Configure SA520 firewall for 2 ISP (cable & ADSL)

Similar Messages

• HT200259 Configuring adaptive firewall for VNC and RDP connections

  Hello, I'm using Yosemite with OSX Server.  Is there a way of configuring adaptive firewall for VNC and RDP connections?

  Apple has never documented what the adaptive firewall really does, as far as I know. It seems that the built-in network services send it some kind of notification whenever there is a connection attempt. The Screen Sharing service is one of those, so it should be protected. There is no built-in RDP service, so if you somehow added one, it would not be protected.

• Need help with initializing isp cable broadband and its relation to ADSL

  hi ,
  i have a question ,
  ive desigmnet and implemented isp of ADSL from scratch ,
  ive implemented LAC & LNS Router with L2TP and integrated it with AAA.
  now
  im asking about ,
  the ADSL system i desribed above
  and
  defirrence between it and cable broadband ??
  is there alot of differences between them ?
  can somebody give me standard isp topolofy for cable mode system ?
  regards

  My way of looking at it is that i neeed nothing else
  and it should just see a wirelless network from the
  router and connect to that, is that right?
  Yes.

• Configuring Mac OS X Firewall for iChat

  I understand that one must configure the firewall in Mac OS X Tiger before using iChat. It is a mystery to me that Apple does not provide a pre-configured Firewall rule for iChat AV that the user can easily just turn on or off. (Apple does have a pre-configured rule for iChat Bonjour).
  There is a How-To article on Apple's web site (see http://docs.info.apple.com/article.html?artnum=93208 ) but this article appears to be out of date. The article tells you to open up certain ports but it does not tell you whether the ports are TCP or UDP.
  From what I am been able to figure out, one needs to open up the following ports in the Mac OS X Firewall for iChat to work:
  TCP Ports -- 5190, 5297, 5298
  UDP Ports -- 5060, 5190, 5676, 16384-16403
  Is this correct? Do I need to open up these ports in the Mac OS X Tiger Firewall before I can get iChat AV to work?
  (I prefer not to open uo any unnecessary ports).
  RobK

  By default the Mac OS X firewall doesn't block UDP traffic. So unless you have clicked on the "Advanced" button in your firewall settings and told the firewall to block UDP you don't need to bother with the UDP ports (and indeed, including them in your firewall rule they wont even be used).
  There is absolutely no need whatsoever to open up TCP ports 5222 or 5223.
  While ports 5222 and 5223 are used by XMPP/Jabber SERVERS iChat doesn't receive inbound connections on those ports. iChat will make an outbound connection on a random high port (mine's currently using port 54804 to connect to Google Talk on port 5223) and there's no need for a firewall rule for these (and it's impossible to predict what port iChat will use anyway).
  Port 5190 (TCP) is used for AIM server connection. Just like above iChat will use a random high port to connect to the AIM server on this port so this does not need to be opened.
  Port 5190 (UDP) is used for AIM file transfers i believe. It may be that iChat also uses it for XMPP/Jabber and Bonjour file transfers too (though i suspect not since the Bonjour firewall rule doesn't open up this port). If you haven't blocked UDP traffic you wont need to open this port.
  Port 5220. As far as i know this port has nothing to do with XMPP/Jabber. The only thing i can think of is that perhaps iChat uses it as a custom file transfer port (though since Bonjour is just serverless XMPP/Jabber and this port isn't opened the Bonjour rule i suspect not). There is probably no need to open this port.
  Port 5298. I believe this is used for message exchange via Bonjour. If you're not planning on using Bonjour you shouldn't need to open it.
  Anyway, after this long rambling post the conclusion is:
  So long as you haven't blocked UDP traffic in the Advanced section of your Mac OS X firewall you shouldn't need to open up any ports for iChat to work (on your Mac anyway. Gateway/router is another story).
  If you have blocked UDP you will need to open the following:
  UDP: 5060, 5190, 5297, 5298, 5353, 5678, 16384-16403
  No TCP ports should need to be opened.
  Forwarding the above UDP ports to your machine on your gateway or router should enable things to work perfectly.

