Contribute pix firewall
Hi, have Contribute Publishing Server behind cisco pix
firewall. What ports do i need open to allow the client to publish
web sites.
i have a problem when a user tries to publish a website the
program hangs.
If you have not already, please check out the latest TechNote
http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=fc1a435a
to follow udpating the NetIOFTP file for your client's machine.
From the LiveDoc information here are the port numbers to be
aware of for CPS in regards which J2EE app server you are using:
Java Application Server
Port number
BEA Weblogic
7001
IBM Websphere
9080
Macromedia JRUN
8900
JBoss
8080
Similar Messages
-
PIX Firewall 525 can not start
Hi,
Today my colleague add 2 lines of access-list to our PIX 525. After 10 minutes, my firewall was rebooted and until now can't start. The booting process as listed below.
The questions are :
1. What is my OS version? Flash?
2. How to remove those 2 lines (reset the config to default)?
3. How to solve the issue?
Thanks,
Andy
Booting process
================
Rebooting..þ
Wait.....
PCI Device Table.
Bus Dev Func VendID DevID Class Irq
00 00 00 8086 7192 Host Bridge
00 07 00 8086 7110 ISA Bridge
00 07 01 8086 7111 IDE Controller
00 07 02 8086 7112 Serial Bus 9
00 07 03 8086 7113 PCI Bridge
00 0D 00 8086 1209 Ethernet 11
00 0E 00 8086 1209 Ethernet 10
Cisco Secure PIX Firewall Embedded BIOS Version 4.3
Wait...ndeavor Board, Boot Block BIOS
+------------------------------------------------------------------------------+
| System BIOS Configuration, (C) 2000 General Software, Inc. |
+---------------------------------------+--------------------------------------+
| System CPU : Pentium III | Low Memory : 638KB |
| Coprocessor : Enabled | Extended Memory : 255MB |
| Embedded BIOS Date : 08/25/00 | Serial Ports 1-2 : 03F8 02F8 |
+---------------------------------------+--------------------------------------+
Cisco Secure PIX Firewall BIOS (4.0) #39: Tue Nov 28 18:44:51 PST 2000
Platform PIX-525
System Flash=E28F128J3 @ 0xfff00000
Use BREAK or ESC to interrupt flash boot.
Use SPACE to begin flash boot immediately.
Reading 1528320 bytes of image from flash.
256MB RAM
System Flash=E28F128J3 @ 0xfff00000
BIOS Flash=am29f400b @ 0xd8000
mcwa i82559 Ethernet at irq 11 MAC: 0006.5336.8129
mcwa i82559 Ethernet at irq 10 MAC: 0006.5336.8128
|| ||
|| ||
|||| ||||
..:||||||:..:||||||:..
c i s c o S y s t e m s
Private Internet eXchange
Cisco PIX Firewall
Cisco PIX Firewall Version 6.2(1)
Licensed Features:
Failover: Enabled
VPN-DES: Enabled
VPN-3DES: Disabled
Maximum Interfaces: 8
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited
An internal error occurred. Specifically, a programming assertion was
violated. Copy the error message exactly as it appears, and get the
output of the show version command and the contents of the configuration
file. Then call your technical support representative.
