.sun.enterprise.admin.wsmgmt.transform.TransformException: javax.xml.transform.TransformerException: java.lang.NullPointerException
       at com.sun.enterprise.admin.wsmgmt.transform.FilterChain.process(FilterChain.java:238)
       at com.sun.enterprise.admin.wsmgmt.transform.TransformFilter.process(TransformFilter.java:144)
       at com.sun.enterprise.admin.wsmgmt.filter.spi.FilterRouter.applyFilters(FilterRouter.java:69)
       at com.sun.enterprise.admin.wsmgmt.agent.GlobalMessageListenerImpl.processRequest(GlobalMessageListenerImpl.java:181)
       at com.sun.enterprise.webservice.monitoring.WebServiceEngineImpl.processRequest(WebServiceEngineImpl.java:265)
       at com.sun.enterprise.webservice.monitoring.JAXWSEndpointImpl.processRequest(JAXWSEndpointImpl.java:53)
       at com.sun.enterprise.webservice.MonitoringPipe.process(MonitoringPipe.java:127)
       at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:79)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
       at com.sun.xml.ws.api.pipe.helper.AbstractTubeImpl.process(AbstractTubeImpl.java:70)
       at com.sun.xml.ws.mex.server.MetadataServerPipe.process(MetadataServerPipe.java:97)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:191)
       at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:113)
       at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:79)
       at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:559)
       at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:518)
       at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:503)
       at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:400)
       at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:208)
       at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:374)
       at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:175)
       at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:134)
       at com.sun.enterprise.webservice.Ejb3MessageDispatcher.handlePost(Ejb3MessageDispatcher.java:100)
       at com.sun.enterprise.webservice.Ejb3MessageDispatcher.invoke(Ejb3MessageDispatcher.java:74)
       at com.sun.enterprise.webservice.EjbWebServiceServlet.dispatchToEjbEndpoint(EjbWebServiceServlet.java:187)
       at com.sun.enterprise.webservice.EjbWebServiceServlet.service(EjbWebServiceServlet.java:116)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
       at com.sun.enterprise.web.AdHocContextValve.invoke(AdHocContextValve.java:101)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
       at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:74)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:207)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:137)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:611)
       at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:564)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:558)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1067)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:249)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:618)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:549)
       at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:790)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:326)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:248)
       at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:199)
       at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:328)
       at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:252)
       at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:93)
  Caused by: javax.xml.transform.TransformerException: java.lang.NullPointerException
       at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:651)
       at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:281)
       at com.sun.enterprise.admin.wsmgmt.transform.FilterChain.process(FilterChain.java:224)
       ... 54 more
  Caused by: java.lang.NullPointerException
       at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1235)
       at com.sun.org.apache.xalan.internal.xsltc.trax.TrAXFilter.parse(TrAXFilter.java:105)
       at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transformIdentity(TransformerImpl.java:588)
       at com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:642)
       ... 56 moreCould this be a bug or am I doing something wrong?
  Cheers again,
  Tony

• SA 540 INBOUND FIREWALL RULES NOT WORKING

  Hi all,
  I am having trouble configuring the firewall for the SA 540.
  client 1 (160.222.46.154) ----- switch ------ sa 540 ------ cisco 887 W ------ client 2 (50.0.0.10).
  client 1 can ping client 2, however client 2 cannot ping client 1. The default outbound policy (allow all) is set on the sa 540, and I have tried configuring a blanket ipv4 rule on the sa 540 to allow 'all' to 'any' (for all services) related to traffic from the WAN to LAN, and visa versa. The output from the logs are as follows:
  Fri Jan 7 13:43:04 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
  Component: KERNEL
  Fri Jan 7 13:43:09 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
  Component: KERNEL
  Fri Jan 7 13:43:14 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=UDP SPT=60737 DPT=53
  Component: KERNEL
  Basically any connection identified as coming in from the WAN (i.e. IN=WAN) is dropped. I set up a new vlan on the cisco 887 W, in the 160.222.46.x address space, and connected a spare port directly to the sa 540 and had no problem testing connectivity to any device via ping. Obviously the zone communication is LAN to LAN and firewall treats the traffice differently.
  I assumed that creating an all encompassing rule to allow all trafiic, for all services, between the LAN and WAN (in both directions) would be equivalent to placing the appliance in PASS THROUGH mode? There is no securtiy set on the 887 W or the switch.
  Also is anybody could explain what 'SELF' means in the conttext IN=SELF or OUT=SELF it would be much appreciated. Firmware is latest.
  Thank you.
  Regards
  Marc