• 4402 anchor in DMZ, how to configure the Firewall

  Hello,
  I am not sure if there is a document or thread on this topic aleady though I have been looking.
  We have a 5508 foreign controller
  We have a 4402 anchor controller
  We have a DMZ layer 2 only switch
  We have a ASA5520 firewall
  I have configured both WLC controllers for guest wireless to the DMZ. They see each other in the mobility group.
  I have added vlan800 (arbitrary vlan we chose) in the DMZ switch. Currently is does not have any ip address on it and we would prefer if it stays that way.
  We want the anchor to also provide the dhcp scope for all guest wireless which is why we created vlan800 on the DMZ switch as well as in the Anchor controller.
  The Anchor controller vlan800 has an ip address 172.18.1.2/24.
  The guest wireless network is 172.18.1.x/24 (again, provided by the anchor controller).
  My firewall has a DMZ address of 172.16.67.1/24
  Ok here is where I get more fuzzy, How do i configure my firewall to accept traffic from the new ip scope i created?
  The firewall does not have anymore free physical ports so I think I have to somehow make the existing physical DMZ interface a trunk or give it a secondary ip address of 172.18.1.1/24 to become the gateway for the guest wireless traffic. (besides setting up the allow/deny rules for internet access in the firewall).
  I have not been able to find a document that goes into the DMZ requirements for wireless so far.
  Thanks!

  Hi Dennis,
  Yes I have gotten the two controllers talking to one another and able to do both ping test eping and the other one (i forget the name).
  I do believe I have a working understanding of the anchor to foreign controller configuration.
  My question is specific in as much as it relates to the DMZ switch and firewall.
  The configuration of the DMZ switch and firewall is the documentation I am unable to locate with examples of this configuration.
  I cannot seem to get to any link that has the word "partner" in it even though I log into my cisco account.
  If there is a different link I would be happy to check it out.
  As for your question about trunking the port, can you clarify which device your speaking of?
  I have the DMZ switch port trunked that connects to the Anchor controller.
  Thanks

• Can I open a port range in the firewall for one host?

  Can I open a port range in the firewall for one host?  In other words, I want to be able to open ports 54001 to 54050 to allow one remote host in my LAN to access that port range in my Mac Server.  Is this possible?  Currently, the only option I see is to open individual ports for all external hosts (eg http or https)
  Thanks in advance!

  Which version of OS X Server are you using?
  Server 2.2 and earlier includes an interface to a software firewall that can be configured to open specific ports very easily. Descriptions of how to configure the firewall can be found in the documentation for these versions.
  Server 3.x no longer has an interface to the software firewall - it is still there, but you need to use other methods do configure it.  A popular example of such a method is the icefloor utility.
  Apple suggest that for Server 3 you delegate firewall duties to an external router.  Server 3 includes the ability to configure the firewall component of Apple Airport routers 'automatically'
  if you connect a machine running Server 3 directly to an Airport Router the router appears in the LH pane in the Server.app window (usually second line, below the entry for the server itself), and you can control what services are 'enabled' through the firewall there.
  a more common solution perhaps is to use a non-apple router, and configure the firewall (and so open specific ports) through whatever control interface is provided for that router.  There are many many kinds of hardware router you could use, and the control interfaces used vary widely - so you will have to consulting the documentation for your own router to work out how to do this.
  If you post information about your software versions, and hardware configuration, it is possible that you can get more specific help with the tasks involved in opening the ports.
  Hope this helps.

• Disable Driver Enforcement for Virtual Audio Cable?

  Hi, I'm trying to get this thing called "Virtual Audio Cable" Working, but It is apparently not signed, so I cant even use it. Is there a fix to this? I've tried to use bcdedit -set. I have tried to use DSEO Too, but I dont know what file it wants
  me to sign, so I'm confused. So if anyone has any idea what to do with this, it will be very helpful.
  (PS, Not really the best with computers. But if you guide me through what you want me to do. It'll be easy.)

