CCP bug with with zone based firewall policies
Hello guys,
I'm facing a problem today right after creating some new rules.
When we are going to "Edit Firewall Policy" the Rule Flow Diagram is showing up. My problem is that i don't see anymore the button which let me disable it !!
You can see the screenshot.
So my questions are:
- Is there a way to disable this diagram ? (maybe with some java configuration)
- Is there a way to modify this display ?
I have the same problem on a Win7, Win8, Win2008 & Win2012. Tested with Java 1.6u11 to 1.7
Thanks for the help.
I tried taking the http inspection rules out and had the same problem.
debug messages :
000168: Feb 9 14:26:06.108 gmt: %FW-6-DROP_PKT: Dropping tcp session 195.74.103.133:33032 192.168.1.1:25 due to Out-Of-Order Segment with ip ident 0
000169: Feb 9 14:26:36.156 gmt: %FW-6-DROP_PKT: Dropping tcp session 173.194.41.130:80 192.168.1.11:53846 due to Out-Of-Order Segment with ip ident 0
000170: Feb 9 14:27:06.459 gmt: %FW-6-DROP_PKT: Dropping tcp session 195.74.103.133:33032 192.168.1.1:25 due to Out-Of-Order Segment with ip ident 0
000171: Feb 9 14:27:36.823 gmt: %FW-6-DROP_PKT: Dropping tcp session 173.194.41.131:80 192.168.1.11:53823 due to Out-Of-Order Segment with ip ident 0
000172: Feb 9 14:28:08.007 gmt: %FW-6-DROP_PKT: Dropping tcp session 173.194.41.130:80 192.168.1.11:53897 due to Out-Of-Order Segment with ip ident 0
000173: Feb 9 14:28:46.336 gmt: %FW-6-DROP_PKT: Dropping tcp session 61.206.117.4:56336 192.168.1.1:25 due to Retransmitted Segment with Invalid Flags with ip ident 0
Similar Messages
-
Cisco Zone-based firewall issue/ not receiving return traffic
Hi,
I have created a Cisoc IOS Zone based firewall on my cisco 3945 router. I have an issue receiving any returning traffic. Here is a simplified version of my issue.
I have two zone pairs: Internal to Outside and Outside to Internal.
In the zone pair Out-to-Int I have a few rules allowing connections to specific servers on specific ports. The default class-map drops any non-matching packets.
In the zone pair Int-to-Out I have a rule saying internal PCs can access any destination on the internet over “any” service. When I put the action as “Inspect” I cannot connect to the internet. It’s as if my return traffic is not detected by the firewall and instead gets dropped by the default class map in the Out-to-Int pair.
To make it work I need to do two changes. I need to choose Allow instead of Inspect and I need to change the default class-map on the Out-to-Int pair to “allow” for unmatched traffic. But this is not good because I have a default allow on my out-to-int pair.
Am I misunderstanding something? Shouldn’t the inspect action on the Int-to-Out zone allow for return traffic no matter what rules I applied on the Out-to-Int pair? Thank you in advance for your help.Please share your config. Then we can see what's wrong there.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
Problems with Zone based Firewall and mtr (mytraceroute)
We are using ZFW on an ASR1001 and have experienced a problem: when I try to use mtr (mytraceroute, see
http://en.wikipedia.org/wiki/MTR_%28software%29), I am getting packetloss on all hops between the source and the destination. e.g.:
<code>
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. Stuttgart-I28-1.belwue.de 100.0 8 0.0 0.0 0.0 0.0 0.0
2. Stuttgart-AL30-1-gi0-0-0-3.belwue.net 100.0 7 0.0 0.0 0.0 0.0 0.0
3. Karlsruhe-RZ-1-10GE-0-1-0-1.belwue.net 100.0 7 0.0 0.0 0.0 0.0 0.0
4. Karlsruhe1-10GE-4-0-0.belwue.net 100.0 7 0.0 0.0 0.0 0.0 0.0
5. Mannheim1-10GE-3-0-0.belwue.net 100.0 7 0.0 0.0 0.0 0.0 0.0
6. Frankfurt-DECIX-1-10GE-0-0-0-0.belwue.net 100.0 7 0.0 0.0 0.0 0.0 0.0
7. de-cix20.net.google.com 100.0 7 0.0 0.0 0.0 0.0 0.0
8. 72.14.238.230 100.0 7 0.0 0.0 0.0 0.0 0.0
9. 72.14.239.62 100.0 7 0.0 0.0 0.0 0.0 0.0
10. 209.85.242.187 100.0 7 0.0 0.0 0.0 0.0 0.0
11. ???