assertion "addr < sfmm_chip_size" failed: file "sfmm.c", line 254
No thread name
Traceback:
0: 802decd5
1: 8007a8ce
2: 800769bb
3: 80078223
4: 8007635e
5: 800017d5
6: 800758ab
7: 80120ed6
vector 0x00000003 (breakpoint)
edi 0x8007a887
esi 0x000000fe
ebp 0x7ffffcb8
esp 0x7ffffcac
ebx 0x8007a5a3
edx 0x000003fd
ecx 0x0000000a
eax 0x00000042
error code n/a
eip 0x802dffac
cs 0x00000008
eflags 0x00000046
CR2 0x00000000
Stack dump: base:0x7ffffc2c size:64, active:64
0x7ffffd2c: 0x00020000
0x7ffffd28: 0x807f2828
0x7ffffd24: 0xfffe0000
0x7ffffd20: 0x00000300
0x7ffffd1c: 0x800769bb
0x7ffffd18: 0x7ffffd48
0x7ffffd14: 0x00000001
0x7ffffd10: 0x00000002
0x7ffffd0c: 0x800762f4
0x7ffffd08: 0x804a849c
0x7ffffd04: 0x00000020
0x7ffffd00: 0x805100c0
0x7ffffcfc: 0x7ffffd48
0x7ffffcf8: 0x8007a887
0x7ffffcf4: 0x000000fe
0x7ffffcf0: 0x8007a5a3
0x7ffffcec: 0x8007a8ce
0x7ffffce8: 0x7ffffd18
0x7ffffce4: 0x80317cd4
0x7ffffce0: 0xffffffff
0x7ffffcdc: 0x80078163
0x7ffffcd8: 0x807f2828
0x7ffffcd4: 0xfffe0000
0x7ffffcd0: 0x805100c0
0x7ffffccc: 0x000000fe
0x7ffffcc8: 0x8007a5a3
0x7ffffcc4: 0x8007a887
0x7ffffcc0: 0x802dec68
0x7ffffcbc: 0x802decd5
0x7ffffcb8: 0x7ffffce8
0x7ffffcb4: 0x00000046
0x7ffffcb0: 0x00000008
0x7ffffcac: 0x802dffac *
0x7ffffca8: 0x00000042
0x7ffffca4: 0x0000000a
0x7ffffca0: 0x000003fd
0x7ffffc9c: 0x8007a5a3
0x7ffffc98: 0x7ffffcac
0x7ffffc94: 0x7ffffcb8
0x7ffffc90: 0x000000fe
0x7ffffc8c: 0x8007a887
0x7ffffc88: 0x00000003
0x7ffffc84: 0x80004779
0x7ffffc80: 0x7ffffcb8
0x7ffffc7c: 0x802c4deb
0x7ffffc78: 0x7ffffc98
0x7ffffc74: 0x7ffffd48
0x7ffffc70: 0x00000001
0x7ffffc6c: 0x000000fe
0x7ffffc68: 0x8007a5a3
0x7ffffc64: 0x7ffffd48
0x7ffffc60: 0x80120ed6
0x7ffffc5c: 0x00000007
0x7ffffc58: 0x7ffffcac
0x7ffffc54: 0x80002d70
0x7ffffc50: 0x7ffffc80
0x7ffffc4c: 0x7ffffcac
0x7ffffc48: 0x80002ab0
0x7ffffc44: 0x00000040
0x7ffffc40: 0x7ffffc80
0x7ffffc3c: 0x74656720
0x7ffffc38: 0x7ffffe28
0x7ffffc34: 0x2c737261
0x7ffffc30: 0x8007a887
Nested traceback attempted via interrupt.
Traceback output aborted.
Rebooting..þUrgent help!!!
-
Oracle 8i through CISCO PIX Firewall
HI all,
I Need some help here with CISCO PIX Firewall 506e series. The ORACLE Server 8i on Windows NT.4, placed at the inside interface of PIX Firewall.
The Firewall has been configured to allow all the port to come from outside interface (this is where the Oracle client reside). When the client from outside try the oracle client application (where the login promt for username and password) when pressed enter the error msg
=============================
oracle error con 440
unable to make connection oracle - 12514 tns.couldn't resolve service name
the menu was not connectable with oracle. a menu is ended
==============================
Many thanks for PIX and Oracle config.
HATOVarun,
Thank you for your help.
I have one quick question, this pix is not in failover, it is standalone but it has Unrestricted license. It only has 64Mb of Ram. Will I have any problems based on your link recommendation?
Memory Requirements:
If you are using a PIX 515/515E running PIX Version 6.2/6.3, you must increase your memory before upgrading to PIX Version 8.0(2). This version requires at least 64 MB of RAM for Restricted (R) licenses and 128 MB of RAM for Unrestricted (UR) and Failover (FO) licenses
What is the difference between the restricted Licenses and the Unrestricted Licenses?
