Bypass xlate table on FWSM

Is there any way to bypass the xlate table. We have no requirement for NAT on our FWSM however every time a change is made we must clear the xlate table. I have tried using NAT exemption however entries still appear in the xlate table. Any ideas?

Hi Bro
Looks like you'll need to enable Cisco's xlate bypass feature in your FWSM. Please click on this URL for further details https://supportforums.cisco.com/thread/2164524

Similar Messages

  • FWSM can not show sessions in xlate between two specific vlans

    Dear Experts ,
    I have FWSM running version 3.2(23) , configured with interface vlans , all having the same security level , except outside interface vlan which has security level 0 , also same-security-traffic permit inter-interface and same-security-traffic permit intra-interface are configured, my problem is when establishing sessions (I tried TCP only using ssh and telnet , in addition of ping ) from one specific vlan (172.16.1.0/28)  to other vlan (172.16.1.16/28) , I can not see the established sessions  in "show xlate debug" output ! although I can see these sessions from capture !  the two subnets are separate , two different /28.
    I can see the session established from the remaining interface vlans with same security level toward  172.16.1.16/28 , my question is what is the exception with vlan having this subnet172.16.1.0/28, how it can reach other vlan with subnnet 172.16.1.16/28 without showing anything in xlate table ? do you thing it is bug ? please advise
    Regards

    Red1,
    Need to make sure the packets are arriving on the correct interface.  Need to grab captures and the debug level syslogs at the same time. Hope you are not running into the xlate limitation of the module.
    Pls. check the limitation link here:
    http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1056716
    -Kureli
    https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
    Upcoming Live Webcast in English: January 15, 2013
    Troubleshooting ASA and Firewall Service Modules
    Register today: http://tools.cisco.com/squish/42F25

  • FWSM with contexts - Broadcast storm impact CPU

    Hi,
    we have a FWSM (4.1(5)) configured with several contexts.
    Last day we had a broadcast storm in one VLAN connected to one FWSM context and all contexts were impacted with loss of service.
    We could check that CPU in impacted context went to 50 - 60 % but in fact service allocated in other contexts were impacted.
    We have Resource Class implemented, but there is nothing about CPU usage (only connections, xlates, .... ).
    Any idea about how to protect contexts against a broadcast storm or high CPU usage in one context ?
    Thanks a lot
    Felipe

    Hi Felipe,
    Unfortunately, the FWSM's CPU is not virtualized across contexts like the conn tables, xlate tables, etc are. High CPU caused by traffic in one context will indeed affect traffic on other contexts on the same physical firewall, which is a limitation of the architecture.
    -Mike

  • How to select the data efficiently from the table

    hi every one,
      i need some help in selecting data from FAGLFLEXA table.i have to select many amounts from different group of G/L accounts
    (groups are predefined here  which contains a set of g/L account no.).
    if i select every time for each group then it will be a performance issue, in order to avoid it what should i do, can any one suggest me a method or a smaple query so that i can perform the task efficiently.

