Defining Zones

Can i define zones(basically a close area " Defination"), in spatial oracle.And then ater , use some operators provided by spatial option to find if a point is within the given zone definaion or not?

You can do this with Oracle Spatial.
Basically it sounds like you want to create an area-of-interest (or window) or a set of them, and then test whether other geometry objects stored in Oracle spatial have some relationship with that area of interest.
Oracle Spatial lets you store the area of interest definitions, or create them on the fly.
You might want to check out the user's guide or newly updated course materials on OTN.
null

Similar Messages

Interzone communication with local defined zones

We have defined two local zones. The internal zone allows only to register from an private network. The other zone allows to register clients from all other zone. The gatekeeper is accessible through static nat from the outside.
Netmeeting clients from the different networks are registered in the right zone. Clients in the same zone can talk eachother. If we try to connect to an user in the other zone, we get a message that the specified user is not registerd in any zone.
Our question: How can users from one zone see other users in the other zone, and how can they connect ? Should the h323-id of the client have a suffix like the zone name?
gatekeeper
zone local internal internal.net 10.x.x.x
zone local external external.net
zone subnet internal 10.x.x.x/24 enable
no zone subnet internal default enable
no zone subnet external 10.x.x.x/24 enable
zone subnet external default enable
.use-proxy internal remote-zone external inbound-to terminal
use-proxy internal remote-zone external outbound-from terminal
no shutdown
Further the proxy function between the terminals of both zone is activated. the proxy interface is defined on the physical interface.

Some of these cisco documents could help you solve the problem.
Basic Two Zone Gateway - Gatekeeper Configuration
http://www.cisco.com/warp/public/788/voip/2zone_gw_gk.html
Configuring Basic Gatekeeper Call Admission Control
http://www.cisco.com/warp/public/788/voip/add_control_gk.html
Understanding Cisco IOS H.323 Gatekeeper Call Routing
http://www.cisco.com/warp/public/788/voip/gk-call-routing.html
Configuring a Cisco IOS H.323 Gateway for Use with Cisco CallManager
http://www.cisco.com/warp/public/788/AVVID/config_h323_ccm.html

PS script that fills security zones in IE

This script fills the IE security zones. The idea is for it to be added as a logon script. I reworked it from the original script from David Wyatt on https://social.technet.microsoft.com/Forums/windowsserver/en-US/84434209-0b35-49f1-91f7-0e041ca656da/powershell-add-url-to-intranet-zone?forum=winserverpowershell
The script was tested on PowerShell 4.0.
Each IE security zone has an array of domains.
It goes like this :
#Script for adding domains to diferent zones
#Define zone arrays and zone values
$LocalArray=@("firstlocal.com", "secondlocal.com")
$TrustedArray=@("firsttrusted.com", "secondtrusted.com")
$RestrictedArray=@("firstrestricted.com", "secondrestricted.com")
$LocalValue=(1)
$TrustedValue=(2)
$RestrictedValue=(4)
#Add array elements to Local intranet zone
ForEach ($element in $LocalArray)
#Add to Domains
$Path=("HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\" + $element)
if (-not (Test-Path -Path $Path))
New-Item -Path $Path
Set-ItemProperty -Path $Path -Name http -Value $LocalValue -Type DWord
Set-ItemProperty -Path $Path -Name https -Value $LocalValue -Type DWord
#Add to EscDomains
$Path=("HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\" + $element)
if (-not (Test-Path -Path $Path))
New-Item -Path $Path
Set-ItemProperty -Path $Path -Name http -Value $LocalValue -Type DWord
Set-ItemProperty -Path $Path -Name https -Value $LocalValue -Type DWord
#Add array elements to Trusted intranet zone
ForEach ($element in $TrustedArray)
#Add to Domains
$Path=("HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\" + $element)
if (-not (Test-Path -Path $Path))
New-Item -Path $Path
Set-ItemProperty -Path $Path -Name http -Value $TrustedValue -Type DWord
Set-ItemProperty -Path $Path -Name https -Value $TrustedValue -Type DWord
#Add to EscDomains
$Path=("HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\" + $element)
if (-not (Test-Path -Path $Path))
New-Item -Path $Path
Set-ItemProperty -Path $Path -Name http -Value $TrustedValue -Type DWord
Set-ItemProperty -Path $Path -Name https -Value $TrustedValue -Type DWord
#Add array elements to Restricted intranet zone
ForEach ($element in $RestrictedArray)
#Add to Domains
$Path=("HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\" + $element)
if (-not (Test-Path -Path $Path))
New-Item -Path $Path
Set-ItemProperty -Path $Path -Name http -Value $RestrictedValue -Type DWord
Set-ItemProperty -Path $Path -Name https -Value $RestrictedValue -Type DWord
#Add to EscDomains
$Path=("HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\" + $element)
if (-not (Test-Path -Path $Path))
New-Item -Path $Path
Set-ItemProperty -Path $Path -Name http -Value $RestrictedValue -Type DWord
Set-ItemProperty -Path $Path -Name https -Value $RestrictedValue -Type DWord
The script is ugly and long. It repeats for each of the three zones.
Any idea how to add a second loop that would shorten it?
Newb