Thanks! -
PIX firewall 525 on Voice Network for 5000 CC calls
Dear all ,
can some one suggest me will it be recommended to use PIX firewall 525 on Voice ( sip ) network for 5000 CC to 1000 CC calls in signaling mode since our server are using public IP so will i be able to use it without NAT / PAT also will there be any issue of QOS .
RegardsSohail,
If your idea is to add some security between your devices the PIX will work fine (I will prefer and ASA since it can run the latest software). The quality of your voice traffic shouldn't be impacted by the PIX.
Luis Silva -
Hi,
I need urgent help about PIX firewall setup.......
My one of the pix firewall flash was correpted it mean don't have flash file inside... I want to install flash file how to install...
It's showing "monitor >" mode.
monitor > help
by
senthilAnd also i need to know how to reset password i forgot the password for the another firewall...
I have to configure as per diagram(attached) already config is there but i need to know it's write or nor becasue this one last year one.
Please check and let me know ASAP.
Thanks....
Regards,
Senthil
I have to configure as per diagram(attached) already config is there but i need to know it's write or nor becasue this one last year one.
Please check and let me know ASAP.
Thanks....
Regards,
Senthil -
BorderManager and Pix Firewall
Hello,
Just implemented NSBS6.5 for a small bank with Pix firewall's inner IP
address as my next router on hop.Was able to send mails out but could not
receive inbound mails.Also the Bank's web site could no longer be
assesible from within the bank but could be connected to from any where
outside the bank's network.Could ping from the BorderManager proxy with
public IP of 172.16.1.2 to the Pix private with IP of 172.16.1.1
Moreover,a MaCafe Antivirus appliance was brought in and connected btw
the BorderManager Proxy server and the Pix firewall with a bridged
connection and an assigned IP address of 172.16.1.3 and 172.16.1.4 At
this
instance,could no longer ping the Pix 172.16.1.1, but could ping both
interface of the MaCafe appliance.Could not also send nor receive mails
via the mail proxy.
I intend bringing the MaCafe appliance before the BorderManager Proxy
and
assign a LAN address to it since it has a bridged config,so as to isolate
the problem of this appliance.
I need to get the mail server running perfectly and the website
assesible.Pls kindly help my case.
Regards,
Sesan.you need to go ask this in the support.bordermanager.install-setup
group as this group is for the client firewall product only.
Cheers!
Richard Beels
http://www.dsi-consulting.com
Collaboration without complication -
IDS,ASA,PIX firewall monitoring and optimizing
Dear All,
Please let me know the products from Cisco to monitor and optimize the IDS, ASA, PIX firewall in the data centre and corporate networking environment.
I believe that VMS 2.3 can be used.I like to know about the CS-MARS product from Cisco and its usage.
Thanking you
SwamyHi,
CS-MARS is a security product that mainly used to analyse, correlates and produce/recommed mitigation action based on the log analysis.
You need to send your syslog, snmp or NetFlow to CS-MARS from all/selected network devices in the network to enable it to have visibility of the network activities. It has built-in signatures or rules that trigger incidents, and allows you can create your own rule to monitor certain segment or devices. Notification is available in the form of email, sms, pager, snmp and syslog.
CS-MARS does not replace the function of IDS/IPS or antivirus, but as a critical security complimentary product to allow you to stop any detected malicious incidents/activities from a nearest point, e.g shutting down switch port where a PC is detected trying to launch network attack, virus or trojans. The concept more or less similar to 'Forward Defense' used by certain country today.
http://www.cisco.com/en/US/partner/products/ps6241/products_data_sheet0900aecd80272e64.html
CS-MARS is measured by its capabilities to handle received Event and Netflow logs per second. This include the HDD capacity. You can have single unit (Local Controller) or multiple unit that centrally managed by Global Controller.
CS-MARS support wide range of networking and security products.
http://www.cisco.com/en/US/partner/products/ps6241/products_device_support_tables_list.html
Rgds,
AK -
Our US counterpart has shipped the Pix Firewall 506E to us. I need a picture of it so that I can do a customs pre-declaration before it arrives. Could you provide me the picture.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/ps4336/product_data_sheet09186a0080091b13.html
-
Connecting VPNs using a PIX Firewall
Hi,
We are trying to configure a PIX firewall to connect differents VPNs on a MPLS enviroment and we have a problem when we use more than one firewall.