12. ???
13. ???
14. bk-in-f94.1e100.net 0.0% 7 20.0 20.6 20.0 21.2 0.4
</code>
So it seems that the Firewall on my asr1001 is throwing away all packets with ttl-exceeded coming back from hops in between, they have another destination address.
At the moment I am inspecting all kind of traffic from my network outgoing:
ip access-list extended 101
permit ip any any
class-map type inspect match-all cmap1
match access-group name 101
policy-map type inspect pmap1
class type inspect cmap1
inspect
etc... (zones, zone-pair in-out with policies applied)
So I tried to let pass all icmp-traffic from the outside to my network:
class-map type inspect match-all cmap_icmp
match protocol icmp
policy-map type inspect pmap2
class type inspect cmap_icmp
pass
etc... (zones, zone-pair out-in with policies applied)
So this has no effect, but I tested and I could figure out, that when I pass all icmp-traffic from my network to the outside, THEN mtr does work.
BUT then normal ping does not work anymore, because it will not be inspected any more.
But I want to have a secure Firewall with inspecting echo-replys and working mtr anyway.
Has anyone the same problem or can even solve this issue?
Thanks in advance,
StefanHi Andrew, thanks for Your answer...
So I have now:
class-map type inspect match-any cmap_icmp
match access-group name icmp_types
ip access-list extended icmp_types
permit icmp any any ttl-exceeded
PMAP IN--> OUT
(don't be confused, my "vlanxxx_pmap_in" is the pmap FROM my network TO the outside...)
policy-map type inspect vlan664_pmap_in
class type inspect vlan664_cmap_in (this is an extended ACL "permit ip x.x.x.x any")
inspect
class type inspect ipsec_cmap_in (this is because I have problems with VPN when inspected, another problem...)
pass log
class class-default
drop log
PMAP OUT-->IN
policy-map type inspect vlan664_pmap_out
class type inspect cmap_icmp (here comes the "ttl-exceeded"-ACL)
pass log
class type inspect vlan664_cmap_out (some open ports for some clients)
inspect
class type inspect ipsec_cmap_out (same problem with VPN when inspected)
pass log
class class-default
drop log
But unfortunately, the same problem occurs. Curiously, the first two packets seem to go "through" the firewall, but with 3rd packet the packetloss comes up:
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. Stuttgart-I28-1.belwue.de 50.0% 3 0.3 0.3 0.3 0.3 0.0
2. Stuttgart-AL30-1-gi0-0-0-3.belwue.net 50.0% 3 0.9 0.9 0.9 0.9 0.0
3. Karlsruhe-RZ-1-10GE-0-1-0-1.belwue.net 0.0% 2 2.7 2.7 2.7 2.7 0.0
4. Karlsruhe1-10GE-4-0-0.belwue.net 0.0% 2 1.5 1.5 1.5 1.5 0.0
5. Mannheim1-10GE-3-0-0.belwue.net 0.0% 2 2.5 2.5 2.5 2.5 0.0
6. Frankfurt-DECIX-1-10GE-0-0-0-0.belwue.net 0.0% 2 4.1 4.1 4.1 4.1 0.0
7. de-cix20.net.google.com 0.0% 2 5.0 5.0 5.0 5.0 0.0
8. 72.14.238.44 0.0% 2 39.2 39.2 39.2 39.2 0.0
9. 72.14.236.68 0.0% 2 5.4 5.4 5.4 5.4 0.0
10. 209.85.254.118 0.0% 2 5.4 5.4 5.4 5.4 0.0
11. ???