Your request doesn't make any sense. You have three sets of unrelated things. You need three loops.
¯\_(ツ)_/¯

ZONE,VSAN,IVR

i tryed to ask my question in scenario:
please consider two seprate switch:SW1 and SW2.
we create VSAN2 and define "zone a" and "zone b" on SW1 and we create
VSAN3 and define "zone c" and "zone a" on SW2
Now, we connect via trunk link these two switches together. and then
we run Routing on these switches like IVR. now please answer these
questions:
1) consider host1 is connected to SW1 and this host is connected to VSAN2 (zone a) and this host try to see host2. host2 is connected to VSAN3 (zone c)in SW2.IVR is run on both SW1 and SW2. Now is this possible for host1 to see host 2?
2) how about if one device connected to SW1 in VSAN2 (zone a) and this device is trying to see another device connected to SW2 in VSAN3 (zone a). IVR is running on both switch.

With your first scenario, yes you can have the hosts talk, but it won't be using either of the existing zones. You create a new zone, an IVR Zone, which zones what you want in VSAN2 to talk to what in VSAN3. Regular zones are irrelevant outside of their respective VSANs. The same thing is true for your point #2. Yes IVR will allow a host in one VSAN to access a target in a different VSAN. What zones these objects are members of does not matter, so long as a new zone is created that is an IVR Zone which contains the objects. IVR zones are a bit different than regular zones, with an IVR zone you don't just specify the device itself but you specify its VSAN.