    Hi ,
    1.select and keep the data in internal table
    2.avoid select inside loop ..endloop.
    3.try to use for all entries
    check the below details
    Hi Praveen,
    Performance Notes
    1.Keep the Result Set Small
    You should aim to keep the result set small. This reduces both the amount of memory used in the database system and the network load when transferring data to the application server. To reduce the size of your result sets, use the WHERE and HAVING clauses.
    Using the WHERE Clause
    Whenever you access a database table, you should use a WHERE clause in the corresponding Open SQL statement. Even if a program containing a SELECT statement with no WHERE clause performs well in tests, it may slow down rapidly in your production system, where the data volume increases daily. You should only dispense with the WHERE clause in exceptional cases where you really need the entire contents of the database table every time the statement is executed.
    When you use the WHERE clause, the database system optimizes the access and only transfers the required data. You should never transfer unwanted data to the application server and then filter it using ABAP statements.
    Using the HAVING Clause
    After selecting the required lines in the WHERE clause, the system then processes the GROUP BY clause, if one exists, and summarizes the database lines selected. The HAVING clause allows you to restrict the grouped lines, and in particular, the aggregate expressions, by applying further conditions.
    Effect
    If you use the WHERE and HAVING clauses correctly:
    • There are no more physical I/Os in the database than necessary
    • No unwanted data is stored in the database cache (it could otherwise displace data that is actually required)
    • The CPU usage of the database host is minimize
    • The network load is reduced, since only the data that is required by the application is transferred to the application server.
    Minimize the Amount of Data Transferred
    Data is transferred between the database system and the application server in blocks. Each block is up to 32 KB in size (the precise size depends on your network communication hardware). Administration information is transported in the blocks as well as the data.
    To minimize the network load, you should transfer as few blocks as possible. Open SQL allows you to do this as follows:
    Restrict the Number of Lines
    If you only want to read a certain number of lines in a SELECT statement, use the UP TO <n> ROWS addition in the FROM clause. This tells the database system only to transfer <n> lines back to the application server. This is more efficient than transferring more lines than necessary back to the application server and then discarding them in your ABAP program.
    If you expect your WHERE clause to return a large number of duplicate entries, you can use the DISTINCT addition in the SELECT clause.
    Restrict the Number of Columns
    You should only read the columns from a database table that you actually need in the program. To do this, list the columns in the SELECT clause. Note here that the INTO CORRESPONDING FIELDS addition in the INTO clause is only efficient with large volumes of data, otherwise the runtime required to compare the names is too great. For small amounts of data, use a list of variables in the INTO clause.
    Do not use * to select all columns unless you really need them. However, if you list individual columns, you may have to adjust the program if the structure of the database table is changed in the ABAP Dictionary. If you specify the database table dynamically, you must always read all of its columns.
    Use Aggregate Functions
    If you only want to use data for calculations, it is often more efficient to use the aggregate functions of the SELECT clause than to read the individual entries from the database and perform the calculations in the ABAP program.
    Aggregate functions allow you to find out the number of values and find the sum, average, minimum, and maximum values.
    Following an aggregate expression, only its result is transferred from the database.
    Data Transfer when Changing Table Lines
    When you use the UPDATE statement to change lines in the table, you should use the WHERE clause to specify the relevant lines, and then SET statements to change only the required columns.
    When you use a work area to overwrite table lines, too much data is often transferred. Furthermore, this method requires an extra SELECT statement to fill the work area. Minimize the Number of Data Transfers
    In every Open SQL statement, data is transferred between the application server and the database system. Furthermore, the database system has to construct or reopen the appropriate administration data for each database access. You can therefore minimize the load on the network and the database system by minimizing the number of times you access the database.
    Multiple Operations Instead of Single Operations
    When you change data using INSERT, UPDATE, and DELETE, use internal tables instead of single entries. If you read data using SELECT, it is worth using multiple operations if you want to process the data more than once, other wise, a simple select loop is more efficient.
    Avoid Repeated Access
    As a rule you should read a given set of data once only in your program, and using a single access. Avoid accessing the same data more than once (for example, SELECT before an UPDATE).
    Avoid Nested SELECT Loops
    A simple SELECT loop is a single database access whose result is passed to the ABAP program line by line. Nested SELECT loops mean that the number of accesses in the inner loop is multiplied by the number of accesses in the outer loop. You should therefore only use nested SELECT loops if the selection in the outer loop contains very few lines.
    However, using combinations of data from different database tables is more the rule than the exception in the relational data model. You can use the following techniques to avoid nested SELECT statements:
    ABAP Dictionary Views
    You can define joins between database tables statically and systemwide as views in the ABAP Dictionary. ABAP Dictionary views can be used by all ABAP programs. One of their advantages is that fields that are common to both tables (join fields) are only transferred once from the database to the application server.
    Views in the ABAP Dictionary are implemented as inner joins. If the inner table contains no lines that correspond to lines in the outer table, no data is transferred. This is not always the desired result. For example, when you read data from a text table, you want to include lines in the selection even if the corresponding text does not exist in the required language. If you want to include all of the data from the outer table, you can program a left outer join in ABAP.
    The links between the tables in the view are created and optimized by the database system. Like database tables, you can buffer views on the application server. The same buffering rules apply to views as to tables. In other words, it is most appropriate for views that you use mostly to read data. This reduces the network load and the amount of physical I/O in the database.
    Joins in the FROM Clause
    You can read data from more than one database table in a single SELECT statement by using inner or left outer joins in the FROM clause.
    The disadvantage of using joins is that redundant data is read from the hierarchically-superior table if there is a 1:N relationship between the outer and inner tables. This can considerably increase the amount of data transferred from the database to the application server. Therefore, when you program a join, you should ensure that the SELECT clause contains a list of only the columns that you really need. Furthermore, joins bypass the table buffer and read directly from the database. For this reason, you should use an ABAP Dictionary view instead of a join if you only want to read the data.
    The runtime of a join statement is heavily dependent on the database optimizer, especially when it contains more than two database tables. However, joins are nearly always quicker than using nested SELECT statements.
    Subqueries in the WHERE and HAVING Clauses
    Another way of accessing more than one database table in the same Open SQL statement is to use subqueries in the WHERE or HAVING clause. The data from a subquery is not transferred to the application server. Instead, it is used to evaluate conditions in the database system. This is a simple and effective way of programming complex database operations.
    Using Internal Tables
    It is also possible to avoid nested SELECT loops by placing the selection from the outer loop in an internal table and then running the inner selection once only using the FOR ALL ENTRIES addition. This technique stems from the time before joins were allowed in the FROM clause. On the other hand, it does prevent redundant data from being transferred from the database.
    Using a Cursor to Read Data
    A further method is to decouple the INTO clause from the SELECT statement by opening a cursor using OPEN CURSOR and reading data line by line using FETCH NEXT CURSOR. You must open a new cursor for each nested loop. In this case, you must ensure yourself that the correct lines are read from the database tables in the correct order. This usually requires a foreign key relationship between the database tables, and that they are sorted by the foreign key. Minimize the Search Overhead
    You minimize the size of the result set by using the WHERE and HAVING clauses. To increase the efficiency of these clauses, you should formulate them to fit with the database table indexes.
    Database Indexes
    Indexes speed up data selection from the database. They consist of selected fields of a table, of which a copy is then made in sorted order. If you specify the index fields correctly in a condition in the WHERE or HAVING clause, the system only searches part of the index (index range scan).
    The primary index is always created automatically in the R/3 System. It consists of the primary key fields of the database table. This means that for each combination of fields in the index, there is a maximum of one line in the table. This kind of index is also known as UNIQUE.
    If you cannot use the primary index to determine the result set because, for example, none of the primary index fields occur in the WHERE or HAVING clause, the system searches through the entire table (full table scan). For this case, you can create secondary indexes, which can restrict the number of table entries searched to form the result set.
    You specify the fields of secondary indexes using the ABAP Dictionary. You can also determine whether the index is unique or not. However, you should not create secondary indexes to cover all possible combinations of fields.
    Only create one if you select data by fields that are not contained in another index, and the performance is very poor. Furthermore, you should only create secondary indexes for database tables from which you mainly read, since indexes have to be updated each time the database table is changed. As a rule, secondary indexes should not contain more than four fields, and you should not have more than five indexes for a single database table.
    If a table has more than five indexes, you run the risk of the optimizer choosing the wrong one for a particular operation. For this reason, you should avoid indexes with overlapping contents.
    Secondary indexes should contain columns that you use frequently in a selection, and that are as highly selective as possible. The fewer table entries that can be selected by a certain column, the higher that column’s selectivity. Place the most selective fields at the beginning of the index. Your secondary index should be so selective that each index entry corresponds to at most five percent of the table entries. If this is not the case, it is not worth creating the index. You should also avoid creating indexes for fields that are not always filled, where their value is initial for most entries in the table.