12. google-public-dns-a.google.com 0.0% 2 5.5 5.3 5.2 5.5 0.2
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. Stuttgart-I28-1.belwue.de 66.7% 4 0.3 0.3 0.3 0.3 0.0
2. Stuttgart-AL30-1-gi0-0-0-3.belwue.net 66.7% 4 0.8 0.8 0.8 0.8 0.0
3. Karlsruhe-RZ-1-10GE-0-1-0-1.belwue.net 66.7% 4 2.1 2.1 2.1 2.1 0.0
4. Karlsruhe1-10GE-4-0-0.belwue.net 66.7% 4 1.5 1.5 1.5 1.5 0.0
5. Mannheim1-10GE-3-0-0.belwue.net 66.7% 4 2.6 2.6 2.6 2.6 0.0
6. Frankfurt-DECIX-1-10GE-0-0-0-0.belwue.net 66.7% 4 4.2 4.2 4.2 4.2 0.0
7. de-cix20.net.google.com 66.7% 4 5.3 5.3 5.3 5.3 0.0
8. 72.14.238.44 66.7% 4 70.3 70.3 70.3 70.3 0.0
9. 72.14.239.60 66.7% 4 5.8 5.8 5.8 5.8 0.0
10. 209.85.254.116 66.7% 4 5.8 5.8 5.8 5.8 0.0
11. ???
12. google-public-dns-a.google.com 0.0% 4 6.3 5.7 5.2 6.3 0.5
In the sessions on the routers, I see only this entry:
Session 206F66C (129.143.6.89:8)=>(8.8.8.8:0) icmp SIS_OPEN
Any other suggestions? -
Websense web filtering not working with 2911 with zone based firewall
Hi,
Any one ran into this issue
We use websense for guest wifi but i dont see requests hitting websense server
config is below
class-map type inspect match-any test-1
match protocol http
policy-map type inspect Wifi-test
class type inspect test-1
inspect
urlfilter websense-parmap
class class-default
drop
parameter-map type urlfilter websense-parmap
server vendor websense 10.10.1.4
source-interface GigabitEthernet0/2
allow-mode on
cache 100
zone-pair security Wifi-in-out source Wifi destination outside
service-policy type inspect Wifi-test
interface GigabitEthernet0/1
description Internet
ip address 192.168.10.1 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly in
zone-member security Wifi
interface GigabitEthernet0/2
description LAN
ip address 10.10.4.1 255.255.255.0
zone-member security insideHi Stan,
You should be able to adapt this config example to your environment.
Andy-
class-map type inspect match-any http-cm
match protocol http
parameter-map type urlfpolicy websense websense-parm
server <websense server IP>
source-interface <lan interface>
allow-mode on
truncate hostname
class-map type urlfilter websense match-any websense-cm
match server-response any
policy-map type inspect urlfilter websense-pm
parameter type urlfpolicy websense websense-parm
class type urlfilter websense websense-cm
server-specified-action
policy-map type inspect Inside->Internet-pm
description Inside trusted to Internet
class type inspect http-cm
inspect
service-policy urlfilter websense-pm
class type inspect Inside->Internet-cm
inspect
class class-default
drop
zone-pair security Inside->Internet source Inside destination Internet
service-policy type inspect Inside->Internet-pm
! to check status & url block counts
show policy-map type inspect zone-pair Inside->Internet urlfilter -
Cisco IOS Zone Based Firewall and IPv6
Hello,
I am trying to setup IPv6 tunnel to tunnel-broker Hurrican Electrics. IPv6 connection is working OK only if I disable zone security on WAN interface (Fe0 - IPv4 interface).
Which protocols must be alloved to and from router?
IOS version: 15.1.2T1 (Adv.ip services)
Setup:
HE (tunnel-broker) --- Internet (IPv4) ---- Cisco 1812 (Fe0 (IPv4) and interface tunnel 1 (IPv6))
Config on router:
IPv4 (self to internet and internet to self)
policy-map type inspect Outside2Router-pmap
class type inspect SSHaccess-cmap
inspect
class type inspect ICMP-cmap
inspect
class type inspect IPSEC-cmap
pass
class type inspect Protocol41-cmap
pass log
class class-default
drop
interface Tunnel1
description Hurricane Electric IPv6 Tunnel Broker
no ip address
zone-member security IPv6tunnel
ipv6 address 2001:47:25:105B::2/64
ipv6 enable
ipv6 mtu 1300
tunnel source FastEthernet0
tunnel mode ipv6ip
tunnel destination xxx.66.80.98
interface FastEthernet0
description WAN interface
ip address xxx.xxx.252.84 255.255.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
zone-member security WAN
duplex auto
speed auto
zone-pair security IPv6Tunnel_2_WAN source IPv6tunnel destination WAN
service-policy type inspect IPv6-out-pmap
zone-pair security WAN_2_IPv6tunnel source WAN destination IPv6tunnel
service-policy type inspect IPv6-out-pmap
policy-map type inspect IPv6-out-pmap
class type inspect IPv6-internet-class
inspect
class class-default
drop
class-map type inspect match-all IPv6-internet-class
match protocol tcp
match protocol udp
match protocol icmp
match protocol ftp
ipv6 route ::/0 Tunnel1
ipv6 unicast-routing
ipv6 cef
parameter-map type inspect v6-param-map
ipv6 routing-header-enforcement loose
sessions maximum 10000OK, removed the cmap the packet was getting dropped on, so the current self to wan zone-pair policy map looks like this:
policy-map type inspect pm-selftowan
class type inspect cm-selftowan-he-out
inspect
class type inspect cm-dhcpwan
pass
class class-default
drop
class-map type inspect match-all cm-selftowan-he-out
match access-group name HETunnelOutbound
ip access-list extended HETunnelOutbound
permit 41 any any
permit ip any host 64.62.200.2
permit ip any host 66.220.2.74
permit ip any host 216.66.80.26
Now we see the same error, just on the 'new' first cmap in the pmap:
*Oct 5 02:39:31.316 GMT: %FW-6-DROP_PKT: Dropping Unknown-l4 session :0 216.66.80.26:0 on zone-pair selftowan class cm-selftowan-he-out due to Invalid Segment with ip ident 0
Yet as you can see above, we are allowing proto 41 any any.