Default class map is dropping all Packets

Hello I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time. I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part. Any help is greatly appreciated!!!!
The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
Guest VLAN has access to 2 IP's in Data for printing.
Cisco871#sh run
Building configuration...
Current configuration : 8005 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
hostname Cisco871
boot-start-marker
boot-end-marker
logging buffered 4096
no logging console
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock summer-time PST recurring
crypto pki trustpoint TP-self-signed-4004039535
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4004039535
revocation-check none
rsakeypair TP-self-signed-4004039535
crypto pki certificate chain TP-self-signed-4004039535
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303034 30333935 3335301E 170D3038 30323037 30373532
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303430
33393533 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CEC2 7B89C73F AB4860EE 729C3B64 82139630 239A2301 8EA8B4C4 05505E25
B0F24E7F 26ECEC53 3E266E80 F3104F61 BDDC5592 40E12537 2262D272 08D38F8E
147F5059 7F632F5E 635B9CDF 652FFE82 C2F45C60 5F619AF0 72E640E0 E69EA9EF
41C6B06C DD8ACF4B 0A1A33CF AF3C6BFB 73AD6BE0 BD84DD7F 435BD943 0A22E0E5
F4130203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
551D1104 18301682 144C7570 696E2E44 61627567 61626F6F 732E6F72 67301F06
03551D23 04183016 801473C6 E0784818 29A89377 23A22F5E BDD430CE E282301D
0603551D 0E041604 1473C6E0 78481829 A8937723 A22F5EBD D430CEE2 82300D06
092A8648 86F70D01 01040500 03818100 299AD241 442F976F 4F030B33 C477B069
D356C518 8132E61B 1220F999 A30A4E0C D337DCE5 C408E3BC 0439BB66 543CF585
8B26AA77 91FA510B 14796239 F272A306 C942490C A44336E0 A9430B81 9FC62524
E55017FA 5C5463D7 B3492753 42315BEC 32B78F24 D10B0CA7 D1844CD5 C3E466B9
3543BD68 A4B2692D 05CBF6DC C93C8142
            quit
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.5
ip dhcp excluded-address 172.16.15.1 172.16.15.5
ip dhcp excluded-address 172.16.15.14
ip dhcp excluded-address 172.16.17.1 172.16.17.5
ip dhcp excluded-address 192.168.19.1 192.168.19.5
ip dhcp pool MyNetNative
   import all
   network 10.0.0.0 255.255.255.248
   default-router 10.0.0.1
   domain-name MyNetNet.org
   dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
   lease 0 2
ip dhcp pool MyNetData
   import all
   network 172.16.15.0 255.255.255.240
   dns-server 172.16.15.14 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
   default-router 172.16.15.1
   domain-name MyDomain.org
ip dhcp pool MyNetVoice
   import all
   network 172.16.17.0 255.255.255.240
   dns-server 172.16.15.14
   default-router 172.16.17.1
   domain-name MyDomain.org
ip dhcp pool MyNetGuest
   import all
   network 192.168.19.0 255.255.255.240
   default-router 192.168.19.1
   domain-name MyNetGuest.org
   dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
ip domain name MyDomain.org
ip name-server 172.16.15.14
ip name-server 4.2.2.4
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect TCP_PARAM
parameter-map type inspect global
username MyAdmin privilege 15 secret 5 MyPassword
archive
log config
hidekeys
class-map type inspect match-all MyNetGuest-access-list
match access-group 110
class-map type inspect match-any Base-protocols
match protocol http
match protocol https
match protocol ftp
match protocol ssh
match protocol dns
match protocol ntp
match protocol ica
match protocol pptp
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all MyNetGuest-Class
match class-map MyNetGuest-access-list
match class-map Base-protocols
class-map type inspect match-all MyNetNet-access-list
match access-group 100
class-map type inspect match-any Voice-protocols
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any Extended-protocols
match protocol pop3
match protocol pop3s
match protocol imap
match protocol imaps
match protocol smtp
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
class type inspect MyNetGuest-access-list
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
class type inspect MyNetGuest-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone
class class-default
pass
zone security MyNetNet-zone
zone security MyNetGuest-zone
zone security MyNetWAN-zone
zone-pair security MyNetNet->MyNetGuest source MyNetNet-zone destination MyNetGuest-zone
service-policy type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetWAN source MyNetGuest-zone destination MyNetWAN-zone
service-policy type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetNet source MyNetGuest-zone destination MyNetNet-zone
service-policy type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
interface FastEthernet0
description Cisco-2849-Switch
switchport mode trunk
speed 100
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
description SBS-Server
switchport access vlan 10
spanning-tree portfast
interface FastEthernet4
description WAN
no ip address
ip mtu 1492
ip nat outside
ip virtual-reassembly
zone-member security MyNetWAN-zone
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
interface Vlan1
description MyNetNative
ip address 10.0.0.1 255.255.255.248
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
ip tcp adjust-mss 1452
interface Vlan10
description MyNetData
ip address 172.16.15.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan20
description MyNetVoice
ip address 172.16.17.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan69
description MyNetGuest
ip address 192.168.19.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetGuest-zone
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
access-list 100 remark MyNetnet
access-list 100 permit ip 10.0.0.0 0.0.0.7 any
access-list 100 permit ip 172.16.15.0 0.0.0.31 any
access-list 100 permit ip 172.16.17.0 0.0.0.15 any
access-list 110 remark MyNetGuest
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.2
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.3
access-list 110 deny   ip 192.168.19.0 0.0.0.15 10.0.0.0 0.0.0.7
access-list 110 deny   ip 192.168.19.0 0.0.0.15 172.16.15.0 0.0.0.31
access-list 110 deny   ip 192.168.19.0 0.0.0.15 172.16.17.0 0.0.0.15
access-list 110 permit ip 192.168.19.0 0.0.0.15 any
control-plane
banner login ^CC
You know if you should be here or not.
         if not please leave
NOW
^C
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
ntp server 172.16.15.14
webvpn cef
end
Cisco871#sh zone security
zone self
Description: System defined zone
zone MyNetNet-zone
Member Interfaces:
    Vlan1
    Vlan10
    Vlan20
zone MyNetGuest-zone
Member Interfaces:
    Vlan69
zone MyNetWAN-zone
Member Interfaces:
    FastEthernet4
Cisco871#sh zone-pair security
Zone-pair name MyNetNet->MyNetGuest
    Source-Zone MyNetNet-zone Destination-Zone MyNetGuest-zone
    service-policy MyNetNet-zone_to_MyNetGuest-zone_policy
Zone-pair name MyNetNet->MyNetWAN
    Source-Zone MyNetNet-zone Destination-Zone MyNetWAN-zone
    service-policy MyNetNet-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetWAN
    Source-Zone MyNetGuest-zone Destination-Zone MyNetWAN-zone
    service-policy MyNetGuest-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetNet
    Source-Zone MyNetGuest-zone Destination-Zone MyNetNet-zone
    service-policy MyNetGuest-zone_to_MyNetNet-zone_policy
Cisco871#sh int faste4
FastEthernet4 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0016.9d29.a667 (bia 0016.9d29.a667)
Description: WAN
Internet address is 10.38.177.98/25
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:34:50, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     593096 packets input, 73090812 bytes
     Received 592752 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     9940 packets output, 1016025 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Zone-pair: MyNetNet->MyNetWAN
Service-policy inspect : MyNetNet-zone_to_MyNetWAN-zone_policy
    Class-map: MyNetNet-Class (match-all)
      Match: class-map match-all MyNetNet-access-list
        Match: access-group 100
      Match: class-map match-any Voice-protocols
        Match: protocol h323
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol skinny
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol sip
          0 packets, 0 bytes
          30 second rate 0 bps
      Match: class-map match-any Extended-protocols
        Match: protocol pop3
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol pop3s
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol imap
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol imaps
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol smtp
          0 packets, 0 bytes
          30 second rate 0 bps
      Match: class-map match-any Base-protocols
        Match: protocol http
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol https
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol ftp
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol ssh
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol dns
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol ntp
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol ica
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol pptp
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol icmp
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol tcp
          0 packets, 0 bytes
          30 second rate 0 bps
        Match: protocol udp
          0 packets, 0 bytes
          30 second rate 0 bps
      Inspect
        Session creations since subsystem startup or last reset 0
        Current session counts (estab/half-open/terminating) [0:0:0]
        Maxever session counts (estab/half-open/terminating) [0:0:0]
        Last session created never
        Last statistic reset never
        Last session creation rate 0
        Maxever session creation rate 0
        Last half-open session total 0
    Class-map: class-default (match-any)
      Match: any
      Drop (default action)
        5196 packets, 256211 bytes
Cisco871#sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
    Console logging: disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 1745 messages logged, xml disabled,
                     filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled
    Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
    Trap logging: level informational, 1785 message lines logged
Log Buffer (4096 bytes):
001779: *Feb 15 11:00:55.979: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:61806 => 168.94.0.1:53 with ip ident 511 due to policy match failure
001780: *Feb 15 11:00:59.739: %FW-6-DROP_TCP_PKT: Dropping Other pkt 172.16.15.6:4399 => 168.94.69.30:443 due to policy match failure -- ip ident 515 tcpflags 0x7002 seq.no 974122240 ack 0
001781: *Feb 15 11:01:26.507: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:51991 => 168.94.0.1:53 with ip ident 625 due to policy match failure
001783: *Feb 15 11:01:57.891: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:64470 => 168.94.0.1:53 with ip ident 677 due to policy match failure