  On closer analysis and with some help from Experts Exchange it did seem non sensical to have both the IN and OUT as the WAN interface, but I had literally exhausted every avenue possible bar 1- changing the routing mode to CLASSIC and configuring a static route (which was at a higher administrative level than my RIP advertised routes) and took preferece when forwarding the packets.
  Now the SA540 firewall rules work as I would expect and I can route between all zones. To summise it appears as if the Double NAT from the router (887W) and then the SA540 was the issue, and the innability to configure any workaround in the interface of the SA54O firewall rules.
  It really makes you appreciate the power of the command line and the full scope of CIsco's command line options. Does anybody know if (and how) it would be possible to configure Double NAT on the SA540?
  Regards
  Marc

• [Solved] Windows Firewall rule that allows Windows Update

  Can anyone kindly give me a Windows Firewall rule that allows Windows Update? Assume I'm running MMC's "Windows Firewall with Advanced Security" snap-in as Administrator. Note that a "solution" that takes down the outbound firewall is
  not acceptable.
  Thank You.
  ===== Solution =====
  Suppose that, as the default, you've set the outbound firewall to block (see
  To close the outbound firewall, below). In order for Windows Update to check whether an update is available and then to download the update files, you first need an outbound firewall
  allow-rule that allows the Windows Update service to pass through the outbound firewall.
  Prerequisite: Knowledge of the Microsoft Management Console (MMC) and its "Windows Firewall with Advanced Security" plug-in.
  What you will do: You will use the "Windows Firewall with Advanced Security" MMC plug-in to create an outbound firewall rule that
  allows '%SystemRoot%\System32\svchost.exe' (the generic service driver) to pass through the outbound firewall on behalf of 'wuauserv' (the name of the specific service that performs the update).
  Warning: If you don't know what I'm writing about, get help.
  Name: Allow Windows Update (...or any name you prefer - it doesn't matter)
  Group:
  Profile: Public
  Enabled: Yes
  Action: Allow
  Program: %SystemRoot%\System32\svchost.exe
  Local Address: Any
  Remote Address: Any
  Protocol: Any
  Local Port: Any
  Remote Port: Any
  Allowed Computers: Any
  Status: OK
  Service: wuauserv
  Rule Source: Local Setting
  Interface Type: All interface types
  Excepted Computers: None
  Description:
  To open the outbound firewall:
  More accurate wording would be
  Outbound connections are allowed unless explicitly blocked by a rule.
  If you look at the standard rules you will find no block-rules. That means that nothing is blocked, everything is allowed, and the outbound firewall is wide open.
  To close the outbound firewall:
  More accurate wording would be
  Outbound connections are blocked unless explicitly allowed by a rule.
  If you look at the standard rules you will find only allow-rules that have been crafted to allow the vital Windows connections to pass through the outbound firewall. To an informed observer it's obvious that the firewall engineers crafted these
  allow-rules so that users who closed the outbound firewall wouldn't have to write them. But the firewall engineers left out Windows Update.

  Hi mark,
  Thanks for sharing, it will help other users who have similar issue.
  Regards

• Mac Mini, iTunes 7.4.2, Mac OS X 10.4.10 -- firewall rules are broken

  Last night I updated from 7.4.1 to 7.4.2. Nothing else changed on my Mac Mini (Intel Core 2 DUO) running Mac OS X 10.4.10.
  I immediately found that none of my other computers nor my Apple TV could reach my shared music library, which is hosted by the Mac Mini.
  I normally run with the firewall enabled and in fact the box is checked to allow iTunes music sharing. HOWEVER, since upgrading to iTunes 7.4.2, the firewall rule is somehow no longer sufficient.
  I had to turn off the firewall in order for my other computers and the Apple TV to be able to reach my shared library on my Mac Mini.
  Effectively, something has changed w.r.t. sharing in iTunes 7.4.2, such that the default firewall rules in Mac OS X 10.4.2 are no longer allowing clients to connect to the iTunes shared libraries.