With one FW all works fine, but with two or more in some situation we can have recursive routing and It doens't work.
Do you know any way to connect differents MPLS VPNs using differents Firewalls.
Regards.
Enrique.Would appreciate if you can elaborate more on the topology and the minute details on the problem that you experience with multiple firewalls.
-
Hello,
I'm trying to configure some firewall rules and a nat in our pix 525 and I'm having some issue with the connection
Here are the details:
172.40.40.40 destination host.
1.- I configured an ACL
ACL test 172.80.0.0 255.255.0.0 destination 172.40.40.40
ACL test 172.90.0.0 255.255.255.0 destination 172.40.40.40
inside interface IP 172.20.20.20
outside inteface IP 192.169.1.2
interfaces inside outside (ping and icmp are allow)
static (outside, inside) 172.40.40.40 172.40.40.40
nat (outside) 5 access-list test
global (inside) 5 interface
route inside 172.40.40.40 255.255.255.255 172.30.30.30
route outside 172.80.0.0 255.255.0.0 192.168.1.1
route outside 172.90.0.0 255.255.0.0 192.168.1.1
I'm trying to nat the traffic comming from the outside interface because we want to avoid interal ip conflicts, I'm seeing the hits on the ACL
but can not telnet from 172.80.0.1 to 172.40.40.40 , there are routes and porta enable for that connection
and my flag logs shown me SaAB from the destination host, what could be the problem?
We can ping between the destination host and the pix inside interface and the icmp is allow in all the interfaces.Hello Thank you for your help, we will try to apply that command in our test .
About our test the incoming connection from 172.90.0.0 are telnet session to 172.40.40.40
So we are doing a PAT for those connection (172.90.0.0 PAT to 172.30.30.29) my question is that kind of scheme and configuration is supported on Pix Firewall?
Here is the version: PIX 525
Cisco PIX Firewall Version 6.3(5)
This is the path
MPLS PIX Destination HOST
subnet 172.90.0.0/16 ---- ------------------------- ACL TEST -PAT(172.30.30.29 inside inteface) -------- 172.40.40.40 port 25 -
I want to be able to upgrade my Firefox installations that are located behind a Cisco PIX Firewall. What are the TCP/IP addresses and ports required to be opened for updating to occur?
This is less likely to be a firefox problem, as it appears something bad has happened to your network. Can you access the internet with other programs? Try email/ IRC/ Skype or even updating your computer.
What operating system are you using?
Ian. -
How Much bandwidth a PIX firewall can handle
Hi,
I would like to know, how much bandwidth a PIX firewall can handle. Actually one of our branch office is still having PIX firewall and we have a huge replication going on from head office to this branch.
for temporary purpose we have upgraded the bandwidth to 50 Mbps, but I have noticed that the replication is utilizing only 40 Mbps.
Thanks,
AzeemA PIX can handle from 60 MBit/s (PIX501) up to 1,8 Gbit/s (PIX535). These are the Datasheet-values, so your real-life values will vary. For other models consult the data sheets:
http://www.cisco.com/c/en/us/products/security/pix-500-series-security-appliances/datasheet-listing.html -
NFS protocol across the Pix firewall
I have a Pix 515E running PixOS version 8.0.4 with two interfaces, inside and outside.
On the inside interface, I have a Redhat Enterprise Linux 5.4 64 bits machine as an NFS server version 4 (NFSv4).
On the outside interface, I have three (3) Redhat Enterprise Linux 5.4 64 bits as NFS clients.
I have the following configuration on the Pix:
static (inside,outside) 192.168.1.1 4.2.2.2 netmask 255.255.255.255
access-list external permit icmp any any log
access-group external in interface outside
At the moment, none of the Linux client machines can mount a share on the NFS server because
my ACL is too restrictive. I would like to be able to open the firewall so that Linux client
machines can mount the NFS server using NFS over UDP or NFS over TCP.
I am looking for the exact UDP and TCP ports to be added to the ACL in order to accomplish
this, from someone who have done this before.
Anyone know how to do this?