Hello Charlie,
I would recomend you to investigate a little bit more about how the ZBFW features works
Now I am going to help you on this one at least, then I will give you a few links you could use to study
We are going to study traffic from MyNetNet-zone to the MyNetWan-zone
First the zone-pair
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
so lets go policy-map
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
Finally to the class map
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
That keyword MATCH-ALL is the one causing the issues!!
Why?
Because you are telling the ZBFW to inspect traffic only if matches all of those class-maps so a packet will need to math the base protocols and the extended protocol and as you know that is not possible ( Just one protocol )
So here are the links
http://blogg.kvistofta.nu/cisco-ios-zone-based-policy-firewall/
https://supportforums.cisco.com/thread/2138873
http://pktmaniac.info/2011/08/zone-based-firewalls-something-to-keep-in-mind/
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
You have some work to do
Please remember to rate all the helpful posts
Julio
CCSP

Further musings...Notes for a Logic developer regarding practical usage of

It does seem like the control section of Logic was designed specifically for the Logic control, using their own dialog and terms. I have been struggling with Logic since I switched to it, simply because I make dance music, and I rely super heavily on automation as both my style of arranging (I mute the kick drum when it drops out, I don't sequence that type of stuff) and also for simply enhancing my mixdown and giving my overall mix life. NOw, I never read the manual's section on using Logic with a M/L control, until now, and I realize when you use a MIDI controller as a control surface, you are using the mackie control interface +dialog. Now some things make a lot more sense to me, like why there are even options like flip mode etc...
Anyway, now I have a lot more perspective. I should have kept a weblog going, since for the past few months I have been banging my head against a wall, trying to wrap my head around all of this.
Now I see, I am simply not using the right gear, and Logic simply is not designed for use without a dedicated control surface, and a dialog other than Mackie protocol.
Now, this explains why there are so many confusing options when I use my Novation or 01V as a control surface.
For example, I still do not understand what track class "index" means. I thought it was the actual sequential position of the fader itself on the track mixer, so if you are looking at the mixer, the third fader from the left is index #3. This is almost NEVER the case though, and I am just not sure of what criteria is used for index track classes. Although I use that class a lot, because it is the one that make sense sometimes.
I have noticed, if some of my controller's sliders are track class "software instrument" and some are "index" I run into a lot of little glitches once I start getting intense about several automation assignments and parameters..
while assigning a series of knobs in seccession, some will be "scaled" some will be "rotate" this seems to be completely arbitrary as I am not sending any data except the CC, and I have checked using utilities like MIDI monitor as well as Logis own MIDI monitor.
I should have kept a weblog as I have been dealing with this problem for a while and might have helped apple to help me : )
Does anyone make DUB or Techno records out there? I'm talking about the live arrangement style that made King Tubby + Lee Perry started, and the DEtroit guys adapted and started calling techno... basically why all the techno guys got into Acid first, and Live next...
Thing is, I need my 64 busses and sidechain mod capabilities, so I can't go to one of these consumer DAW programs as my main.
SO these are my notes today, and if you see anything you would like to correct (as it relates to Logic and the use of Logic) Please do. If anyone has more insight about navigating through the MAckie controller assignments dialog with a midi controller, I would love to hear about it. I am still shocked after a few years at how hard it is to use a midi controller for random parameter assignments and I would LOVE to hear from someone who has succeeeded.
Thanks very much and cheers!