    If all of the columns in the SELECT clause are contained in the index, the system does not have to search the actual table data after reading from the index. If you have a SELECT clause with very few columns, you can improve performance dramatically by including these columns in a secondary index.
    Formulating Conditions for Indexes
    You should bear in mind the following when formulating conditions for the WHERE and HAVING clauses so that the system can use a database index and does not have to use a full table scan.
    Check for Equality and Link Using AND
    The database index search is particularly efficient if you check all index fields for equality (= or EQ) and link the expressions using AND.
    Use Positive Conditions
    The database system only supports queries that describe the result in positive terms, for example, EQ or LIKE. It does not support negative expressions like NE or NOT LIKE.
    If possible, avoid using the NOT operator in the WHERE clause, because it is not supported by database indexes; invert the logical expression instead.
    Using OR
    The optimizer usually stops working when an OR expression occurs in the condition. This means that the columns checked using OR are not included in the index search. An exception to this are OR expressions at the outside of conditions. You should try to reformulate conditions that apply OR expressions to columns relevant to the index, for example, into an IN condition.
    Using Part of the Index
    If you construct an index from several columns, the system can still use it even if you only specify a few of the columns in a condition. However, in this case, the sequence of the columns in the index is important. A column can only be used in the index search if all of the columns before it in the index definition have also been specified in the condition.
    Checking for Null Values
    The IS NULL condition can cause problems with indexes. Some database systems do not store null values in the index structure. Consequently, this field cannot be used in the index.
    Avoid Complex Conditions
    Avoid complex conditions, since the statements have to be broken down into their individual components by the database system.
    Reduce the Database Load
    Unlike application servers and presentation servers, there is only one database server in your system. You should therefore aim to reduce the database load as much as possible. You can use the following methods:
    Buffer Tables on the Application Server
    You can considerably reduce the time required to access data by buffering it in the application server table buffer. Reading a single entry from table T001 can take between 8 and 600 milliseconds, while reading it from the table buffer takes 0.2 - 1 milliseconds.
    Whether a table can be buffered or not depends its technical attributes in the ABAP Dictionary. There are three buffering types:
    • Resident buffering (100%) The first time the table is accessed, its entire contents are loaded in the table buffer.
    • Generic buffering In this case, you need to specify a generic key (some of the key fields) in the technical settings of the table in the ABAP Dictionary. The table contents are then divided into generic areas. When you access data with one of the generic keys, the whole generic area is loaded into the table buffer. Client-specific tables are often buffered generically by client.
    • Partial buffering (single entry) Only single entries are read from the database and stored in the table buffer.
    When you read from buffered tables, the following happens:
    1. An ABAP program requests data from a buffered table.
    2. The ABAP processor interprets the Open SQL statement. If the table is defined as a buffered table in the ABAP Dictionary, the ABAP processor checks in the local buffer on the application server to see if the table (or part of it) has already been buffered.
    3. If the table has not yet been buffered, the request is passed on to the database. If the data exists in the buffer, it is sent to the program.
    4. The database server passes the data to the application server, which places it in the table buffer.
    5. The data is passed to the program.
    When you change a buffered table, the following happens:
    1. The database table is changed and the buffer on the application server is updated. The database interface logs the update statement in the table DDLOG. If the system has more than one application server, the buffer on the other servers is not updated at once.
    2. All application servers periodically read the contents of table DDLOG, and delete the corresponding contents from their buffers where necessary. The granularity depends on the buffering type. The table buffers in a distributed system are generally synchronized every 60 seconds (parameter: rsdisp/bufreftime).
    3. Within this period, users on non-synchronized application servers will read old data. The data is not recognized as obsolete until the next buffer synchronization. The next time it is accessed, it is re-read from the database.
    You should buffer the following types of tables:
    • Tables that are read very frequently
    • Tables that are changed very infrequently
    • Relatively small tables (few lines, few columns, or short columns)
    • Tables where delayed update is acceptable.
    Once you have buffered a table, take care not to use any Open SQL statements that bypass the buffer.
    The SELECT statement bypasses the buffer when you use any of the following:
    • The BYPASSING BUFFER addition in the FROM clause
    • The DISTINCT addition in the SELECT clause
    • Aggregate expressions in the SELECT clause
    • Joins in the FROM clause
    • The IS NULL condition in the WHERE clause
    • Subqueries in the WHERE clause
    • The ORDER BY clause
    • The GROUP BY clause
    • The FOR UPDATE addition
    Furthermore, all Native SQL statements bypass the buffer.
    Avoid Reading Data Repeatedly
    If you avoid reading the same data repeatedly, you both reduce the number of database accesses and reduce the load on the database. Furthermore, a "dirty read" may occur with database tables other than Oracle. This means that the second time you read data from a database table, it may be different from the data read the first time. To ensure that the data in your program is consistent, you should read it once only and then store it in an internal table.
    Sort Data in Your ABAP Programs
    The ORDER BY clause in the SELECT statement is not necessarily optimized by the database system or executed with the correct index. This can result in increased runtime costs. You should only use ORDER BY if the database sort uses the same index with which the table is read. To find out which index the system uses, use SQL Trace in the ABAP Workbench Performance Trace. If the indexes are not the same, it is more efficient to read the data into an internal table or extract and sort it in the ABAP program using the SORT statement.
    Use Logical Databases
    SAP supplies logical databases for all applications. A logical database is an ABAP program that decouples Open SQL statements from application programs. They are optimized for the best possible database performance. However, it is important that you use the right logical database. The hierarchy of the data you want to read must reflect the structure of the logical database, otherwise, they can have a negative effect on performance. For example, if you want to read data from a table right at the bottom of the hierarchy of the logical database, it has to read at least the key fields of all tables above it in the hierarchy. In this case, it is more efficient to use a SELECT statement.
    Work Processes
    Work processes execute the individual dialog steps in R/3 applications. The next two sections describe firstly the structure of a work process, and secondly the different types of work process in the R/3 System.
    Structure of a Work Process
    Work processes execute the dialog steps of application programs. They are components of an application server. The following diagram shows the components of a work process:
    Each work process contains two software processors and a database interface.
    Screen Processor
    In R/3 application programming, there is a difference between user interaction and processing logic. From a programming point of view, user interaction is controlled by screens. As well as the actual input mask, a screen also consists of flow logic. The screen flow logic controls a large part of the user interaction. The R/3 Basis system contains a special language for programming screen flow logic. The screen processor executes the screen flow logic. Via the dispatcher, it takes over the responsibility for communication between the work process and the SAPgui, calls modules in the flow logic, and ensures that the field contents are transferred from the screen to the flow logic.
    ABAP Processor
    The actual processing logic of an application program is written in ABAP - SAP’s own programming language. The ABAP processor executes the processing logic of the application program, and communicates with the database interface. The screen processor tells the ABAP processor which module of the screen flow logic should be processed next. The following screen illustrates the interaction between the screen and the ABAP processors when an application program is running.
    Database Interface
    The database interface provides the following services:
    • Establishing and terminating connections between the work process and the database.
    • Access to database tables
    • Access to R/3 Repository objects (ABAP programs, screens and so on)
    • Access to catalog information (ABAP Dictionary)
    • Controlling transactions (commit and rollback handling)
    • Table buffer administration on the application server.
    The following diagram shows the individual components of the database interface:
    The diagram shows that there are two different ways of accessing databases: Open SQL and Native SQL.
    Open SQL statements are a subset of Standard SQL that is fully integrated in ABAP. They allow you to access data irrespective of the database system that the R/3 installation is using. Open SQL consists of the Data Manipulation Language (DML) part of Standard SQL; in other words, it allows you to read (SELECT) and change (INSERT, UPDATE, DELETE) data. The tasks of the Data Definition Language (DDL) and Data Control Language (DCL) parts of Standard SQL are performed in the R/3 System by the ABAP Dictionary and the authorization system. These provide a unified range of functions, irrespective of database, and also contain functions beyond those offered by the various database systems.
    Open SQL also goes beyond Standard SQL to provide statements that, in conjunction with other ABAP constructions, can simplify or speed up database access. It also allows you to buffer certain tables on the application server, saving excessive database access. In this case, the database interface is responsible for comparing the buffer with the database. Buffers are partly stored in the working memory of the current work process, and partly in the shared memory for all work processes on an application server. Where an R/3 System is distributed across more than one application server, the data in the various buffers is synchronized at set intervals by the buffer management. When buffering the database, you must remember that data in the buffer is not always up to date. For this reason, you should only use the buffer for data which does not often change.
    Native SQL is only loosely integrated into ABAP, and allows access to all of the functions contained in the programming interface of the respective database system. Unlike Open SQL statements, Native SQL statements are not checked and converted, but instead are sent directly to the database system. Programs that use Native SQL are specific to the database system for which they were written. R/3 applications contain as little Native SQL as possible. In fact, it is only used in a few Basis components (for example, to create or change table definitions in the ABAP Dictionary).
    The database-dependent layer in the diagram serves to hide the differences between database systems from the rest of the database interface. You choose the appropriate layer when you install the Basis system. Thanks to the standardization of SQL, the differences in the syntax of statements are very slight. However, the semantics and behavior of the statements have not been fully standardized, and the differences in these areas can be greater. When you use Native SQL, the function of the database-dependent layer is minimal.