I didn't expect any other result really since the previous cmap had 'permit ip any any' but still
any ideas?
Thanks,
//TrX
EDIT: Out of curiosity after reading this post: https://supportforums.cisco.com/thread/2043222?decorator=print&displayFullThread=true
I decided to change the outbound cm-selftowan-he-out action to 'pass'.
I suddently noticed the following log:
*Oct 5 02:39:31.316 GMT: %FW-6-DROP_PKT: Dropping Unknown-l4 session 216.66.80.26:0 :0 on zone-pair wantoself class cm-wantoself-he-in due to Invalid Segment with ip ident 0
Notice this is now inbound having trouble where as before was outbound.
I changed the inbound pmap policy for cmap cm-wantoself-he-in to pass also and IPv6 PACKETS ARE GETTING ICMP6 REPLIES FROM GOOGLE!
Looking at the original outbound PMAP:
policy-map type inspect pm-selftowan
class type inspect cm-selftowan
inspect
class type inspect cm-selftowan-he-out
inspect
class type inspect cm-dhcpwan
pass
class class-default
drop
cm-selftowan has always been infront of cm-selftowan-he-out, and because that is ip any any, it has been 'grabbing' the IP proto 41 packets and doing ip inspect on them (which fails as it seems ip inspect only handles a handful of proto's).
This is why setting cm-selftowan-he-out and cm-wantoself-he-in both to 'pass' instead of 'inspect' in the past has not been doing anything, because the outbound packets were never getting to the cm-selftowan-he-out cmap.
Would never have got to this without ip inspect log. Why didn't I think of just trying ip inspect logging two days ago!
Anyway, thank you, I have now restored my faith in my own knowledge of ZBF!
Hope this helps the OP too
//TrX -
How to allow website using the domain name in zone based firewall ?
Hi,
I need to give a restricted access to internet by allowing few sites. How will I do it with the url of a particular website. If I put the url in the configuration it resolves to only a single IP. How will I do it for a website like google where there are numerous number of IP addresses.
Regards,
TonyHi Bro
Please kindly refer to this URL https://supportforums.cisco.com/docs/DOC-17014
I hope this is what you're looking for :-)
P/S: If you think this comment is helpful, please do rate it nicely :-) -
Standard (application-based) firewall with one additional port open?
Lion and Snow Leopard both have application based firewalls. I want to allow access to a Minecraft server on port 25565 but I don't want to allow all of Java. How can I open one port in addition to leaving the standard firewall in place?
Hi
The Zone based firewall uses "inspect" statements, that's just what it does.
