DB access through Firewall

Similar Messages

• Webmin Port Access through firewall

  OSX 10.8.5
  I just finsihed installing the latest version of Webmin.
  Everything is working fine but I can not figure out how to allow access through the firewall GUI.
  I need to open port 10000. Any suggestions?

  Thanks, I posted there a few months ago, without luck. I think I've finally found something when Googling the versions of each. iChat on Leopard doesn't use newer authentication protocols and Psi would need recompiled to be compatible. If anyone is curious in the modification here you go:
  http://forum.psi-im.org/thread/5091
  For now I'm looking for an alternative Jabber server to use.

• Is it possible to restrict SNMP access through firewall

  My appoligies if there is already an answered discussion about this, that I didn't find.
  In addition to just limiting the IP addresses allowed to have access and TCP/UDP port and direction of access, is it possible to further restrict SNMP traffic through an ASA firewall.  Example 1:  Can IP address IP_A on network A be forcibly limited to have only readonly SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues(or the configuration of device IB_B )?
       IP_A   ------- FW -------- IP_B
  Example 2:  Can IP address IP_A on network A be forcibly limited to have only readonly access to specific OID via SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues (or the configuration of device IP_B)?
       IP_A ------>  FW ------> IP_B
  It looks like IOS 10.3 and above allow devices to have such access limiting.  I was wondering if this could also be done via ASA for any end device.
  Thanks
  Jim

  No.
  An ASA can, as you noted, restrict source and destination IP and port. To do what you are asking, one would need to prevent a string within the payload from being transmitted (or only accept certain strings).
  You should just put the access-list on the destination device(s) restricting what host(s) are allowed snmp rw (as you alluded to). That's a very common implementation straight out of the textbook.

• Fingerprint Device access through firewall

  Hello Fellow Mates,
  One of my client has a fingerprint device configured in his environment. There is the internet router then there is the switch and then some pcs and the device connected. All are accessible through their headoffice as well, but now when the firewall is implemented between the internet router and the switch. Everything is working fine. Everything is accessible from the headoffice except the fingerprint device. internally its fine but cant be accessed from out. ACL allows ip any any. so no ip or port issue. went through the below link and have done everything as well but not luck. The default gateway for the fingerprint device is the Internet router, couldnt give it as the firewall because its in transparent mode.
  http://www.midextimeandattendance.com/support/how-to/fingerprint-reader/connect-remotely/
  Regards,
  -Mateen

  The JMX Management Server is only used to start up the native Memory Leak Server. The call to start up the Memory Leak Server returns an anonymous port over wich all further communication with the Memory Leak Server takes place.
  This is not a technical constraint though; it just reflects the way the client is currently written. I'll make sure the next version of the MemoryLeak Detector client supports a user specified port for the communication with the Memory Leak Server - at the very least through a system property.
  Contact me at hirt(at)bea.com if this is something you need right away. ;)
  Kind regards,
  Marcus

• Management server access through firewall

  I'm trying to use the memory leak detector with a server in our data canter. The firewall only allows communication on certain ports and I've set -Djrockit.managementserver.port to use one of them.
  The initial connection (RMI registry lookup) from the client works fine, but then the client tries to connect back to an "anonymous" (random) port that the RMI (mgmt) server listens at.
  Is there a way to specify which port the actual mgmt server listens at? (I've also tried -Dcom.sun.management.jmxremote.port, but that didn't help either)
  We'd like to avoid having to open ports for each newly establish connection.
  Thanks!

  The JMX Management Server is only used to start up the native Memory Leak Server. The call to start up the Memory Leak Server returns an anonymous port over wich all further communication with the Memory Leak Server takes place.
  This is not a technical constraint though; it just reflects the way the client is currently written. I'll make sure the next version of the MemoryLeak Detector client supports a user specified port for the communication with the Memory Leak Server - at the very least through a system property.
  Contact me at hirt(at)bea.com if this is something you need right away. ;)
  Kind regards,
  Marcus