You'll have to bear with me, because I'm doing this from memory. Like I say, I was really into exploiting these features and spent some time developing a control surface support (and I also have an MCU as well). But I gave up in the end, because it was too flaky.
Well, I can't use an MCU, I do random paramter assignments, and I don't discern
between fader, send plug in parameter, synth, etc. They are simply considered
"the ones I need to control during the arrange sessions. I need to be able to
control one or two given parameters, for a combined "total." I don't need every
sythn parameter available to me while I am writing the tune, just one or two.
Sure. You can define your own modes and use the controls on the MCU (or other conttrol surface) for whatever assignments you want, without explicitly using the regular MCU modes. So for instance, you could hit your F1 button which you've setup to go to a user mode, and have each fader, pan pot or whatever controlling different things.
However, I'm not sure that you can control multiple things on multiple plugins in different tracks/channels offhand. For instance, I can't remember offhand whether you can set up fader one to be controlling the filter cutoff of a synth on audio instrument 4, and another fader to control the filter cutoff for a synth on audio instrument 12 at the same time. You probably can, I just forget some of the finer details without going back and getting stuck in and reminding myself again (which I won't do until they fix the bugs.)
B, please tell me what you mean by dynamic as it is used to describe the index
track classes. Does this mean if I make a index track assignment then delete
some tracks from my mixer window will lose any index track class assignments following it?
I seem to remember being quite unsatisfied as to how this was implemented, at least for my purposes, because of the behaviour you mention.
Please tell me about using a generic controller which transmits CC data ONLY,
and making assignments for various track classes and parameters which are
to be controlled simultaneously when mixing down?
Yes, this was what I was developing my Korg microKontrol assignments for - developing a flexible, powerful portable little control surface.
Logic hates this, it is always hoping to be in "instrument" mode, THEn Fader
(I suppose by scrolling on an MCU) etc etc....
Er... I don't think so - I set up my own modes for my own purposes. If I hit one pad, I'd flip to my instruments mode to control my own custom set of parameters for the loaded instrument, another pad would be insert FX (again with all custom assignments to bring the most useful parameters under control), another would be a mixer layer, another would be a bus/output layer and so on. You can define zones and modes for whatever purposes you need.
Be aware that how I was developing my own setup doesn't mean our requirements are similar...
Also, I need to be able to pause playback when doing my mixdown, drastically
change many parametrs in Logic, then resume playback and writing automation,
to create an abrupt change in the song.
Yes, I'm aware of your other posts. Did you send detailed feedback to Apple on it?

Wireless Adapter permanently disabled after sleep mode - Windows 7 64 bit

Hello,
Info:
Laptop: 2014 Macbook Pro running Bootcamp (dual boot...not a VM) with Windows 7 Pro 64 bit
OS: Windows 7 Pro 64 bit
Network Adapter: Broadcom 802.11ac Network Adapter
Driver version: 6.30.223.215
Issue: My broadcom 802.11ac wireless adapter becomes permanently disabled when waking from sleep mode. It requires a restart in order to become enabled. If I try to manually re-enable it, I get a message saying "Enabling..." -> "Enabled!" but after this message the device still says Disabled and the wireless still won't connect to anything. This issue is very reproducible. Occurs both under battery power and when plugged in.
What have I tried?: Tried disabling the "Allow windows to disable this device to save power" under power management, which didn't work. Tried updating driver but Windows Update says the driver is up to date. I was able to find a newer version (6.30.223.227) but I can only find it hosted on Russian websites which makes me a little suspicious.

Many thanks to chemnerd1's hints - saved me going mad.
My problem was that the wifi worked perfectly until connected to a Thunderbolt display - then the wifi was permanently disabled (nothing would enable it; changing driver, changing wifi channel, uninstalling and reinstalling wifi, nothing worked). As you can imagine I was very disapointed after spending a fortune on the Thunderbolt display (brilliant kit) and then finding that I maybe only have wired internet available!
Definately, Zone Alarm was the problem (maybe other firewalls cause the same /similar problem).
My solution was -
uninstalled Zone Alarm (safe mode not required)
reboot with Thunderbolt display connected (checked that wifi now working)
reinstall Zone Alarm (important that Thunderbolt display is still connected)
reboot - checked and wifi still working perfectly - wonderful
I have to confess that I was initially blaming Apple for the problem. I did loads of searches to try and solve this and a lot of links ended with conclusions that Apple doesn't care. Well in this case it wasn't Apple's fault.

VMware on the DMZ

Hello,
We are planning to have VMware ESXi in the DMZ.
Our DMZ sits between an external and internal firewall.
Is it possible to use a single /24 network and have VMware segment the vswitch with Vlans for each service i.e email, Sharepoint , web etc or do I have to create separate networks for each service ?
I just need some help and guidelines on best practices for having VMware on the DMZ.
We are also looking at having Checkpoint Blade installed. If we don't configure Vlans and segment services will the firewall be enough to take care of this ?

Hi Jay, Ok i think i understand the requirement here. Seems like you need a "transparent Firewall" in the ESXi environment. (If possible, active active transparent firewall - or two different transparent firewall with same or similar policy which is overhead)
Essentially the transparent mode will bridge the different segments together - possibly different vlans - most occasions it is same vlan (all keeping the same IP addressing). All that is different, is defining Zones per interface.
from here you can define Zones. Since they are all part of the same bridge domain it doesnt matter about addressing, they can all be same network - think of it as still one vlan one network.
Separating these out will allow you to create policies per entry point and per exit point, you have more granularity this way.
You can either split these out to different vswitches, or keep it on the same vswitch with different vlan assignments. But as i said, this ideally needs to be at the join points (e.g. in place of your cisco switches, transparent FW would be perfect for this scenario)
Hope i understood requirement
Bilal - CCIE 45032

DNS GUI bug in Server Admin?