    Types of Work Process
    Although all work processes contain the components described above, they can still be divided into different types. The type of a work process determines the kind of task for which it is responsible in the application server. It does not specify a particular set of technical attributes. The individual tasks are distributed to the work processes by the dispatcher.
    Before you start your R/3 System, you determine how many work processes it will have, and what their types will be. The dispatcher starts the work processes and only assigns them tasks that correspond to their type. This means that you can distribute work process types to optimize the use of the resources on your application servers.
    The following diagram shows again the structure of an application server, but this time, includes the various possible work process types:
    The various work processes are described briefly below. Other parts of this documentation describe the individual components of the application server and the R/3 System in more detail.
    Dialog Work Process
    Dialog work processes deal with requests from an active user to execute dialog steps.
    Update Work Process
    Update work processes execute database update requests. Update requests are part of an SAP LUW that bundle the database operations resulting from the dialog in a database LUW for processing in the background.
    Background Work Process
    Background work processes process programs that can be executed without user interaction (background jobs).
    Enqueue Work Process
    The enqueue work process administers a lock table in the shared memory area. The lock table contains the logical database locks for the R/3 System and is an important part of the SAP LUW concept. In an R/3 System, you may only have one lock table. You may therefore also only have one application server with enqueue work processes.
    Spool Work Process
    The spool work process passes sequential datasets to a printer or to optical archiving. Each application server may contain several spool work process.
    The services offered by an application server are determined by the types of its work processes. One application server may, of course, have more than one function. For example, it may be both a dialog server and the enqueue server, if it has several dialog work processes and an enqueue work process.
    You can use the system administration functions to switch a work process between dialog and background modes while the system is still running. This allows you, for example, to switch an R/3 System between day and night operation, where you have more dialog than background work processes during the day, and the other way around during the night.
    ABAP Application Server
    R/3 programs run on application servers. They are an important component of the R/3 System. The following sections describe application servers in more detail.
    Structure of an ABAP Application Server
    The application layer of an R/3 System is made up of the application servers and the message server. Application programs in an R/3 System are run on application servers. The application servers communicate with the presentation components, the database, and also with each other, using the message server.
    The following diagram shows the structure of an application server:
    The individual components are:
    Work Processes
    An application server contains work processes, which are components that can run an application. Work processes are components that are able to execute an application (that is, one dialog step each). Each work process is linked to a memory area containing the context of the application being run. The context contains the current data for the application program. This needs to be available in each dialog step. Further information about the different types of work process is contained later on in this documentation.
    Dispatcher
    Each application server contains a dispatcher. The dispatcher is the link between the work processes and the users logged onto the application server. Its task is to receive requests for dialog steps from the SAP GUI and direct them to a free work process. In the same way, it directs screen output resulting from the dialog step back to the appropriate user.
    Gateway
    Each application server contains a gateway. This is the interface for the R/3 communication protocols (RFC, CPI/C). It can communicate with other application servers in the same R/3 System, with other R/3 Systems, with R/2 Systems, or with non-SAP systems.
    The application server structure as described here aids the performance and scalability of the entire R/3 System. The fixed number of work processes and dispatching of dialog steps leads to optimal memory use, since it means that certain components and the memory areas of a work process are application-independent and reusable. The fact that the individual work processes work independently makes them suitable for a multi-processor architecture. The methods used in the dispatcher to distribute tasks to work processes are discussed more closely in the section Dispatching Dialog Steps.
    Shared Memory
    All of the work processes on an application server use a common main memory area called shared memory to save contexts or to buffer constant data locally.
    The resources that all work processes use (such as programs and table contents) are contained in shared memory. Memory management in the R/3 System ensures that the work processes always address the correct context, that is the data relevant to the current state of the program that is running. A mapping process projects the required context for a dialog step from shared memory into the address of the relevant work process. This reduces the actual copying to a minimum.
    Local buffering of data in the shared memory of the application server reduces the number of database reads required. This reduces access times for application programs considerably. For optimal use of the buffer, you can concentrate individual applications (financial accounting, logistics, human resources) into separate application server groups.
    Database Connection
    When you start up an R/3 System, each application server registers its work processes with the database layer, and receives a single dedicated channel for each. While the system is running, each work process is a user (client) of the database system (server). You cannot change the work process registration while the system is running. Neither can you reassign a database channel from one work process to another. For this reason, a work process can only make database changes within a single database logical unit of work (LUW). A database LUW is an inseparable sequence of database operations. This has important consequences for the programming model explained below.
    Dispatching Dialog Steps
    The number of users logged onto an application server is often many times greater than the number of available work processes. Furthermore, it is not restricted by the R/3 system architecture. Furthermore, each user can run several applications at once. The dispatcher has the important task of distributing all dialog steps among the work processes on the application server.
    The following diagram is an example of how this might happen:
    1. The dispatcher receives the request to execute a dialog step from user 1 and directs it to work process 1, which happens to be free. The work process addresses the context of the application program (in shared memory) and executes the dialog step. It then becomes free again.
    2. The dispatcher receives the request to execute a dialog step from user 2 and directs it to work process 1, which is now free again. The work process executes the dialog step as in step 1.
    3. While work process 1 is still working, the dispatcher receives a further request from user 1 and directs it to work process 2, which is free.
    4. After work processes 1 and 2 have finished processing their dialog steps, the dispatcher receives another request from user 1 and directs it to work process 1, which is free again.
    5. While work process 1 is still working, the dispatcher receives a further request from user 2 and directs it to work process 2, which is free.
    From this example, we can see that:
    • A dialog step from a program is assigned to a single work process for execution.
    • The individual dialog steps of a program can be executed on different work processes, and the program context must be addressed for each new work process.
    • A work process can execute dialog steps of different programs from different users.
    The example does not show that the dispatcher tries to distribute the requests to the work processes such that the same work process is used as often as possible for the successive dialog steps in an application. This is useful, since it saves the program context having to be addressed each time a dialog step is executed.
    Dispatching and the Programming Model
    The separation of application and presentation layer made it necessary to split up application programs into dialog steps. This, and the fact that dialog steps are dispatched to individual work processes, has had important consequences for the programming model.
    As mentioned above, a work process can only make database changes within a single database logical unit of work (LUW). A database LUW is an inseparable sequence of database operations. The contents of the database must be consistent at its beginning and end. The beginning and end of a database LUW are defined by a commit command to the database system (database commit). During a database LUW, that is, between two database commits, the database system itself ensures consistency within the database. In other words, it takes over tasks such as locking database entries while they are being edited, or restoring the old data (rollback) if a step terminates in an error.
    A typical SAP application program extends over several screens and the corresponding dialog steps. The user requests database changes on the individual screens that should lead to the database being consistent once the screens have all been processed. However, the individual dialog steps run on different work processes, and a single work process can process dialog steps from other applications. It is clear that two or more independent applications whose dialog steps happen to be processed on the same work process cannot be allowed to work with the same database LUW.
    Consequently, a work process must open a separate database LUW for each dialog step. The work process sends a commit command (database commit) to the database at the end of each dialog step in which it makes database changes. These commit commands are called implicit database commits, since they are not explicitly written into the application program.
    These implicit database commits mean that a database LUW can be kept open for a maximum of one dialog step. This leads to a considerable reduction in database load, serialization, and deadlocks, and enables a large number of users to use the same system.
    However, the question now arises of how this method (1 dialog step = 1 database LUW) can be reconciled with the demand to make commits and rollbacks dependent on the logical flow of the application program instead of the technical distribution of dialog steps. Database update requests that depend on one another form logical units in the program that extend over more than one dialog step. The database changes associated with these logical units must be executed together and must also be able to be undone together.
    The SAP programming model contains a series of bundling techniques that allow you to group database updates together in logical units. The section of an R/3 application program that bundles a set of logically-associated database operations is called an SAP LUW. Unlike a database LUW, a SAP LUW includes all of the dialog steps in a logical unit, including the database update.
    Happy Reading...
    shibu