• Unable to access the Firewall through ASDM

                     Hi All,
  Thanks in advance ,
  in my organisatin we are facing one issue with launching of ASDM in ASA 5520 , when wer are trying to access the Firewall through ASDM we are unable to access that , see the java error loggs below , yes i know if we reload the firewall then this problem will solve , but my organisation management donsent want to reload the firewall , other procedure is to upgrage the ASDM version , just let me know the procedure for this
  Using JRE version 1.7.0_25 Java HotSpot(TM) Client VM
  User home directory = C:\Users\shussain
  c:   clear console window
  f:   finalize objects on finalization queue
  g:   garbage collect
  h:   display this help message
  m:   print memory usage
  q:   hide console
  s:   dump system properties
  ASDM Application Logging Started at Tue Aug 20 11:04:48 AST 2013
  Local Launcher Version = 1.5.30
  Local Launcher Version Display = 1.5(30)
  OK button clicked
  Trying for ASDM Version file; url =
  https://192.168.50.2/admin/
  Server Version = 6.1(3)
  Server Launcher Version = 1.5.30, size = 319488 bytes
  invoking SGZ Loader..
  Cache location = C:/Users/shussain/.asdm/cache
  Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NumberFormatException: For input string: "1 year 192"
  at java.lang.NumberFormatException.forInputString(Unknown Source)
  at java.lang.Integer.parseInt(Unknown Source)
  at java.lang.Integer.parseInt(Unknown Source)
  at com.cisco.pdm.Check.h(DashoA10*..:1358)
  at com.cisco.pdm.Check.c(DashoA10*..:858)
  at com.cisco.pdm.Check.a(DashoA10*..:438)
  at com.cisco.pdm.PDMApplet.start(DashoA10*..:132)
  at com.cisco.nm.dice.loader.r.run(DashoA19*..:410)

  dear marvin,
  find my firewall sh version output, and asdm version ,
  ciscoasa# sh ver
  Cisco Adaptive Security Appliance Software Version 8.0(4)
  Device Manager Version 6.1(3)
  Compiled on Thu 07-Aug-08 20:53 by builders
  System image file is "disk0:/asa804-k8.bin"
  Config file at boot was "startup-config"
  ciscoasa up 1 year 193 days
  Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  Internal ATA Compact Flash, 256MB
  BIOS Flash M50FW080 @ 0xffe00000, 1024KB
  Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                               Boot microcode   : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
  0: Ext: GigabitEthernet0/0  : address is 0021.a09a.ba76, irq 9
  1: Ext: GigabitEthernet0/1  : address is 0021.a09a.ba77, irq 9
  2: Ext: GigabitEthernet0/2  : address is 0021.a09a.ba78, irq 9
  3: Ext: GigabitEthernet0/3  : address is 0021.a09a.ba79, irq 9
  4: Ext: Management0/0       : address is 0021.a09a.ba7a, irq 11
  5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
  6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
  Licensed features for this platform:
  Maximum Physical Interfaces  : Unlimited
  Maximum VLANs                : 150      
  Inside Hosts                 : Unlimited
  Failover                     : Active/Active
  VPN-DES                      : Enabled  
  VPN-3DES-AES                 : Disabled 
  Security Contexts            : 2        
  GTP/GPRS                     : Disabled 
  VPN Peers                    : 750      
  WebVPN Peers                 : 2        
  AnyConnect for Mobile        : Disabled 
  AnyConnect for Linksys phone : Disabled 
  Advanced Endpoint Assessment : Disabled 
  UC Proxy Sessions            : 2        
  This platform has an ASA 5520 VPN Plus license.
  Serial Number: JMX1304L0HA
  Running Activation Key: 0x0313c076 0x58bdf52e 0xa83245ac 0xb460b058 0x88201caa
  Configuration register is 0x1
  Configuration last modified by enable_15 at 10:18:47.850 AST Wed Aug 21 2013
  ciscoasa#  
  ciscoasa# sh run asdm
  asdm image disk0:/asdm-613.bin
  asdm location internal-network1 255.255.0.0 internal

• Internet Access through TMG for all HO & Branch office

  Dear Experts!,
  I am new to the Forefront TMG 2010. Have requirement to implement internet access.
  Head office : 192.168.11.x/24 (192.168.11.1 is the TMG server)
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Forefront TMG 2010 standard edition.
  Having 3 NIC's two have different ISP network addresses and one has 192.168.11.1.
  Branch office are connected using MPLS network, the requirement is all branch site internet must be accessed through TMG 2010 server which is homed in Head Office. How to achieve ?
  What needs to be done in external firewall and in TMG for enabling internet access.
  Thanks!
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

  Hi Ganesh,
  Hope this helps
  1 - If you wish to give internet as Proxy to users.
  Ensure the Below subnet is able to reach TMG Internal Interface that is 192.168.11.1
  Subnet
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Configuration
  Enable Proxy in TMG and configure Proper Ports as per your requirements
  On the Client IE – Ensure you put Proxy IP as TMG and Port configured in TMG configuration.
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : Authenticated Users
  2 As normal Internet as Gateway to users
  You need to request your MPLS provider to change the Default Route of below subnet to 192.168.11.1. By doing this, all the internet request from the below subnet to internet will hit TMG.
  Subnet
  Branch Office 1: 192.168.12.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.14.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.16.x/24 Default Route 192.168.11.1
  IF you have any L3 Switch then you can also make Default gateway as L3 for all the subnet and from L3 device point it to TMG
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : All Users ( Important )
  Two ISP
  In network Rules : You need to use NAT
  You will have a Rule which NATS internal to  External
  On external - Choose which ISP interface should be used  and Apply NAT rule

• Printing from websites accessed through Firefox is unitelligible - just symbols, whereas fine with Safari.