A minor problem, thought I'd ask anyway:
When I'm editing a zone, and I go into the Machines tab, and attempt to sort any of the Name / Primary Address / Comment columns by clicking the relevant tab at the top of the column, nothing happens.
Anyone else experiencing this? Like I said, a very minor problem, but if anyone knows how to fix this, I'd like to hear about it.
Many thanks--
Xserve Mac OS X (10.4.8)

Hi
No, actually the machines tab is for defining
machines. You can choose to mark a machine as an MX
for the zone but that's not it's main or only
function.
The Mail Service manual as well as the Server Essentials User Guide makes no mention of this or more likely does not expand on the information given. CNAMES and A records are created when clicking on the Zones tab. MX records are enabled when selecting the Machines tab for the defined Zone. Admittedly the GUI only offers simple DNS configuration.
You can also use it to create CNAMEs for each machine
defined
If there is a method of doing this using the GUI then please post and share the information.

ZBF woes

Hi I’m having some difficulty in understanding the behaviour of zone based firewalls on a 887va router, I do not understand the implications of including the self zone in a zone-pair. It seems that if you include the self zone in a pair with any other zone, the self zone becomes restrictive between all zones whether paired or not. For example if I include the self zone in a pair with the OUTSIDE zone, pinging the router from a host from the INSIDE zone no longer works…..
Secondly we operate a DMVPN (this is a spoke router) and the tunnel will successfully establish with the following traffic configured to PASS
Tcp 4500
Tcp 500
ESP
GRE
However traffic through the tunnel will fail (including rip).
If however I modify the firewall policy to permit all traffic to and from the Self and OUTSIDE zones, tunnel traffic seems to work successfully between the SELF and VPN zones and the VPN and internal zones.
However given that all traffic destined for the tunnel would be encapsulated in a GRE header and GRE is permitted between the SELF and OUTSIDE Zones, I cannot see what other ports would need opening?
I’ve included some config below, any help would be greatly appreciated.
Access Lists
Extended IP access list OUTSIDE>INSIDE
    10 permit ip any any
Extended IP access list OUTSIDE>SELF
(   if this entry is included tunnel traffic works   permit ip object-group DMVPNIPGROUP object-group SELF (818 matches))
    10 permit gre object-group DMVPNIPGROUP object-group SELF
    20 permit tcp object-group DMVPNIPGROUP object-group SELF eq 4500
    30 permit tcp host HO host SELF eq 22 (18589 matches)
    40 permit tcp object-group DMVPNIPGROUP object-group SELF eq 500
    50 permit esp object-group DMVPNIPGROUP object-group SELF (424 matches)
    70 deny ip any any (7570 matches)
Extended IP access list SELF>OUTSIDE
(   if this entry is included tunnel traffic works       8 permit ip object-group SELF object-group DMVPNIPGROUP (1013 matches))
    10 permit gre object-group SELF any
    20 permit tcp object-group SELF any eq 4500
    30 permit tcp object-group SELF eq 22 host HO (12899 matches)
    40 permit tcp object-group SELF any eq 500
    50 permit esp object-group SELF any
Extended IP access list SELF>OUTSIDE_Insp
    10 permit tcp any any eq domain
    20 permit udp any any eq domain (86 matches)
Extended IP access list SELF>VPN
    10 permit ip any any (31 matches)
Extended IP access list SSH_Allow
    20 permit tcp network_obj HO any eq 22 log (22 matches)
    70 permit tcp LocalSubnet any eq 22
    80 deny ip any any log (8 matches)
Extended IP access list VPN>INSIDE
    10 permit ip any any (568 matches)
Extended IP access list VPN>SELF
    10 permit ip any any (15 matches)
Zone: self
Description: System defined zone
Zone: OUTSIDE
Member Interfaces:
    Dialer1
Zone: INSIDE
Member Interfaces:
    Vlan1
Zone: VPN
Member Interfaces:
    Tunnel0
Zone-pair              : OUTSIDE>SELF
Source Zone            : OUTSIDE
Destination Zone       : self
Service-policy inspect : PM-OUTSIDE>SELF
Class-map : CM-OUTSIDE>SELF(match-any)
Action : pass log
Class-map : class-default(match-any)
Action : drop log
Zone-pair              : INSIDE>OUTSIDE
Source Zone            : INSIDE
Destination Zone       : OUTSIDE
Service-policy inspect : PM-INSIDE>OUTSIDE
Class-map : CM-INSIDE>OUTSIDE(match-any)
Action : inspect
   Service Policy: http PM-DPI_HTTP_OUT
Class-map : CM-INSIDE>OUTSIDE2(match-any)
Action : inspect
Class-map : class-default(match-any)
Action : drop log
Zone-pair              : SELF>OUTSIDE
Source Zone            : self
Destination Zone       : OUTSIDE
Service-policy inspect : PM-SELF>OUTSIDE
Class-map : CM-SELF>OUTSIDE(match-any)
Action : pass log
Class-map : CM-SELF>OUTSIDE_Insp(match-any)
Action : inspect
Class-map : class-default(match-any)
Action : drop log
Zone-pair              : VPN>INSIDE
Source Zone            : VPN
Destination Zone       : INSIDE
Service-policy inspect : PM-VPN>INSIDE
Class-map : CM-VPN>INSIDE(match-any)
Action : pass log
Class-map : class-default(match-any)
Action : drop log
Zone-pair              : INSIDE>VPN
Source Zone            : INSIDE
Destination Zone       : VPN
Service-policy inspect : PM-INSIDE>VPN
Class-map : CM-INSIDE>VPN(match-any)
Action : pass log
Class-map : class-default(match-any)
Action : drop log
Zone-pair              : SELF>VPN
Source Zone            : self
Destination Zone       : VPN
Service-policy inspect : PM-SELF>VPN
Class-map : CM-SELF>VPN(match-any)
Action : pass log
Class-map : class-default(match-any)
Action : drop log
Zone-pair              : VPN>SELF
Source Zone            : VPN
Destination Zone       : self
Service-policy inspect : PM-VPN>SELF
Class-map : CM-VPN>SELF(match-any)
Action : pass log
Class-map : class-default(match-any)
Action : drop log
Class Map type inspect match-any CM-SELF>OUTSIDE_Insp (id 33)
   Match access-group name SELF>OUTSIDE_Insp
Class Map type inspect match-any CM-VPN>INSIDE (id 29)
   Match access-group name VPN>INSIDE
Class Map type inspect match-any CM-INSIDE>VPN (id 30)
   Match access-group name INSIDE>VPN
Class Map type inspect match-any CM-SELF>VPN (id 47)
   Match access-group name SELF>VPN
Class Map type inspect match-any CM-VPN>SELF (id 48)
   Match access-group name VPN>SELF
Class Map type inspect match-any CM-OUTSIDE>SELF (id 4)
   Match access-group name OUTSIDE>SELF
Class Map type inspect match-any CM-OUTSIDE>INSIDE (id 5)
   Match access-group name OUTSIDE>INSIDE
Class Map type inspect match-any CM-INSIDE>OUTSIDE (id 6)
   Match protocol http
Class Map type inspect match-any CM-SELF>OUTSIDE (id 7)
   Match access-group name SELF>OUTSIDE
Class Map type inspect match-any CM-INSIDE>OUTSIDE2 (id 10)
   Match protocol https
   Match protocol smtp

