Command to disable packet inspection?

Similar Messages

• Advantage/disavantage of disabling "no inspect sqlnet"

  What is the advantage of enabling sqlnet inspection and what is the down side of disabling sqlnet inspection "no inspection sqlnet"?
  I know very well the pro and con of enabling ftp inspection and disabling of ftp inspection but for the past five years, I have not seen anyone has been to explain the pro and con of enabling/disabling sqlnet inspection
  I asked this question five years ago and someone replied but I dont' think he knows what it is.  He just copied from cisco documentation:  https://supportforums.cisco.com/discussion/10838696/what-advantage-enabling-sqlnet-inspection-asa-appliance
  From my production experience, enabling/disabling sqlnet inspection makes no differences and my previous life was an Oracle DBA. 
  I've seen my security vulnerabilities and when Oracle does not work across the ASA firewalls, Cisco TAC response is always "disable sqlnet inspection".
  If that is the case, why have it enable by default in the first place?

  Hi,
  The advantage of having the any protocol inspection enabled on the ASA device is to make ASA device aware of these two things mainly:-
  1) Any Embedded IP address at the application layer for the specific protocol
  2) To allow secondary Channel by opening Pin Holes through the ASA device without explicitly allowing it using the ACL rules.
  Some other inspections are also used to implement/enforce the RFC for the protocols as well (For Ex:- SMTP , DNS etc.)
  Just picking the example from Inspect sqlnet:-
  NoteDisable SQL*Net inspection when SQL data transfer occurs on the same port as the SQL control TCP port 1521. The ASA acts as a proxy when SQL*Net inspection is enabled and reduces the client window size from 65000 to about 16000 causing data transfer issues. Disable SQL*Net inspection when SQL data transfer occurs on the same port as the SQL control TCP port 1521. The ASA acts as a proxy when SQL*Net inspection is enabled and reduces the client window size from 65000 to about 16000 causing data transfer issues.
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/i2.html#pgfId-1762719
  These inspections are enabled by default but can be modified or disabled depending on the application that you are using through the ASA device.
  Hope that clarifies your query. Let me know if you have any other questions.
  Thanks and Regards,
  Vibhor Amrodia

• Windows 8.1 Pro Need command to disable "Use default gateway on remote network" option on VPN connection"

  Hello!
  I want to create bat script to create several VPN connection.
  There is powershell command to create vpn connection:
  add-vpnconnection -name "Test VPN" -serveraddress "vpn.example.com" -splittunneling -tunneltype "pptp"
  And I need to create VPN connection without the option "Use default gateway on remote network" option on VPN connection"
  Or modify this option on existent VPN connection with command.
  Please help me to find command option or other command to disable "Use default gateway on remote network" option on VPN connection" feature.

  http://technet.microsoft.com/nl-nl/library/ee431701%28v=ws.10%29.aspx RouteIPv4TrafficOverRAS True – Add a default gateway on the VPN connection False – Do not add default gateway on the VPN connection

• Disable esmtp Inspection for Specific Host

  Hello.  Is it possible to disable esmtp inspection for a specific INSIDE host with use of a policy-map?  If so, could you provide an example configuration.
   

  Yes it is possible.  You could do something like the following:
  access-list ESMTP deny ip host 1.1.1.10 any
  access-list ESMTP permit ip 1.1.1.0 255.255.255.0 any
  class-map CMAP
  match access-list ESMTP
  policy-map PMAP
  class CMAP
  inspect esmtp
  service-policy PMAP interface inside
  Please remember to select a correct answer and rate helpful posts

• What is the Command to disable Printer Sharing via the Terminal?

  What is the Command to disable Printer Sharing via the Terminal?

  cupsctl is the command.
  man cupsctl(8)
  Hope that helps.

• Feature request - Disable packet data

  I would like to make a feature request for the otherwise awesome phone Nokia Asha 302. You have done a great job there, the phone is very nice and popular.
  Can you please make an additional setting, so that we can DISABLE packet data completely? Currently, only two options are available - 'when needed' and 'always on'.
  I see a lot of people are using different bizzare techniques to overcome a basic problem - there is no setting to disable packet data. Why there isn't, is beyond me, and as far as I can tell - beyond a lot of people. It is most intuitive to make it 'yes' and 'no' in the first place, but engineers made it 'yes' and 'yes, please' instead, which does not make any sense. It is a source of MAJOR frustration and inconveniences - applications fire up the internet and keep it always on, leading to battery drain and unwanted bandwidth charges.
  So, can you please implement 3 states in Settings - Connectivity - Packet data:
  - always on
  - when needed
  - disabled
  I would go even further and ask to make a shortcut (like WiFi and Bluetooth) and a dedicated hardware key, since I think it is a base setting that needs to be easily accessible.
  Please do it as soon as possible, since it is a major shortcomming, and make a release immediately. My phone is Asha 302, but I think all S40 users are complaining of the same.
  Thank you very much and hope you will consider it.
  If other users also think it is important, please star this message.