  For the last week or so, whenever I try to print from a website accessed by Firefox (either to pdf or printer) the resulting pages(s) are completely unitellibible -- they look like a kind of code. I have McAfee- SitAdvisor is disabeled and Firefox has full access through the Firewall. My Windows FIrewall is turned off.
  When I use Safari for the same operations, everything prints fine.
  Please advise.
  Thanks

  I also have this problem. I believe it is caused by being connected through a proxy which is adding a second compression to the data. (I think IF uses gzip compression already).
  Added details:
  * Opera also works.
  * I can view the IF admin section on FF
  * I can view the forum if I go through a web proxy.

• When accessed from Firewall, the OSB WSDL is inserting schemalocation with HTTP port instead of HTTPS

  We have OSB service and we are able to access over firewall. Also the WSDL, Schemas etc., But when we external users access the WSDL, they are not able to get complete content i.e schemas are not imported.
  Reason is WSDL has http (<import schemaLocation="http://test.com:80/xxxxxx/Proxy/schema") with port no 80 instead of https (<import schemaLocation="https://test.com/xxxxxx/Proxy/schema") .
  Since we don't specify the complete schema location in WSDL, how does WSDL include the complete schema path? And how to change it https path instead of http?

  Namaste,
  Sorry for the delayed response.
  Yet, my one query is not answered.
  Q:Are you ABLE to get the Desired path in Endpoint URL(https) as well?
  Explanation:
  What I mean is, When the external users access the WSDL (I am assuming External Users are able to access WSDL through Firewall),
  As you have mentioned that XSD imports have HTTP instead of HTTPS, but how about the soap:address location? Even this points to HTTP instead of HTTPS?
  (Ex:
  <wsdl:service name="CaduceusSiteService">
      <wsdl:port name="site_pt" binding="tns:site_pttBinding">
          <soap:address location="https://www.test.com/test123"/>    ---> is this HTTP or HTTPS?
      </wsdl:port>
  </wsdl:service>
  BTW, did you set, HTTP Transport Configuration --> HTTPS required parameter to "YES"? (This is a prerequisite).
  We had a similar issue, where we had HTTP instead of HTTPS when WSDL accessed from Firewall.
  However, after lot of struggle, we got it worked after changing Firewall (MS TMG) settings to support for "text/xml".
  I think, it could be the same settings needed to done in your case too. Please do check the firewall settings.
  Thanks,
  Nagaraj Ganapa

• Disable Webservices access through web

  Hi All,
  In OFMW and AIA 11g ps3, how can we disable webservices access through web i.e. restrict webservice call from outside
  world using OWSM security policies?
  We dont want to use username based authentication or any other policies that is based on authentication and authorization.
  Please let me know how can we achieve this?
  Thanks in advance.

  Hi,
  I think the best way would be to block the access to services at firewall so that these services have restricted access within the network. This can be achieved only if none of the services need to be exposed over to the internet.
  Regards,
  Neeraj Sehgal

• Discoverer through firewall

  Hi all,
  hi have installed Oracle Business Intelligenge 10g (10.1.2). I
  I lunch Oracle discoverer plus in the local network and all work fine. But when i try to access to oracle discoverer by interner (through firewall ) i see the logon page but after input User Name Password ed cnnect string a obtained Page not Found.
  Thank in advance.
  Best Regards
  Giuseppe Marcello

  By Default, Discoverer uses JRMP protocol, which does not necessarily pass
  through the firewall.
  Configure Discoverer to use HTTP instead of JRMP and it will solve your problem.
  The 10.1.2 Discoverer Enterprise Manager allows you to configure this.

• Can RMI get through firewall?

  my java applet will have to communicate with SAP server using JCO
  so the applet connects to an RMI server then the RMI server connects to SAP server.
  in between applet and RMI server there is a firewall. will RMI get through firewall?

  The answer is "maybe". It depends on
  o How the service is coded. Probably has to be written to communicate using a fixed port number, rather than randomly assigned. (Most firewalls allow access to only specified ports.)
  o Changing the firewall settings.
  o Whether or not your server tries to call back the client, and whether the client is also behind a fireall. If these two details are both true, then you are probably dead in the water.
  There are HTTP tunelling techniques for getting through firewalls. Haven't used them, but if you look back through this forum you'll probbly find some info.

• HT1329 if the music that is on the iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?

  if the music that is on an iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?