A simple zone-based firewall that will inspect all traffic going from the local network to the internet and protecting the outside interface of the router, but allowing anyconnect connections would look something like this:
ip access-list standard INSIDE-NETWORK_ACL
permit 192.168.1.0 255.255.255.0
class-map type inspect INSIDE-NETWORK_CMAP
match access-group name INSIDE-NETWORK_ACL
class-map type inspect HTTPS_CMAP
match protocol https
policy-map type inspect INSIDE-TO-OUTSIDE_PMAP
class type inspect INSIDE-NETWORK_CMAP
inspect
policy-map type inspect OUTSIDE-TO-SELF
class type inspect HTTPS_CMAP
pass
zone-pair security INSIDE-TO-OUTSIDE_ZP source INSIDE destination OUTISDE
service-policy type inspect INSIDE-TO-OUTSIDE_PMAP
zone-pair security OUTSIDE-TO-SELF_ZP source OUTSIDE destination self
service-policy type inspect OUTSIDE-TO-SELF
I haven't personally configured Zone Based Firewall with anyconnect. So if this doesn't work you can look at this link: https://supportforums.cisco.com/document/46481/anyconnect-ios-zone-based-firewall-zbfw -
Traditional ACL vs Zone Based FW
I have a 3845 ISR that I have been managing for a couple years that has a traditional ACL based config. We just purchased a new 3845 for redundancy and it arrived with the zone based config from Cisco. Any opinions on whether I should take the existing router to a zone based config or should I configure the new router with traditional ACL config that I am more comforatable with?
If there was the option to use a Zone based FW or just straight access lists then surely the Zone based FW would be considered a better option as it has more features than just permit or deny. The Zoned based FW will also inspect traffic and block any traffic with malicous code for example. I am not an expert in this arena, but based on Security exam topics and other publications, the FW approach seems to be gaining traction versus managing ACLs alone. Although, ACLs will always have their place in the network...
The choice is based on your comfort level, but both are viable options...
BR,
Cary
Sent from Cisco Technical Support iPad App -
Best Practices for patching Sun Clusters with HA-Zones using LiveUpgrade?
We've been running Sun Cluster for about 7 years now, and I for
one love it. About a year ago, we starting consolidating our
standalone web servers into a 3 node cluster using multiple
HA-Zones. For the most part, everything about this configuration
works great! One problem we've having is with patching. So far,
the only documentation I've been able to find that talks about
patch Clusters with HA-Zones is the following:
http://docs.sun.com/app/docs/doc/819-2971/6n57mi2g0
Sun Cluster System Administration Guide for Solaris OS
How to Apply Patches in Single-User Mode with Failover Zones
This documentation works, but has two major drawbacks:
1) The nodes/zones have to be patched in Single-User Mode, which
translates to major downtime to do patching.
2) If there are any problems during the patching process, or
after the cluster is up, there is no simple back out process.
We've been using a small test cluster to test out using
LiveUpgrade with HA-Zones. We've worked out most of bugs, but we
are still in a position of patching our HA-Zoned clusters based
on home grow steps, and not anything blessed by Oracle/Sun.
How are others patching Sun Cluster nodes with HA-Zones? Has any
one found/been given Oracle/Sun documentation that lists the
steps to patch Sun Clusters with HA-Zones using LiveUpgrade??
Thanks!Hi Thomas,
there is a blueprint that deals with this problem in much more detail. Actually it is based on configurations that are solely based on ZFS, i.e. for root and the zone roots. But it should be applicable also to other environments. "!Maintaining Solaris with Live Upgrade and Update On Attach" (http://wikis.sun.com/display/BluePrints/Maintaining+Solaris+with+Live+Upgrade+and+Update+On+Attach)
Unfortunately, due to some redirection work in the joint Sun and Oracle network, access to the blueprint is currently not available. If you send me an email with your contact data I can send you a copy via email. (You'll find my address on the web)
Regards
Hartmut -
OLAP on 11g and Materialised Views with Multiple Value-Based Hierarchies
Hello OLAPians
I am trying to setup Orable BIEE to report on an OLAP cube with pre-aggregated data. As OBIEE is not able to hook into the OLAP directly i have to create an SQL cubeview.
Currently i am on a 10g OLAP environment and am using the oracle sample SQL cubeview generator to create an SQLview of my cube.
The cube itself has multiple dimensions and these dimensions have multiple VALUE-based (ragged) hierarchies and dimension members can be shared across hierarchies also.
Initially i had a problem running the view generator plugin because there is a bug within it that does not finish if there are multiple value-based hierarchies present. I was able to get around this by manually editing the limitmap for the cubeview and manually creating the SQL view.
The question that i want to ask is how robust is the 11g materialised views with multiple value-based hierarchies and the sharing of dimension members across different hierarchies?
Has anyone successfully been able to create a cubeview and import it into OBIEE without the hassle of manually editing the limitmap?