  • Xlat description in a query

    Hi all,
    I am having problems with a query which has some translate values. It works perfectly, but when I change the xlat properties to show the descriptions instead of the xlat code, then the query stop working, it just not returns any result or logouts me from PS.
    Tools version is 8.51
    Does anybody have any idea about this error?
    Thanks in advance!

    Hi,
    Is your environment set up as multi language?
    If so try running the query while logging in with the base language.
    If so, check the XLAT and language related XLAT table if they are in sync and for missing values

  • Weird Xlate working - Xlate ip pool was xlated again on ASASM

    Hi Experts.
    Our customer has ASASM for their security.
    Their firewall mode is a transparent mode as below.
    Vlan 12 ---------- Bvi------------Vlan 112
    From logs, after customer source IP xlated , It also seemed to be xlated again.
    This issue occurred during a taking several min, after that this didn't occurred again.
    Could you give me an idea regarding this issue?
    1. Problem Description
        - Customer checked lots of xlate table increasing on their ASASM
       -  Xlate syslogs seemed to be weird because that’s source IPs were same with their PAT ip pool.
    2.  Log Information
    Sep 09 2014 14:06:46: %ASA-6-302013: Built outbound TCP connection 737959709 for outside:210.118.50.17/1720 (210.118.50.17/1720) to inside:203.244.219.17/62657 (203.244.219.4/62657)
    Sep 09 2014 14:06:46: %ASA-6-302013: Built outbound TCP connection 737959710 for outside:210.118.50.23/1720 (210.118.50.23/1720) to inside:203.244.219.17/12630 (203.244.219.4/12630)
    Sep 09 2014 14:06:46: %ASA-6-302013: Built outbound TCP connection 737959711 for outside:210.118.50.25/1720 (210.118.50.25/1720) to inside:203.244.219.57/17964 (203.244.219.17/7976)
    object network 203.244.219.1-249
    range 203.244.219.1 203.244.219.249
    object network 203.244.219.250
    host 203.244.219.250
    object network 203.244.219.251
    host 203.244.219.251
    object network 203.244.219.252
    host 203.244.219.252
    object-group network global1
    network-object object 203.244.219.1-249
    network-object object 203.244.219.250
    network-object object 203.244.219.251
    network-object object 203.244.219.252
    nat (inside,outside) source dynamic any pat-pool global1
    3. System Information
      ASA Version 9.0(2)241

    Darren,
    There are multiple problems affecting your ASA release that could cuase this including:
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtf14727
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtd36473
    I would suggest upgrade to 8.2.5 (or latest CCO interim of 8.2.5) .
    Marcin

  • ACE bridge mode , FWSM routed mode

    i have the following senario:
    MSFC ---vlan 777----FWSM----vlan160---ACE----VLAN180
    FWSM is working in routed mode and vlan 777 is shared between the MSFC and FWSM
    ACE is working in bridged mode and vlan 160 is shared between the FWSM and ACE
    vlan 180 is the server side vlan
    i want he FWSM ip address to be the Server gateway while ACE module in
    bridge mode
    i create bvi interface but i can't ping from ACE to FWSM or from FWSM to
    ACE
    if i change ACE to routed mode , i can ping to FWSM
    any body can help me in this issue?

    The config looks good.
    I would look at the arp table on FWSM and ACE when the ping fails and also capture a sniffer trace of ACE tengig interface and see if the ping request goes out - on which vlan - and if we get a response.
    Is evertyhing else working ?
    Like ping through the ACE module ?
    Your config does not show a 'no shutdown' on the vlan interface, but I assume you fixed that already.
    Gilles.

  • ASA %ASA-3-210007: LU allocate xlate failed

    I have a client that keeps receiving the following syslog error:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman","serif";}
    ASA %ASA-3-210007: LU allocate xlate failed
    It has been identified in bug report:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman","serif";}
    CSCsi65122 (http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi65122)
    This bug report states the following:
    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Table Normal";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-priority:99;
    mso-style-parent:"";
    mso-padding-alt:0in 5.4pt 0in 5.4pt;
    mso-para-margin:0in;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman","serif";}
    Overlapping static with NAT exemption causes xlate errors on standby
    Symptom:
    "%ASA-3-210007: LU allocate xlate failed" appearing on standby unit
    Conditions:
    - Stateful failover enabled.
    - Overlap between a static NAT rule and the NAT exemption.
    -the "alias" command is used to rewrite destination ip address
    Workaround:
    in the nat exemption access-list deny specifically the traffic matching the source of the traffic with destination the alias'd ip address.
    I looked at this bug report and it says the error was first found in 7.0/7.2.  However, the client is running 8.4(1) on the ASA's.  When this problem initially came to light, my co-worker found this bug report:
    CSCth74844
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCth74844&from=summary
    This made sense since at the time they were running 8.32 and upgrading to a newer code seemed to be how to fix it according to this article:
    http://www.techbloc.net/archives/31
    However, even after the upgrade to 8.4(1), the problem still exists.  Do we need to roll them back to the unreleased code that the above article mentions?  Or should this problem have been fixed in the 8.4(1) release?
    TIA for any ideas/suggestions.  A call to TAC may be in order for this problem, especially since the workaround doesn't seem to be the best solution.