  Yes, this is a feature which is definitely required.
  It will reduce power consumption by a lot, and also save us valuable bandwidth.
  Please consider implementing it. If there is a new release, please let us know.

• Some commands are disabled. How to fix it?

  Photoshop Elements 11 - after opening the program few commands under 'Edit' are disabled (such as 'Copy', 'Paste', etc) are disabled or greyed out. What can I do to enable the commands?

  And you do have an active selection? If so, can you post a screenshot? You'll need to come to the forum's webpage to do that. It doesn't work via email.
  This discussion is at:
  Some commands are disabled. How to fix it?
  Then use the camera icon above the message composition area to post the image.

• Lwapp - Command is disabled

  We have some 1131 lightweight access points which were once registered with a controller which is no longer available. When we issue the command "clear lwapp private-config" The message "ERROR!!! Command is disabled."
  This error message indicates that the static configuration commands are locked out because either:
  This command was entered while the LAP is registered to a controller.
  The LAP was previously registered to a WLC, but the username/password was not changed from the default.
  OK both these things apply. The point is how do I clear the AP and start again since I cannot connect it to the controller???

  Hi Ian,
  What a pain (we have all been down this road and at least we won't forget to enter a username/password again :) I was working with some folks recently who were experiencing this same issue;
  http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=General&topicID=.ee6e8b8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbf883c
  Hope this helps!
  Rob

• Outdoor Mesh 1522 - ERROR!!! Command is disabled.

  I'm trying to configuring ip address static in LAP1522 but i can't.
  The command clear lwapp private-config doesn't work.
  clear lwapp private-config
  ERROR!!! Command is disabled.
  Tks

  Hi Mario,
  The AP needs the username/password that must be configured while the AP is connected to the WLC If no username/password was configured via the WLC this command is not available.
  If the LWAPP AP did have the username and password changed while the LAP was joined to the controller then this is available via the AP's console connection
  Note This command requires the controller configured Enable password to enter the CLI EXEC mode.
  clear lwapp private-config
  From this Troubleshooting doc;
  http://www.cisco.com/en/US/docs/wireless/access_point/1130/installation/guide/113h_c4.html#wp1091061
  setting of a Username/Password on an LWAPP AP becomes a valuable step in the configuration process;
  Resetting the LWAPP Configuration on a Lightweight AP (LAP)
  http://www.cisco.com/en/US/products/hw/wireless/ps430/products_tech_note09186a00808e2d27.shtml
  Deleting the LWAPP Configuration File to Redeploy the AP
  When you redeploy an access point after moving it from one location to another, you must first delete the LWAPP configuration file and restore the access point to the factory default settings. Deleting the LWAPP configuration enables the commands on the access point console to configure the static IP address on the access point, the IP address on the controller, the access point hostname, and the default gateway IP address.
  To delete the LWAPP configuration and restore the factory defaults, enter the following command in EXEC mode on the access point console:
  clear lwapp private-config
  The clear lwapp private-config command becomes available on the access point console after the controller pushes a new username and password to the access point.
  http://www.cisco.com/en/US/docs/wireless/access_point/conversion/lwapp/upgrade/guide/lwapnote.html#wp169479
  Hope this helps!
  Rob

• ERROR!!! Command is disabled.

  I have a lwapp 1130 here and it's no longer associated with the controller.  I issued the clear lwapp private-config, it went through and cleared the config.  Now when I try to issue the lwapp commands to set the ip and such i get ERROR!!! Command is disabled. I read that this means the static configuration is locked, but it did not say how to "unlock" it.  Any ideas or suggestions on how to get this re-enabled.
  This information has been added in the following Document - https://supportforums.cisco.com/docs/DOC-21897

  Hi everyone, I was stuck with an AP that were on a Lab and associated to a WLC we don’t have anymore.
  None of the procedures were working and we never change the enable password of the ap while it was associated, so I decide to perform the last procedure (erase de .JA2 file). Now the AP its not booting. It gets stock right here:
  ap:
  IOS Bootloader - Starting system.
  Xmodem file system is available.
  flashfs[0]: 3 files, 1 directories
  flashfs[0]: 0 orphaned files, 0 orphaned directories
  flashfs[0]: Total bytes: 31868928
  flashfs[0]: Bytes used: 14848
  flashfs[0]: Bytes available: 31854080
  flashfs[0]: flashfs fsck took 13 seconds.
  Reading cookie from flash parameter block...done.
  Base Ethernet MAC address: 00:27:0d:e4:03:6c
  The system is unable to boot automatically because there
  are no bootable files.
  C1250 Boot Loader (C1250-BOOT-M) Version 12.4(18a)JA1, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Compiled Fri 23-Jan-09 20:46 by prod_rel_team
  I check an the recovery image still on the AP:
  4  drwx         320  Jan 26 2010 01:58:26 +00:00  c1250-k9w8-mx.124-21a.JA2
      5  drwx         128   Mar 1 2002 00:02:02 +00:00 c1250-rcvk9w8-mxp
  It is a LWAPP 1250.
  Any help? please.