  The 1G iPod should still work OS X 10.4.11 (Tiger).  Since the Mac still sees the iPod as an externally mounted drive, we'll take that as a good sign.
  Have you seen this article yet?
  iPod does not appear in iTunes or iPod updater in Mac OS X
  And perhaps work through all the suggestion here as well?
  iPod not recognized in iTunes and Mac desktop
  B-rock

• I have Internet access, but don't have an ability to watch videos on our new iPad2.  We are in a hotel, could it be their service or firewall issue?

  I have Internet access, but don't have an ability to watch videos on our new iPad2.  We are in a hotel, could it be their service or firewall issue?

  If you are unable to view content that has already been downloaded then you problem is within you device.  First shut it down all the way by holiding the sleep button at the top until the power off slide appears at the top of your screen. Then slide that and wait while it powers off. Give it a good 30 seconds to do this.  then power it back up. if that doesn't work, you may need to call the apple care folks. One other option is to restore it to factory settings and reload it with the updates first and then sink your media to it. You should already have it backed up to iCloud, but if not, do that first then do the restore.

• What you think about the apple service? I cant recomment APPLE!

  Hi
  One week ago i posted a negative opic in this forum about the service of apple. My topic was cleared after a few minutes. I posted the same text again and they wrote me a email that i agreed the rules of the forum. I should sent my letter to a emailadress they gave me. Now i am waiting for one week and nobody answered. But for me its natural. When i sent my Ipod to apple nobody red my letter and so my ipod wasnt repaired. I sent my Ipod 3 times to allple and its still broken...
  These are my experiences with the apple service. What are yourones?

  957/3403
  Hi guesilein,
  Sorry about your posts removals, but the thing is that this is a user-to-user forum, very rarely someone from Apple would read it.
  Be only technical here, that's all, no offense.
  About service:
  I feel your pain, the "cannot recommend Apple anymore" feeling,
  BUT,
  remember it is the same everywhere, and I think even worse elsewhere.
  When you have a problem, do not take it from the argument side: this won't work.
  If you call, pretend there are only unimportant mistakes, and people are so great nevertheless etc etc,
  then
  you get what you want very easily, replacements etc.
  Apple still the best!
  (if not as good as it used to be)
  Good luck!
  Axl

• WSUS Firewall rules do not use names nor groupnames

  Hi everyone,
  Today I've been playing around with PowerShell Workflows and the firewall cmdlets on my test environment. (Great stuff, Thanks
  Scripting Guys)
  After working out a little workflow I noticed that the firewall rules that were made by the WSUS feature installation had no Name nor DisplayGroup, only the DisplayName.
  My test environment is made up from tree Server 2012 R2 servers with a domain.
  The script I made :
  workflow Get-AllFirewalls
  Parallel{
  InlineScript{
  Get-NetFirewallRule -Enabled True -Action Allow |?{
  $_.Profile -match "Any|Domain"
  } | select Name,DisplayName,direction,DisplayGroup,
  @{n='Port';e={($_|Get-NetFirewallPortFilter).LocalPort}},
  @{n='Protocol';e={($_|Get-NetFirewallPortFilter).Protocol}},
  @{n='Program';e={($_|Get-NetFirewallApplicationFilter).Program}}
  $output = Get-AllFirewalls -PSComputerName (Get-ADComputer -Filter 'OperatingSystem -like "Windows Server*"').name
  $output |Sort-Object DisplayGroup |Format-Table PSComputerName,Name,DisplayName,Direction,Port,Protocol,Program -GroupBy DisplayGroup -AutoSize
  Now this is just for testing and I could get around the fact there are no proper names but I think it's sloppy not to fill the naming attributes.
  Am I the only one with these results or is it just WSUS?

  There are only two rules created, one for HTTP on port 8530 one for HTTPS on port 8531, and the latter isn't even used in most WSUS installations.
  There is no Group Name, because this is not a GROUP of rules, it is two individual rules. One is always enabled; the second is optionally enabled WHEN the WSUS Server is configured to use SSL, and it's enabled by an administrative script provided in the
  WSUS toolset.
  Ergo, a server administrator never has to mess with these two rules at all, so, no, I think it's insignificant that these rules may be missing a couple of generally irrelevant attributes.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.