Thanks,I think I just answer my own post. Just need to add about three lines to the configuration:
access-list external permit tcp any host 4.2.2.2 eq 111 log
access-list external permit udp any host 4.2.2.2 eq 111 log
fixup protocol sunrpc 111
Now I can mount the NFS server from my linux machines -
PDM losing connection to PIX firewall
I'm having this problem if I login to my PIX either a PIX 501 or 506E, the PDM will lose it connection with the PIX after so many minutes. If i go to apply a change or save a config, PDM will tell me it can't communicate with the PIX. I would then have to close my web browser and open a new connection.
I'm running PIX OS 6.3(5) and PDM 3.0(4) with IE 6, Java 1.6.0 on Windows XP
Is there anyway to prevent this from happening??Hi jghiller,
Question: should I share the 7520 on al pcs or none at all?
The printer should not be shared from one computer to another. Each computer can directly access the printer.
Question: If I disable my security software firewall, should the printer be found and installed on wireless network OK?
The firewall can cause problems, but not like they used to. With this being a current printer, most firewalls should work fine with the printer.
Dropping from the network:
There are multiple possibilities.
1. Try turning off UPnP in the printer embedded web server. Type the IP of the printer into a web browser to access the EWS. On the network tab, selecting Networking on the left side and then UPnP.
2. If your router supports double width data channels, try changing the router to use single width channel. You will need to access the EWS of the router. Most routers will say either default or double. There might be a number listed instead. Try setting the router to 20Mhz channel width.
3. Also, setting a static IP for the printer could be a good idea. That way the printer IP won't change and possibly get lost by the computers. This setting also appears in the printer EWS.
Try the HP Wireless Printing Center for tips:
http://www8.hp.com/us/en/campaigns/wireless-printing-center/overview.html
I was an HP employee.
Please mark the post that solves your problem as "Accepted Solution" -
I am trying to make an IPIPGW accessible through a PIX 6.3(5) firewall. The H.323 ras and H225 fixups are enabled, but connections to the IPIPGW are not established; the firewall generates an error "call proceeding before setup". The workaround appears to be to disable both fixups and open >1024 ports, which is less than ideal. What generates the "call proceeding before setup" and can it be worked around on the IPIPGW; I've tried both slow- and fast-start connections.
Hi,
this is really an odd issue. The Q.931 sequence of call setup is:
A SETUP --> B
(optionally B can reply with "SETUP->ACK", or if it is an overlapped number, but this does not count for H.323)
B CALL PROCEEDING / PROGRESS / ALERT --> A
B CONNECT --> A
It is very basic, but in general that is the procedure. Cisco says that a SETUP message has arrived after the CALL PROCEEDING one, which is incorrect. An H.323 (H225) debug would bring some light to the issue.
We have a network of Cisco voice gateways, Call managers, thirf party gatekeepers and gateways, calling each other through a Cisco 6.4 PIX and it works (however we had some nasty troubles with path mtu discovery).
Maybe you are looking for
-
Photoshop 7.0 wont open
I have used Photoshop 7.0 for years and suddenly it won't open. I did read the previous post on this between Schlader Photography and John Joslin...but my problem seems to have its own quirk...my program wouldn't re-install. I tried everything they
-
Why does it say rogers 3g on my ipad when it should say rogers 4g?
why does it say rogers 3g on my ipad when it should say rogers 4g
-
i have his problem i have implemented key listener correctly, but how do i change the response of the program if i hold the key. atm the problem is that when i hold the key it takes it a while to start up (its a ball that is controled by a keyboard).
-
Could not start the Crystal Report Application Server service on local computer
Post Author: [email protected] CA Forum: Deployment Hi I have a following problem. I have installed Crystal report application server(RAS)(CE embeded 10) on Windows server 2003 enterprise x64 edition. When i start it, i see an error: Could not start
-
How to uninstall Disk for iPhone (x2) ?!?!
someone already posted about this, but that thread is archived. I'm new to mac and wanted my iphone to behave similar to that on a PC in the sense that it can be browsed via windows explorer to batch capture photos, etc. I installed MacFuse and Disk