  See this support article:
  http://support.apple.com/kb/HT1848
  You can also download at least some of your content (audiobooks being a notable exception) again from the iTunes Store:
  http://support.apple.com/kb/ht2519
  For additional instructions, particularly for content not purchased from the iTunes Store, check out this user tip from TuringTest:
  https://discussions.apple.com/docs/DOC-3991
  and this page on "How-to Geek":
  http://www.howtogeek.com/104298/sync-your-ios-device-with-a-new-computer-without -losing-data/
  Regards.
  Forum Tip: Since you're new here, you've probably not discovered the Search feature available on every Communities page, but next time, it might save you time (and everyone else from having to answer the same question multiple times) if you search a couple of ways for a topic, both in the relevant forums and in the Apple Knowledge Base, before you post a question.

• Can I use the new Time Capsule to backup my mid 2010 Macbook Pro? Also can I want to free up my hard disk, can I save my photos and files on the time capsule and later access through wifi?

  Can I use the new Time Capsule to backup my mid 2010 Macbook Pro? Also can I want to free up my hard disk, can I save my photos and files on the time capsule and later access through wifi?

  Can I use the new Time Capsule to backup my mid 2010 Macbook Pro?
  Yes, if you are asking about using Time Machine to backup the Mac.
  Also can I want to free up my hard disk, can I save my photos and files on the time capsule and later access through wifi?
  You are not thinking of deleting the photos and files on your Mac, are you?  If you do this, you will have no backups for those files.
  Another concern is that Time Machine backs up the changes on your Mac. At some point, Time Machine will automatically delete the photos and files from the Time Capsule.....you just don't know when this might occur.
  In other words, only delete files from your Mac that you can afford to lose.

• Remote panel and selective control access through Security with DSC

  Hi Everyone,
  I looked around to see what labview had to offer concerning security of remote panel and all the solutions I've found only propose full access to a remote panel, or none. The login page is not an option for me as everyone on the intranet can access the remote panel for monitoring but not everyone can have control to the buttons on it.
  With the DSC module, I can give securities to the different controls and it works great with the exe, if I log in or out, the controls appears or disapears. Unfortunately, with remote panels, those controls are always visibles. Furthermore, when I log in from a remote panel, all the other remote panels get logged in with the same username and priviledges. When I log out, same thing, it logs out all the other remote panels. So the last guy who logs in gives its priviledges to every one else who is monitoring the remote panel at that time. when he logs out, he logs everyone out. I used a reentrant vi hoping that this would solve the problem but it didnt.
  I would like to do what my colleague does with Advantech without any problem. He has only 1 .exe is running on the server and whoever connects to it through webserver, just needs to log in and he has all the priviledges of an guest, operator, admin, etc.. with access to controls and features accordingly. All this without interfering with the other people using the remote panels. This colleague has always been doubtful about the capabilities of labview to do SCADA systems and uptil now, I've been able to prove him wrong.. please help me continue
  There are workarounds, using remote desktop to the server instead of webserver but it definitely is not as practical for the client and it will need quite some work to to synchronise all the exes open from the differents sessions, through the use of shared variables, binding and securities.
  Thank you for your help.
  Solved!
  Go to Solution.

  Thank you very much for your reply Jordan.
  The NI security info is on the server (local domain with groups and users), and the running exes as well. The remote panel is not supposed to be accessed by internet, at least not yet, but just by the computers on the network and thinkline computers who are directly connected to the servers. the remote panel is accessed through the simple url: http://serverip/Application.html
  There is no problem with accessing the remote panel of the exes on the server from another computer on the network. But there are several security issues when logging in and out with the NI Security Programmatic Login and logout VIs through the remote panel..
  The 1st problem occurs when several people access the remote panel at the same time. In my setup, everyone is allowed to check what's happening on the front panel of the running exe, go through the tabs, check the graphs, the tables, etc.. , but only the administrators and the operators can send commands to the machines and the production line through this remote panel. Hence some buttons are accessible to all users, while others are only accessible depending  on the privileges of the person logged in.
  So like I said in the 1st post, I configured some buttons to be accessible only by the users of the admin group. When the exe runs, it's perfect, if I log in and out with an admin account, the buttons appears and disappear accordingly. But when I check the remote panel, those admin buttons are always visible, even if I am logged in as a guest or even logged out. Is it because the remote panel only needs minimum runtime engine and doesnt use the dsc runtime engine? if so, any work around?
  Furthermore, another big problem is that if I login as an admin in one remote panel, then login as an guest in another remote panel, and then logout back from the first remote panel, it says: "User Domain/Guest logged out". Hence, my second login logged out my first user. I can actually see the admin buttons appearing and disappearing on the exe when login as admin and guest from the different remote panels.
  So that's it, I would like my remote panel to behave like a normal scada system, with one exe running in the back (on the server) and with all the users accessing it through web server. Several users might/will access the remote panel at the same time and each of the users have a login/password that grant some of them the privileges to take some actions while giving the others only monitoring rights.
  I hope that I have been more clear in this 2nd post,
  Thank you again for your time.
  Best Regards,
  Tom.