Hi
Sounds like you are having some problems :)
It would be easier to see what has been done if you posted your running-config, instead of show commands, they are harder to follow than the running-config.
And its UDP port 500 and 4500 you want to open, not TCP.

SAP Truck Setup in TM

Hi Folks
I am setting up a scenrio where we own our fleet of trucks, we are performing DTR, FU, FOR and shipment in ECC
We have trucks and trailers (more trailers than trucks - E.g 3 tractors and 5 trailers)
Truck and Traile setup : If we have 3 tractors and 5 trailers how to know which trailer and tractor are available (e.g tractor 1 comes and leave the trailer 4 on dock and picks trailer 5 for shipment and comes back and leave trailer 5 on a differrent door and picks trailer 4)How to identify which trailer and tractor is available for shipping and picking
We define Zone, Lane, Carrier and if the carrier is our own fleed how to determine the exact tractor and trailer in TM
Do we need to give a numbering for each of the tractor and trailer
If the truck is identified, Do we need to create each truck as a Forwarding agent (since we own the trucks)If a plant has 100 trucks do we need to create 100 FA's or is there a way to send this information to ECC
Is there an option to know in TM 9.1 to let the truck know which one to load first and last
Thanks
K

Thanks Navin, one final calrificaion
How will TM know whether the truck 2 and 3 has arrived Source location or not (we are not implementing Event Management)
Vehicle is assigned to FOR and if we mark FOR life cycle status to completed, will it release the vehicle for planning (e.g if truck 2 breaks down on the way and took two days to fix how will my optimizer know that this has not returned and un available for planning)
Our scenario is DTR -> FU ->FOR -> Shipment in ECC, when shipment is created in ECC does standard service send Vehicle information to ECC
In ECC once the truck is back we close the shipment document will this information be sent to TM stating the truck is back and available
Appreciate your time and help
Thanks
Lohit Kumar

Drill level

How to find out the current drill level....
My requirement is as follows:
A hierarchy is defined: Zone->Region->District.
If current level is zone, then report should show the count of regions..if current level is region, report should show count of district

You can use DrillFilters() for that.
If DrillFilters([Region])="" Then
If DrillFilters([Zone])="" Then count([Region]) Else count([District])
Note that when you drilled down the region to district, this formula will show nothing...
Hope this helps,
Marianne

Bootcamp, Windows7, Wireless Adapter permanently disabled when connected to Thunderbolt Display - Solved