    Deyster,
    To troubleshoot this issue, we first need to verify whether thios error message is cosmetic or are we really hitting into any known issue, to identify it, we need to fisrt verify whether the xlate tables on both the firewalls is approximate;y same or not.(you can do this by using show xlate commandf on the firewalls). If it is same  and still we are getting these messages, then it is a cvosmetic issue(which does not affect the traffic).
    This particukar message appears if the xlate tables are not correctly replicated between the active and standby unit in failover.
    I would request you to provide the below debugs:
    debug nat 5
    debug fover fail
    This would further help is in identifying the issue.
    Hope this helps.
    Thanks,
    Varun

  • ASA 5520 Upgrade From 8.2 to 9.1

    To All Pro's Out There,
    I have 2 x ASA 5520 in Active/Standby state (Routed, Single context) running 8.2(3) image. They are working great and everybody is happy. Now it's time for us to upgrade to the latest and greatest version: 9.1 and as you know there are some architectural changes Cisco made to NAT statements and Access Lists. As one can tell, we have a monster environment in terms of NAT statements and access list that are currently configured on the appliances.
    In order to make the upgrade process "less" painful, I was able to find a loaner ASA 5520 device so I can practice the upgrade process offline and if needed, I use it in production (in conjunction with existing Primary and Secondary devices) should it be helpful. I currently don't have any plans on how to move forward with these 3 devices and put together an smooth upgrade. I am asking advice from experts that perhaps have done this in the past and know some Do's and Don’ts and can provide me some options toward getting best result: Minimum downtime and Smooth upgrade.
    I appreciate all the help in advance.

    Hi,
    My personal approach from the start has been to learn the new NAT configuration format on the ASA CLI and manually convert the configurations for the new ASA software. I am under the impression that the automatic conversion that the ASA does by rebooting straight into a new software level causes quite a lot of configurations and they arent really optimal.
    In your case it seems that you have a pretty much better situation than most people that dont have the chance to use a test device to test out the setup before actually putting it in production.
    What you can basically do is
    Insert the 8.2 configuration to the test ASA and boot it straight to the higher software levels and see what the conversion has done to the ASA configurations.
    You can use "packet-tracer" command to test if correct NAT rules are still hit after the conversion
    So far I have been lucky in the sense that most of the upgrades I have done have involved new hardware which has basically let me configure everything ready and just switch devices for the customer. So far everything has went really well and there has been only a 1-2 mistakes in NAT configurations because of misstyping some IP address or interface name which basically resulted from a lot of copy/paste when building the configurations. And these couple of mistakes have been from around 150 firewall migrations (of which most from FWSM Security Context to a ASA Security Context)
    If you have time to put into this then I would suggest you try to learn the new NAT format and write your NAT configurations yourself. Converting the existing configurations should essentially give you the tools to then maintain that firewall configuration easily in the future and apply that knowledge elsewhere.
    If you want to read a bit about the new NAT configuration format then I would suggest having a look at the NAT 8.3+ document I made:
    https://supportforums.cisco.com/docs/DOC-31116
    My personal approach when starting to convert NAT configurations for the upgrade is
    Collect all NAT configurations from the current ASA including any ACLs associated with the Policy type NATs and NAT0 configurations
    Divide NAT configurations based on type   
    Dynamic NAT/PAT
    Static NAT
    Static PAT
    NAT0
    All Policy Dynamic/Static NAT/PAT
    Learn the basic configuration format for each type of NAT configuration
    Start by converting the easiest NAT configurations   
    Dynamic NAT/PAT
    Static NAT/PAT
    Next convert the NAT0 configurations
    And finally go through the Policy NAT/PAT configurations
    Finally go through the interface ACLs and change them to use the real IP address as the destination in all cases since the NAT IP address is not used anymore. In most common screnarios this basically usually only involves modifying the "outside" interfaces ACL but depending if the customer has some other links to external resourses then its highly likely that same type of ACL changes are required on those interfaces also.
    The most important thing is to understand how the NAT is currently working and then configure the new NAT configuration to match that. Again, the "packet-tracer" command is a great tool to confirm that everything is working as expected.
    One very important thing to notice also is that you might have a very large number of Identity NAT configurations between your local networks interfaces of the ASA.
    For example
    static (inside,dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0
    In the new software you can pretty much leave all of these out. If you dont need to perform NAT between your local interfaces then you simply leave out all NAT configurations.
    Naturally you can also use these forums to ask help with NAT configuration conversions. Even though its a very common topic, I dont personally mind helping out with those.
    So to summarize
    Try out the ASAs automatic configuration conversion when simply booting to new software levels on the test ASA you have
    Learn the new NAT configuration format
    Ask for help here on CSC about NAT configuration formats and help with converting old to new configurations.
    Personally if I was looking at a samekind of upgrade (which I will probably be looking at again soon) I would personally do the following
    Convert the configurations manually
    Lab/test the configurations on an test ASA
    During Failover pairs upgrade I would remove the Standby device from network, erase its configurations, reboot it to new software, insert manually written configurations.
    Put the upgraded ASA to the device rack and have cables ready connected to the customer devices if possible (or use existing ones)
    Disconnect currently active ASA running 8.2 and connect the new ASA to the network while clearing ARP on the connected routers to avoid any problems with traffic forwarding.
    Test connectivity and monitor ASAs connection and xlate tables to confirm everything is working
    Will add more later if anything comes to mind as its getting quite late here
    Hope this helps
    - Jouni