  Hi,
  Do you mean that you're unable to install the unsigned driver for Virtual Audio Cable? If so, you can choose “Disable Driver Signature Enforcement” during boot, this allows unsigned drivers to load for this boot only.
  You can refer to workarounds mentioned in blog below
  How to install unsigned drivers
  http://blogs.msdn.com/b/matthew_van_eerde/archive/2014/04/05/10211068.aspx
  And there's a security policy to configure the Unsigned driver installation behavior in previous Windows versions, but removed since Vista
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Devices: Unsigned driver installation behavior
  while you can refer to this KB to re-add this policy option, this KB is for Windows Vista, but I have tested in my Windows 7 enterprise, it also works.
  http://support2.microsoft.com/?kbid=947250
  Add: as Rick mentioned, Eugene Muzychenko should be more familiar with this product
  Yolanda Zhu
  TechNet Community Support

• Configuring SMTP account for Endpoint protection alerts

  Hi all
  I am using SCCM 2012 R2 Endpoint protection. I want to configure email alerts for Endpoint protection. I have mail server in Windows 2008 R2 server in a WORKGROUP. Since mail server is not in domain , how can i configure SMTP server setting. What account
  i need to use for SMTP?

  You can get advice from others on the forum Ashok but ultimately you are the only one that will be able to figure this out. You need to look at your mail server (or talk to the person that manages it) and see how it is configured to allow email relay from
  the firewall, for example. It could be that the mail server is configured with a rule to allow relays anonymously from that specific IP address.
  You then need to configure the email server to allow the requests from the ConfigMgr server in exactly the same way. It might be as simple as adding the IP address to the above rule. You will NOT need to configure an Endpoint Protection SMTP Server Connection
  Account. As Joyce says this is only required if the mail server REQUIRES authenticated access (but you can configure the rule so that it doesn't).
  "they just use SMTP server and a email address for authentication"
  This isn't the case Ashok. This is not authentication. The email address is just a label so that you can see where the alert is coming from.
  I hope this is all clear. This isn't a ConfigMgr issue as such. It's email relaying so is specific to the email product you use.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Configuring SunScreen Firewall on Solaris 8

  Hi,
  I'm trying to configure SunScreen Firewall on Solaris 8 and i would like to know what is 'tcp/ip high ports" ? And i have to configure NAT also on the same machine so that few of the machines behind firewall can
  communicate to the Server host infront of firewall. And currently i've the configuration like this.
  -- Firewall is configured with single policy
  --And the Rules are added correctly for NAT.
  And after the policy is verified successfully, the communication is across the Firewall. But after this
  following rules are added to configure tcp/ip high ports.(not sure about the service).
  -- The rules are configured like this.
  edit> add rule common localhost * ALLOW COMMENT "Allow firewall access out"
  edit> add rule tcp-high-ports hme0.net * ALLOW
  edit> add rule udp-high-ports hme0.net * ALLOW
  Now i'm unable to communicate to the server infront of Firewall after policy is activated successfully.
  I would appreciate if someone can help me on this.
  Thanks,
  Mullapudi

  HI,
  i don't know sunscreen, but i can tell you that high-ports are ports above 1023.
  J

• Configuring PFR with NAT - Dual ISP

  Hi,
  We are configuring the  pfr feature in a router, this router has two connections to Internet, different providers. I have the following question:
  Is  possible to configure two pool for NAT translations? one pool by each internet provider?
  I attach the diagram.

  Thanks Julio.
  I have a second question.
  I was able publish an internal server with the PFR function activated with two different ISP and using static nat for incoming connections without problem, however when I try to publish a IPSEC VPN server I can not publish the ESP protocol with two different public addresses. The IOS only permit the publication of the ESP protocol using only one  public address. How I can publish the ESP protocol using two public addresses at the same time (ISPA-ISPB)?
  Regards.

• Firewall for PC's

  I have a general query related to firewall for small LAN. We have couple of PC's which connect to internet thru ADSL line. They want to access some resources of the Company's LAN by setting up another NIC on the PC and plugging it into our LAN. As its a security issue what is the most economical/secure way of achieving this with the use of firewall?
  Thanks

  Firewall solutions for small business are available as either software or hardware (with software components). Software firewalls protect each individual PC they're installed on. But to protect all your company's computers, each must have a software firewall installed. It can be difficult to maintain.
  On the other hand, hardware-based firewall solutions for small business protect all computers on your network. A hardware-based firewall is easier to administer, too.
  The ideal firewall solutions for small business integrate a hardware firewall with software controls into a comprehensive security solution that includes virtual private network (VPN) support, antivirus, antispam, antispyware, and content filtering capabilities.