A problem arises with the value-based setup whereby if the client creates a newer depth in the ragged hierarchy, i need to manually create the limitmap and the cube-view over again, and then re-map the BI Administration mappings.The simple answer to your question,
how robust is the 11g materialised views with multiple value-based hierarchies...?is that materialized views are not supported on top of value-based hierarchies in 11g. The reason is that it is not possible to write a reasonable SQL statement that aggregates a fact over a value-based hierarchy. Such a SQL statement is necessary if we want to create a rewritable MV on top of the cube.
But I suspect this is not what you are really asking. If you are trying to set up OBIEE on top of the cube in 10g using the view generator, then you will probably want to use the "ET VIEWS" that are generated automatically in 11g. These are generated whether or not you enable materialized views on top of your cube. I am not aware of any issues with the generated value-based hierarchy view support in 11g. Members may be shared between value hierarchies and you will not need to generate or modify limit maps. -
SSO with Hybrid Cloud-Based Deployments
Hi
I´m wondering, how SSO works with Hybrid Cloud-Based Deployments.
I want to use Jabber for Windows with WebEx Connect and Unified Communications integration with Cisco WebEx.
Questions:
How can I configure Jabber for Windows to use SSO with WebEx Connect after Client-Installation?
I´ve read, that SSO username with WebEx Connect will be [email protected] Correct?
I´ve read, that I have to create a jabber-config.xml with a follows to enforce Jabber for Windows to use the Webex-Connect login credentials also for Phone Services. Correct?
<CUCM> <PhoneService_UseCredentialsFrom>presence</PhoneService_UseCredentialsFrom> </CUCM>
If this is correct, Jabber for Windows will use [email protected] to authenticate with CUCM, but CUCM would need only the username without the domain. From my point of view, Jabber for Windows will not be able to authenticate with CUCM for Phone Services.
Any thoughts?
thank you
TinoHi Maqsood
Thanks for your info. I´ve tested the "PhoneService_UseCredentialsFrom" attribute in my hybrid deployment and it seems, that it effects the jabber also in this scenario: the credentials form in the jabber options menu are not displayed.
My understanding of the admin guide is, that it should work:
Authentication in Hybrid Cloud-Based Deployments
If the client authentication credentials are the same as the voicemail service credentials on Cisco Unity Connection, you can specify the VoicemailService_UseCredentialsFrom parameter in the Cisco Jabber for Windowsconfiguration file. This parameter uses the client authentication credentials to access voicemail services. As a result, Cisco Jabber for Windows users do not need to enter their credentials for voicemail services in the client.
You should ensure that the sign in credentials and voicemail service credentials are the same for the Cisco Jabber for Windows users. If you set this parameter, the Voicemail section is not available on the Phone accounts tab in the Options window.
thanks,
Tino -
Hi Team, will Import into a table I am getting the below error message
Error Message
Record 1: Rejected - Error on table MTN_BUNDLES_EXPIRY_MIG, column EXPIRY_DATE_T.
ORA-01840: input value not long enough for date format
The data client provide in .XLs file
2013-08-31 17:14:56
My Table Structure is
CREATE TABLE tmp_mtnuga_3g_expiry_mig
MSISDN_V VARCHAR2 (50),
expiry_Date_t TIMESTAMP(6) WITH TIME ZONE
status_date_t TIMESTAMP(6) WITH TIME ZONE
GOT_STARTER_PACK_V NUMBER(10)
I am using 2 option to import into a table
First option using Toad ---> Import Table -- option here i am getting error like
The format is not matched.
Second option using SQL Loader-->
LOAD DATA
INFILE 'D:\ss\TT-Projects\Customer Apps\Client Dump\3GBundle.csv'
BADFILE 'D:\dd\TT-Projects\Customer Apps\Client Dump\3GBundle.bad'
DISCARDFILE 'D:\dd\TT-Projects\Customer Apps\Client Dump\3GBundle.dsc'
INTO TABLE tmp_mtnuga_3g_expiry_mig
INSERT
(MSISDN_V,
EXPIRY_DATE_T,
STATUS_DATE_T,
GOT_STARTER_PACK_V
Please guide me how solve the TimeStampCheck Part II SQL*Loader I can't remember when I last used it (being server side I use External Tables), but it should turn out something like
LOAD DATA
INFILE 'D:\ss\TT-Projects\Customer Apps\Client Dump\3GBundle.csv'
BADFILE 'D:\dd\TT-Projects\Customer Apps\Client Dump\3GBundle.bad'
DISCARDFILE 'D:\dd\TT-Projects\Customer Apps\Client Dump\3GBundle.dsc'
INSERT INTO TABLE tmp_mtnuga_3g_expiry_mig
fields terminated by ',' optionally enclosed by '"'
(MSISDN_V,
EXPIRY_DATE_T char "to_timestamp_tz(:EXPIRY_DATE_T,'yyyy-mm-dd hh24:mi:sstzh:tzm')",
STATUS_DATE_T char "to_timestamp_tz(:STATUS_DATE_T,'yyyy-mm-dd hh24:mi:sstzh:tzm')",
GOT_STARTER_PACK_V
you must adjust the mask to match your data
Regards
Etbin -
Hi,
We are using IEDriver 2.44.0 with microsoft webdriver tool Windows7-KB2990999-x64.msu update with IE11.