  • ASA 5505 9.1 and NAT issues to single dynamic IP

    Good afternoon everybody, 
    a few days ago I tried setting up my ASA 5505 to allow access from the outside network to an Exchange server (ports HTTPS and SMTP) in my inside LAN.
    Everything seems to be working... until my outside IP address changes (for example due to a router reset or a disconnection caused by the ISP). 
    As soon as the outside address changes the NAT rules are deleted and these 2 lines pop up in the syslog :
    <166>%ASA-6-305012: Teardown static TCP translation from inside:192.168.1.150/25 to outside:79.6.105.13/25 duration 0:01:17.
    <166>%ASA-6-305012: Teardown static TCP translation from inside:192.168.1.150/443 to outside:79.6.105.13/443 duration 0:01:17.
    In the same time, the consolle connection shows these two messages :
    Asa5505# ERROR: NAT unable to reserve ports.
    ERROR: NAT unable to reserve ports.
    I have moved both Anyconnect VPN essentials and http ports to 10443 and 8080 respectively so port 443 should be free for nat.
    This is the configuration file, I  have marked the lines related to network objects and relative nat statements, I hope it helps to find out where's the problem.
    Obviously the lines in red are the ones disappearing... I'm quite desperate, actually.
    ASA Version 9.1(5) 
    hostname Asa5505
    domain-name home
    enable password XXXXXX encrypted
    names
    interface Ethernet0/0
     description ADSLPPoE
     switchport access vlan 2
    interface Ethernet0/1
     description Internal_LAN
    interface Ethernet0/2
     description Management_Net 
     switchport access vlan 3
    interface Ethernet0/3
     shutdown
    interface Ethernet0/4
     shutdown
    interface Ethernet0/5
     description Uplink
     switchport trunk allowed vlan 1,3
     switchport trunk native vlan 1
     switchport mode trunk
    interface Ethernet0/6
     description Wireless-POE
     switchport trunk allowed vlan 1,3
     switchport trunk native vlan 1
     switchport mode trunk
    interface Ethernet0/7
     description Webcam-POE 
    interface Vlan1
     nameif inside
     security-level 100
     ip address 192.168.1.250 255.255.255.0 
    interface Vlan2
     nameif outside
     security-level 0
     pppoe client vpdn group AliceADSL
     ip address pppoe setroute 
    interface Vlan3
     no forward interface Vlan1
     nameif management
     security-level 100
     ip address 10.5.1.250 255.255.255.0 
    ftp mode passive
    clock timezone CEST 1
    clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
    dns domain-lookup inside
    dns domain-lookup outside
    dns server-group DefaultDNS
     name-server 192.168.1.4
     domain-name home
    object network Exchange-HTTPS
     host 192.168.1.150
    object network Exchange-SMTP
     host 192.168.1.150
    object network Network_Inside
     subnet 192.168.1.0 255.255.255.0
    object network Network_Management
     subnet 10.5.1.0 255.255.255.0
    access-list Outside_ACL extended permit tcp any object Exchange-HTTPS eq https 
    access-list Outside_ACL extended permit tcp any object Exchange-SMTP eq smtp 
    pager lines 24
    logging enable
    logging asdm warnings
    mtu inside 1500
    mtu outside 1492
    mtu management 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    object network Exchange-HTTPS
     nat (inside,outside) static interface service tcp https https 
    object network Exchange-SMTP
     nat (inside,outside) static interface service tcp smtp smtp 
    object network Network_Inside
     nat (inside,outside) dynamic interface
    object network Network_Management
     nat (management,outside) dynamic interface
    access-group Outside_ACL in interface outside
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable 8080
    http 10.5.1.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec security-association pmtu-aging infinite
    crypto ca trustpool policy
    telnet timeout 5
    ssh stricthostkeycheck
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    management-access management
    vpdn group AliceADSL request dialout pppoe
    vpdn group AliceADSL localname aliceadsl
    vpdn group AliceADSL ppp authentication pap
    vpdn username aliceadsl password ***** store-local
    dhcpd address 192.168.1.100-192.168.1.130 inside
    dhcpd dns 192.168.1.4 192.168.1.150 interface inside
    dhcpd wins 192.168.1.4 interface inside
    dhcpd enable inside
    dhcpd address 10.5.1.30-10.5.1.40 management
    dhcpd dns 208.67.222.222 208.67.220.220 interface management
    dhcpd enable management
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
     port 10443
     anyconnect-essentials
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map 
      inspect ftp 
      inspect h323 h225 
      inspect h323 ras 
      inspect ip-options 
      inspect netbios 
      inspect rsh 
      inspect rtsp 
      inspect skinny  
      inspect esmtp 
      inspect sqlnet 
      inspect sunrpc 
      inspect tftp 
      inspect sip  
      inspect xdmcp 
    service-policy global_policy global
    prompt hostname context 
    no call-home reporting anonymous
    call-home
     profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:XXXXXXXX
    : end
    no asdm history enable
    Thanks in advance for your precious help !
    C.

    Update 29th of June :
    Tried both suggestions: flashing to 9.22 didn't fix the problem. The only significant change between 9.1(5) and 9.2(2) is that as soon as I reload the configuration after a connection drop both nat rules are restored. In 9.1(5) the nat statements were removed from the runnning configuration when the PPPoE connection was lost, and the config was updated (or maybe saved?), so after a reload those statements were gone and I had to copy-paste them back in conf-t in order to restore them.
    I tried using show xlate both before, during, and after the connection drop. As expected before the disconnection of PPPoE the static PAT rules are there, and the dynamic ones as well. During disconnection, all the xlate table is clean empty and the aforementioned error "Asa5505# ERROR: NAT unable to reserve ports. ERROR: NAT unable to reserve ports." pops up in the terminal. After a few minutes (needed by the DSL modem to perform its reset and bring up the DSL line again) the connection is established once more, but the only rules appearing in xlate are the ones created by the dynamic statements for management and LAN. If i reload the ASA using reload noconfirm every rule is restored and everything works again.
    Two brief questions :
    1) in my NAT statements for PAT, does it change anything if I modify them (for example) from 
    nat (inside,outside) static interface service tcp https https
    to
    nat (inside,outside) dynamic interface service tcp https https 
    ? Since it seems like the dynamic PAT is restored after a connection drop I was asking myself what happens if I change the rules this way.
    2) if there's not any ohter way to fix this, is it possible to schedule a reload of the ASA as soon as the PPPoE connection drops in order to make this problem "self fixing" ? I can't predict how many times a day the line drops and I can't be there 24/7 with my consolle cable connected in order to restore the nat statements ^^
    Thank you for your precious help and patience !
    C.

  • F.16 Balance Carry Forward

    Hi All,
    I have a requirement that, we are using F.16 tcode for carry forward for a particular year.
    F.16 uses T030 a table to carry forward the balances to balance sheet account and profit and loss accounts. Since T030 contains balance sheet accounts.
    My requirment is that, i have to bypass this T030 table, and post to new accounts instead of using this T030 table accounts to carry forward the amounts to new year.
    Now i have copied the F.16 related programs and started changing it. But i do not know how to Bypass T030 table accounts and then carry forward the same amount to new accounts.
    Please help me out reagrding this. How can i achive this? Or is there any other altervative to carry forward the amounts to new year?

    Hi
    For Balanace carryforward T code in ECC6.0 you may run the T code FAGLGVTR.
    Before running this T code Take care for two things.
    One your posting period for the next Financial year needs to be opened. Secondly you should have defined the Retained earning account.And the the Retained Earning account should be defined as a Balance sheet account.If these things are in order you should be able to do it.
    Thanks.
    Surendra

  • F.16 carry forward

    Hi All,
            I have a requirement that, we are using F.16 tcode for carry forward for a particular year.
    F.16 uses T030 a table to carry forward the balances to balance sheet account and profit and loss accounts. Since T030 contains balance sheet accounts.
    My requirment is that,  i have to bypass this T030 table, and post to new accounts instead of using this T030 table accounts to carry forward the amounts to new year.
    Now i have copied the F.16 related programs and started changing it. But i do not know how to Bypass T030 table accounts and then carry forward the same amount to new accounts.
    Please help me out reagrding this. How can i achive this? Or is there any other altervative to carry forward the amounts to new year?