• Configure 5515x firewall in below scenario

  Dear all,
  I need to configure 5515x firewall in existing network
  in existing network two workstations are connected with different vlans in 3750G switch with respective SVIs hence both vlans are communicated with each other.
  now we are planing to keep firewall in between switch and 2-workstations. 
  Note: two workstations are used as fail over for other workstations which are in different vlan.
  for better understand find network architecture.....
  Thanks in advance

  Hi,
  Firewall is required between VLAN20 and 30, correct?
  If yes then there are two ways to add firewall.
  1. Add ASA in transparent mode between 20 and 30 VLAN
  2. Configure these 2 VLAN SVI on firewall.
  Let me know if any quetsions.
  Regards
  Daljeet Singh

• I'm looking for another ISP

  Last time I looked for an ISP the list for Mac was limited. Hope it is larger and will work with OS 9.2. (I am hoping the 9.2 works, I'm too old to invest money and time in newer apps)
  I have Earthlink and I am getting uncomfortable that I have been "cracked" through them but not knowledgeable enough to know. I have asked them why their hotlink to MyAccount doesn't work for me.
  iBook, 2 USB, Firewire, G3   Mac OS 9.2.x  

  Thanks for getting back to me. We're on the west coast and I don't recognize "Charter" as local.
  Also we stick with dialup and avoid the cables etc. because they have a habit of holding you hostage in contracts and change the conditions as they please (cost-wise and services). Until I see proof that their sense of entitlement and arrogance is changed, I have to stick to the slow and dull. (Also that's why we use Boost cell phones, at least we can stop when they get too outrageous w/o a $200 cancellation PENALTY)
  Our gov't is selling us out to the cables etc. when the HD for TV change-over happens. I may have to go to my cave and just read books.
  I am waiting for the ftc to declare we must pay for cable (w/o price controls) as our local gov't says we must pay for trash pick up. (okay that is necessary but cable, etc.?)
  Again thanks but I guess I will probably have to keep my head in the sand)
  iBook, 2 USB, Firewire, G3   Mac OS 9.2.x  

• Blizzard download tells me I have to configure my firewall or the download will not complete. How do I do this?

  I have finished downloading the initial game. When I go into the game from my desktop, I am directed to the WOW Patch Notes, which attempts to download. At download attempt, I received the message that I have to configure my firewall in order for the download to complete.

  Clear the cache and the cookies from sites that cause problems.
  "Clear the Cache":
  * Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove Cookies" from sites causing problems:
  * Tools > Options > Privacy > Cookies: "Show Cookies"

• Setting up firewall for 10.10 Server

  I know in the past I was using firewall under WGM which gives me access to setup firewall for different VLANs
  now its not available unless I enable Stealth mode and firewall on/off..
  Is there away to setup firewall the old way ?

  Hi
  AFAIK the "Magic Triangle" applies to an environment that also includes OSX Server providing mac-style GPOs - mostly. There's another option called "Cylinder of Destiny" that takes this slightly further although it's still essentially the same. Ultimately what you decide rests on what you want to achieve.
  If all you want is SSO for Users working on mac workstations and nothing else, use what Apple provides in the Client OS. You don't necessarily need OSX Server.
  It's even possible to alter the AD Schema itself and add Apple specific object classes, attributes and values to provide a means for managing users on mac workstations that way. Again you don't necessarily need OSX Server. In addition there are 3rd-Party solutions that don't involve OSX Server you could consider depending on budget and how hard you want to work? Likewise, Centrify and AdmitMAC are three I can think of.
  There's plenty of documentation all over the internet on how to achieve Integration. Its been going on for a few years now. Ultimately how 'successful' it all is will rest primarily on how well your AD is configured. Apple's built-in Active Directory Plug-in in many ways assumes an 'out-of-the-box' AD and ideally an environment that follows Microsoft's Best Practices for AD. I've yet to see one AD that fits that criteria. In some rare cases Integration may not even be possible. You won't really know until you try.
  Tony