Info:
Laptop: 2014 Macbook Pro running Bootcamp (dual boot...not a VM) with Windows 7 Pro 64 bit
OS: Windows 7 Pro 64 bit
Network Adapter: Broadcom 802.11ac Network Adapter
Many thanks to chemnerd1's hints - saved me going mad.
My problem was that the wifi worked perfectly until connected to a Thunderbolt display - then the wifi was permanently disabled (nothing would enable it; changing driver, changing wifi channel, uninstalling and reinstalling wifi, nothing worked). As you can imagine I was very disapointed after spending a fortune on the Thunderbolt display (brilliant kit) and then finding that I maybe only have wired internet available!
Definately, Zone Alarm was the problem (maybe other firewalls cause the same /similar problem).
My solution was to -
    uninstalled Zone Alarm (safe mode not required)
    reboot with Thunderbolt display connected (checked that wifi now working)
    reinstall Zone Alarm (important that Thunderbolt display is still connected)
    reboot - checked and wifi still working perfectly - wonderful
I have to confess that I was initially blaming Apple for the problem. I did loads of searches over several days to try and solve this and a lot of links ended with conclusions that Apple doesn't care. Well in this case it wasn't Apple's fault.

Thanks for posting your solution.

"Transport zone is not defined for country US" error during sourcing

Hi Friends,
I have an issue that is happening when I transfer purchase reqs from ECC to SRM sourcing. We are on ECC 6.0 and SRM 5.5.
when there is a transport zone defined for a storage location for a certain plant, then transfer of that purchase req does transfer to SRM SOCO. I get a error "Transport zone MXXXXXX is not defined for country US".
DNL_CUST_BASIS3, Prod0, Prod1 have been replicated from ECC to SRM. It works if there is no Transport zone defined for a storage location.
SRM Org structure has Location and Storage locations defined that has Transport Zone and exists in ECC.
This is stopping me from moving forward with proper testing. Please advise or suggest anyresolution.
Thanks all
Viktor P

Dear Muthu,
Thanks for the reply. There is another Address spro setting in SRM - Address Management where Transport zones can be nmaintained. I have not tried this Tcode as I do not have authorization.
Thanks
Viktor

Questions about patching a global zone with a zone defined via luugrape

I've discovered that under Solaris 10 u7, luupgrade -t doesn't like seeing any zones defined when applying patches. If it sees a zone or zones defined it errors out.
Well, I found a way to make it work. Basically you shutdown and detach the zones (or zones). I then delete the zone configuration. At this point, you would think luupgrade would stop complaining and just work. It doesn't. It will still fail at this point. The only way I could get it to work is in the global zone I had to do the following:
mv /etc/zones /etc/zones-ORIG
mv /zones /zones-ORIG <<< probably not needed but whatever ...
lucreate -n S10u7zfsPATCHED -p rpool <<< So at this point both my active BE and the ABE both have effectively no zone configurationRan luupgrade and, poof, it works:
luupgrade -t -n S10u7zfsPATCHED -O -t -s . ./patch_order
Validating the contents of the media <.>.
The media contains 138 software patches that can be added.
Mounting the BE .
zoneadm: global: could not get state: No such zone configured
zoneadm: failed to get zone data
Adding patches to the BE .
Transition old-style patching.
Checking installed patches...
Patch 120900-04 has already been applied.
See patchadd(1M) for instructions.
WARNING: Skipping patch 120900-04Still I'm wondering why did I have to get so extreme to make this work ... after detaching and deleting the zone configuration why would luupgrade still complain about a zone which effectively no longer existed. I looked in /etc/zones and could find nothing related to my original zone. Where is luupgrade getting this almost "ghost" zone configuration information ?

I've discovered that under Solaris 10 u7, luupgrade -t doesn't like seeing any zones defined when applying patches. If it sees a zone or zones defined it errors out.
Well, I found a way to make it work. Basically you shutdown and detach the zones (or zones). I then delete the zone configuration. At this point, you would think luupgrade would stop complaining and just work. It doesn't. It will still fail at this point. The only way I could get it to work is in the global zone I had to do the following:
mv /etc/zones /etc/zones-ORIG
mv /zones /zones-ORIG <<< probably not needed but whatever ...
lucreate -n S10u7zfsPATCHED -p rpool <<< So at this point both my active BE and the ABE both have effectively no zone configurationRan luupgrade and, poof, it works:
luupgrade -t -n S10u7zfsPATCHED -O -t -s . ./patch_order
Validating the contents of the media <.>.
The media contains 138 software patches that can be added.
Mounting the BE .
zoneadm: global: could not get state: No such zone configured
zoneadm: failed to get zone data
Adding patches to the BE .
Transition old-style patching.
Checking installed patches...
Patch 120900-04 has already been applied.
See patchadd(1M) for instructions.
WARNING: Skipping patch 120900-04Still I'm wondering why did I have to get so extreme to make this work ... after detaching and deleting the zone configuration why would luupgrade still complain about a zone which effectively no longer existed. I looked in /etc/zones and could find nothing related to my original zone. Where is luupgrade getting this almost "ghost" zone configuration information ?

Defining Zones

Similar Messages

Maybe you are looking for