Using IMPLEMENTATION=VENDOR, we are not able to get this IEDriver version working with out selenium based test tool, with or without microsoft webdriver tool.
I can see the driver IMPLEMENTATION set to VENDOR in the log, it also brings up the browser, but gets stuck there.Is this a known issue?ThanksTanviSelenium is a third party software, so it is not supported in MSDN forum. It would be better consult to selenium's office website or forum. Some placa like here:
http://www.seleniumhq.org/support/
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Block invoices for PO with no GR-based IV flag
Hello SAP experts,
I need your help with finding a way to block invoices for PO with no GR-based IV flag. At our company, we treat service POs almost the same as material POs (to avoid receipt of service entry). The only difference from material PO is that service PO does not have the flag for GR. We customized our EBP to have this done.
Now, accounting wants to automatically block all invoices associate with service POs. In this case it would be a PO with no GR. I tried LIV configuration but it is only for price, quantity and etc. I also tried blocking with IR before GR but it didn't work because there is no GR.
Is there a way to achive automatic invoice block in this case?
Appreciate your help.
-AT-Hi Annie,
if the configuration doesn't help you enough, you would have to add some custom logic after the invoice has been created.
Technically speaking, I believe there exists a business add-in (BAdI) where you could enter a piece of code which would after the invoice creation check the GR and block it if appropriate. Another implementation option would be a mini-workflow - there you would have a step which checks the GR existence and blocks the invoice.
Hope this helps, I suggest talking to your local abap consultant for more details,
-Mikko -
Jdeveloper Version for MSCA development with MWA server based programming
Any one Please provide the Oracle Jdeveloper version for Mobile Supply Chain Applications with MWA server based programming. This application basically runs on Whse mgmt responsibility. Any body who is developing this type application, please provide the Oracle Jdeveloper VERSION using for programming.
Thanks,
Deepakmy issue is resolved. i'm getting this problem when i add just java class file to the project. but when i also add the business componets and page component and generate controller class to the project , i can see that import is recognized by the java class file. So i guess i have to delete all the unwanted business components that i have created at the end.
Thanks
Sunny
Edited by: user13369509 on Mar 16, 2011 12:44 PM
Maybe you are looking for
-
Convert table linked report into a Command version - Howto?
How can I convert hundreds of reports from table linked into a Command version? One way to do is to take the SQL syntax off the report, add a Command with that Syntax and manually replace the database fields by the Command fields. I can not believe t
-
Most keyboard shortcuts dont work
hello, most of the editing keyboard short cuts like crtl + c and so on dont work. however the shortcuts work for undo and save, set inpoint etc. i dont understand, they are all marked correctly in the commands list..anyone??
-
Add Approver - applet performance when 'Add here' pressed
Hi - We have recently upgraded to SRM 5.0 (classic) and are noticing that the Add hoc approver functionality is quite slow when using the graphical view. Steps: - for a sc to be approved, go to Approval Preview - click 'Add Approver' - on any of the
-
Is it possible to pass array of strings as input parameters for stored proc
Dear All, I wrote a Stored Procedure for my crystal report. now i got a modification. one of the parameters 'profit_center' should be modified so that it is capable to take multiple values. now when i run report crystal report collects more than one
-
HT5672 Where i can find Java for Mac OS X 10.8.3 ??? i need to use MicroChip debugger MPLAB ICD 3
I need to install MPLAB X IDE v1.70 for Microchip Debbuger MPLAB ICD 3. I download it from Microchip web-site and try to rub but it is asking to Java to proceed with installation. I try to find it of apple.com but nothing only for previous OS. Thanks