    Hi,
    JV means manual entry by F-02. Transfer the balances of the GL accounts you do not wish to carry forward to the one you want to.. Once you do the transfer posting, carry out the carry forward procedure.
    Assign pts if useful

  • SQL Subquery in FROM clause

    Hi,
    some of my complex extractions that I am currently working on require nested SELECT statements. As far as I can see OpenSQL only supports subqueries in the WHERE clause, not in the FROM clause. Is this assumptions correct or is there a way around it? I have managed to use Native SQL for these nested expressions but the preference of the client is to use OpenSQL.
    Any ideas?
    Thanks,
    Tobias

    Hi
    In from clause you can use join.
    You can read data from more than one database table in a single SELECT statement by using inner or left outer joins in the FROM clause.
    The disadvantage of using joins is that redundant data is read from the hierarchically-superior table if there is a 1:N relationship between the outer and inner tables. This can considerably increase the amount of data transferred from the database to the application server. Therefore, when you program a join, you should ensure that the SELECT clause contains a list of only the columns that you really need. Furthermore, joins bypass the table buffer and read directly from the database. For this reason, you should use an ABAP Dictionary view instead of a join if you only want to read the data.
    The runtime of a join statement is heavily dependent on the database optimizer, especially when it contains more than two database tables. However, joins are nearly always quicker than using nested SELECT statements.
    thanks
    jagan

  • Cisco ASA ( Adaptiv Security Algorithm )?

    Hello,
    Im french so sorry for my english , i will do my best to explain my question.
    Im actually working on Cisco PIX 501 ( for school ).
    I have to do some test on it , search what is able to do and how to proove it...
    My question is about Cisco ASA ( Adaptiv Security Algorithm ) , what is it doing? i mean it just simply stop every information coming from outside to inside(security 0 to 100) or is it doing more? is it searching wrong/good packets or just stop everything?and if it's doing that , how it's done?
    My question could be : what cisco ASA doing more than ACL?
    I hope im clear enough in my questions,i search a lot on internet but didnt find an answer.
    Thank you!
    Amaury

    if i understand good what you mean , ASA/algorithm is a part of different processes which are part of stateful inspection
    not really,  I would say that stateful inspection is part of the adaptive security algorithm.  The algroithm goes through processes such as ACL check, NAT..etc. and based on these check makes entries in the state table.
    ( by the way stateful inspection = stateful firewalling , right?)
    Kind of.  Stateful inspection is what the stateful firewall does and not what it is if you can understand that.  A stateful firewall performs stateful inspection.  So stateful inspection is not a firewall.
    when you said "showing tcp  connections and NAT xlate table entries at  the firewall CLI before and  after" , iam ok with that but what are the  command to check table entries? i cant find it.
    show conn protocol tcp will show you the TCP connections through the firewall and show xlate will show you the NAT translation that are currently active.
    Aswell i will need the commands to configure ( if possible ) stateful  inspection and traffic inspection , but i will try search by myself  because i didnt start yet
    Again, stateful inspection is not something you configure but is what the ASA does based on configured rules.  so all you need to do is configure ACLs and NAT rules and routing and the ASA does all the stateful inspection stuff on its own.
    Please remember to rate and select a correct answer

  • Duplicate IP on a default gateway interface = Bad

    I just had an entire VLAN drop out due to a host being brought onto the network that had been erroneously configured with a static IP that happened to be in conflict with the HSRP default gateway IP of the core switch; fortunately, we were able to remove the offending host and reconfigure default gateways as a workaround until the core switch's ARP table updated.
    Is there any way to configure a 6500 running IOS to inhibit or block a conflicting IP (especially one with a gateway IP) by using a static ARP entry or other authoritative command?
    Thanks,
    Marc

    Hi,
    You may use the following.
    enable Unicast Reverse Path Forwarding on an interface. Unicast RPF guards against IP spoofing (a packet uses an incorrect source IP address to obscure its true source) by ensuring that all packets have a source IP address that matches the correct source interface according to the routing table.
    Normally, the FWSM only looks at the destination address when determining where to forward the packet. Unicast RPF instructs the FWSM to also look at the source address; this is why it is called Reverse Path Forwarding. For any traffic that you want to allow through the FWSM, the FWSM routing table must include a route back to the source address. See RFC 2267 for more information.
    For outside traffic, for example, the FWSM can use the default route to satisfy the Unicast RPF protection. If traffic enters from an outside interface, and the source address is not known to the routing table, the FWSM uses the default route to correctly identify the outside interface as the source interface.
    If traffic enters the outside interface from an address that is known to the routing table, but is associated with the inside interface, then the FWSM drops the packet. Similarly, if traffic enters the inside interface from an unknown source address, the FWSM drops the packet because the matching route (the default route) indicates the outside interface.
    Unicast RPF is implemented as follows:
    ?ICMP packets have no session, so each packet is checked.
    ?UDP and TCP have sessions, so the initial packet requires a reverse route lookup. Subsequent packets arriving during the session are checked using an existing state maintained as part of the session. Non-initial packets are checked to ensure they arrived on the same interface used by the initial packet.
    To enable Unicast RPF, enter the following command:
    hostname(config)# ip verify reverse-path interface interface_name
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c66.html#wp1042625
    It may be useful..
    Rgrds
    Rajeev.S

Maybe you are looking for

  • How to confirm a successful LUN rebuild , after raid 5 Array rebuild. Disk Fail

    I've been running a  ESXI 5.5 host  with various linux ,  BSD, and Windows VM's, recently had a Host kernel Panic as a result of SAS drive failure. HP proliant ML 350 G6 with a P410i raid controller, replaced HDA re-ran SMART smart to configure array

  • Quick time works for one user but not for another

    I transferred my user info from my old computer to my son's newer computer. My old computer was running 10.3x and quicktime wasn't working. The genius bar folks couldn't figure out how to fix it. (All quicktime files come up with the logo with questi

  • Authorisation of laptop

    i started to sync my iphone 4 onto the itunes on my laptop, all going great until it said that i need to authorise my laptop in order for it to sync my apps. so i authorised my laptop and started to sync again and the same message came up again "your

  • GUI_UPLOAD - excel file

    Hi All, I am using gui_upload for uploading excel file. Following parameters I am passing file name     - c:\datafile.xls file type     - asc HEADER_LENGTH - 0 READ_BY_LINE  - X But in testing the function module in se37 it is taking (#) characters.

  • Viewing plugin automation data

    Hi Guys, I'm using a plugin minimoog as my instrument, and am recording some cutoff frequency sweeps etc. They are recording fine, but I want to go back and edit it manually. The automation data is appearing as grey bars within the midi region.. but