• ASA connection rate and stateful packet inspections rate limiting

  Can anyone please send me a link or links on how configuring "connection rate" and "stateful packet inspections rate" on an ASA?
  It seems not easy to find the links
  thanks,
  Han

  Hi Han,
  I assume you're referring to the use of resource classes to limit the connection build and inspection rates? If so, this is only available in multiple context mode. You can find some config examples for that feature here:
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/mode_contexts.html#wp1142960
  -Mike

• What Brand/Model Stateful Packet Inspection Wired Router Do You Recommend?

  Hi everybody,
  After using a Macsense XRouter for many years, I'd like to upgrade to a more robust faster small office router. I'm not trying to find the cheapest router. A substantially faster unit with features like stateful packet inspection is what I'm after. A WIRED router. A more secure, heavy-duty device. I do not want to go wireless now. I have a separate DSL modem, so do not want an ADSL router. Just a router.
  CISCO certainly is well known and apparently a good performer. Can anyone suggest CISCO models in the $200-$600 range that would work easily with a Mac? Being able to download firmware upgrades on a Mac easily is vital. I only need about 4 LAN Ethernet ports—SWITCHED.
  CISCO must have competitors. Can anyone recommend equivalent Brands that are well regarded for Macs? Model numbers?
  Thanks a lot for considering this!
  G5 iMac 20" 2.0Ghz (2nd generation)   Mac OS X (10.4.5)   2GB RAM
  G5 iMac 20" 2.0Ghz (2nd generation)   Mac OS X (10.4.5)   2GB RAM

  Wow, that was fast. I can't find the button to click on for "helpful" for your post. Where did the button go? It did work on some earlier posts from you, but not all. Anyway, it begins to feel like we're almost out of the woods!
  So a broadband router it is. I have zero motivation to try routing between IP subnets, happily.
  Nice to have affirmation of the RV0041. It seemed to be the highest level before jumping all the way to Cisco. Yeah, the Telenet firewall configuration requirement on the Zywall 5 was something to choke on. Oh—I did find one review on it. The writer, an IT tech, emphasized in all capitals that a user has to have extensive knowledge of configuring these things BEFORE getting a Zywall. So the Zywall seems to also fit squarely into the IT pro department. On the RV0041, I thought the Gigabit switch feature was very fine.
  Actually I have the software firewall "NetBarrier" installed already. Kind of sounds as if a lot of the functions of a network appliance are largely duplicated by NetBarrier. It's given me alerts in real time for attempted port scanning, for example. I do want fast page loading, so the performance lag using a network security device seems like a marked disadvantage.
  Would a combination of NetBarrier and the RV0041 largely provide equivalent protection compared to a network security device? I'm willing to live with less protection to an extent to avoid slowing things down.
  Once again, many thanks indeed

• UNIX Commands to disable Expose and Dashboard

  Teacher looking to block/disable Expose and Dashboard on iMac 2.2 gHz running 10.6.1
  I use ARD 3.2 and want to use a UNIX command to disable features on the students computers. If you know other Commands, maintenance scripts, permissions, etc..those would be helpful as well.
  Thanks for your time and help.
  David

  Hi David
  To disable Dashboard:
  defaults write com.apple.dashboard mcx-disabled -boolean YES
  You have to restart the Dock afterwards:
  killall Dock
  You still have to tear Dashboard off the Dock although you could amend the com.apple.dock.plist If you wanted to? Amend the persistent-apps tile data settings. To re-enable Dashboard at a future date:
  defaults write com.apple.dashboard mcx-disabled -boolean NO
  Restart the Dock again with the same command.
  Not sure if there is a command to disable Expose? I think some of its settings can be found in com.apple.systempreferences.plist? If it looks like it has what you want you should be able copy it either using the Copy feature in ARD or sending a Unix command like cp (man cp) instead.
  Alternatively apply the plist to an OD Group as a managed preference assuming you've an OD environment?
  Tony

• Add Voice Command Enable/Disable Bluetooth

  Add Voice Command Enable/Disable Bluetooth
  Do you think apple will ever add additional voice commands like one to enable and or disable Bluetooth so that I am able to save battery life and time with trying to use my Bluetooth Headset?
  It’s annoying having to unlock my phone go to Home / Settings / General / Bluetooth every time I get into my car so I can use my headset.
  Thanks

  Hard for us to tell, since we are just users like you. You can provide feedback to Apple letting them know that you would like to see that feature. Use this link to provide feedback http://www.apple.com/feedback/iphone.html

• Unix command to disable DVD drive?

  My DVD drive on my 20" intel imac is failing to eject the disk. It won't come out. I have done everything like restarting with the mouse held down etc etc. I am going to buy a cheap external DVD writer as a solution. The drive however is making a noise every 10 secs in what I guess is in an attempt to read the disk or eject it? What ever the noise is I want it to stop! Is there a command I can type in the terminal to kill or disable the drive so it quits trying to do what it is doing?
  Thanks in advance.
  Martin.

  Ask at the Unix forum under OS X Technologies. BTW, this Terminal command should eject the disc:
  *drutil eject -drive internal*