Design Help - Firewall/DMZ

Similar Messages

• I need to copy files over the network PSSession . ( Firewall / DMZ / Etc. )

  Hello
  I need to copy files over the network PSSession . ( Firewall / DMZ / Etc. )
  I have a script where I copy from my local server ( server1) to the remote server ( server2 ), but I can´t not make script that will copy from the remote server to my local by my session. From server2 to server1
  Script is as below ...:-)
  HELP : ....
  winrm s winrm/config/client '@{TrustedHosts="SERVER2"}'
      $Source = "D:\test\ok.log"
      $Destination = "D:\test\ok.log"
      $session = New-PSSession -ComputerName SERVER2
  Set-StrictMode -Version Latest
  ## Get the source file, and then get its content
  $sourcePath = (Resolve-Path $source).Path
  $sourceBytes = [IO.File]::ReadAllBytes($sourcePath)
  $streamChunks = @()
  ## Now break it into chunks to stream
  Write-Progress -Activity "Sending $Source" -Status "Preparing file"
  $streamSize = 1MB
  for($position = 0; $position -lt $sourceBytes.Length;
      $position += $streamSize)
      $remaining = $sourceBytes.Length - $position
      $remaining = [Math]::Min($remaining, $streamSize)
      $nextChunk = New-Object byte[] $remaining
      [Array]::Copy($sourcebytes, $position, $nextChunk, 0, $remaining)
      $streamChunks += ,$nextChunk
  $remoteScript = {
      param($destination, $length)
      ## Convert the destination path to a full filesytem path (to support
      ## relative paths)
      $Destination = $executionContext.SessionState.`
          Path.GetUnresolvedProviderPathFromPSPath($Destination)
      ## Create a new array to hold the file content
      $destBytes = New-Object byte[] $length
      $position = 0
      ## Go through the input, and fill in the new array of file content
      foreach($chunk in $input)
          Write-Progress -Activity "Writing $Destination" `
              -Status "Sending file" `
              -PercentComplete ($position / $length * 100)
          [GC]::Collect()
          [Array]::Copy($chunk, 0, $destBytes, $position, $chunk.Length)
          $position += $chunk.Length
      ## Write the content to the new file
      [IO.File]::WriteAllBytes($destination, $destBytes)
      ## Show the result
      Get-Item $destination
      [GC]::Collect()
  ## Stream the chunks into the remote script
  $streamChunks | Invoke-Command -Session $session $remoteScript `
      -ArgumentList $destination,$sourceBytes.Length
      Remove-PSSession -Session $session

  But have will the script look,  if i need to copy from
  From server2 to server1.
  My script copy from server1 to server2 and working, but I need server2
  to server1.

• Unable to toggle between LiveCycle Designer & Help

  If we opened the LiveCycle Designer Help window, we are unable to switch to the Designer util the help window is minimized. This is slightly annoying the developers.
  It would be better if it can behave like other applications (e.g. Adobe Workbench ES)
  Thanks,
  Nith

  Charlie
  I am unable to duplicate the problem you are experiencing.  I was able to use Acrobat Pro 9 and X, to apply the Reader Extension permissions (to the sample form I posted earlier) and open and sign the form in both Reader 9 and X.
  What is the exact version of Acrobat you are using to apply the Reader Extension rights.  The dialog I see when doing so with Acrobat 9 Pro is...
  If you are using Acrobat Standard, it seems there is a limitation (save data only) on the Reader Extension permissions that you can apply.
  Regards
  Steve

• I like to pdf my score. I design my score properly, but then when I make the PDF it changes, in not correct design, help!

  i like to pdf my score. I design my score properly, but then when I make the PDF it changes, in not correct design, help!
  the same problem when normal printing

  You have 90 days of free AppleCare telephone support, please call them. If you don't know the number please click AppleCare Contact Info to locate the number on your part of the planet.

• Non-profit needs Dreamweaver design help

  Small non-profit serving homeless veterans and veterans in crisis needs design help with Dreamweaver website.  The website was created as a school project by university students but there are some design issues that we are not able to correct.

  It appears to be template driven so the basic layout is inside your site folder's Templates directory -- main.dwt.   This file drives the site wide elements such as navigation, common headers, footers and sidebars. 
  Child pages created from that main.dwt file contain editable regions for content that will change from page to page.  Only content in these editable regions are editable from child pages.
  Whoever will be responsible for updating content should get familiar with CSS & HTML code.  This is required knowledge to work with Dreamweaver.
  Start here:
  HTML & CSS Tutorials - http://w3schools.com/
  Code validation tools
  http://jigsaw.w3.org/css-validator/
  http://validator.w3.org/
  Also thoroughly read DW's Help docs (F1) under working with DW Templates. 
  It looks like the students did a pretty fair job of building the basic site for you.  Now it's up to your org to swap out the generic stuff with relevant content.   I don't advise you to alter the basic layout or structure.  It's all there.  You just need to get up to speed on how to work with it.
  Nancy O.

• Need some design help

  Well "overall" design help. This project MUST be open source so it does ensure i am very efficent in my design
  Basically my system is going to be a bunch of work stations that tunnel into a server to send the data.
  Now the big issue is, each work station must encrypt its own data and save it on its HD, but it must send data to the server for the server to save it and encrypt it (redundency).
  The big issue is sending data to the server. the keys, how do i securely send them to the server so they can decrypt the stream? everything will randomly generate its key whenever the user (or the system) decides it is time to for the sake of not resuing keys.
  basically we are going to use linux, lock down all ports but one to use sockets to communicate with the server (and vice versa). this adds an extra layer just so we can authenticate with the server machine (and client machines when the server sends it a request)
  help? more info needed?

  I know (next to) nothing about system security (well,
  not enough to be advising people, anyway) - but the
  key distribution problem is typically solved by using
  Public Key Cryptography to exchange a Session Key.
  Have you thought about using an existing system like
  SSL or Kerberos?eh SSL won't really work... i a mgoing to pick up "Cryptography Decrypted" apparently it is a good book to pick up some of the things i need

• Design help to the forms

  Hi gayes
  I need your help in designing help to any any working screen such that when the user push F1 buttons , click the right buttons of the mouse and choose help from the popmenu,or choose help from the menu bar . It must give him the correct help.
  Also this "help screen" how could I make it,and connect it to the help of windows98 to work.
  Thanks

  Hi Kimberg Howe,
  You have several alternatives to generate a .hlp file. You can do it manually in words and save the file as a rich-text-format (.rtf), and then use the Microsoft Help Workshop (a Free Program obtainable from www.microsoft.com site) but realize that you will have to code all the Winhelp engine commands and that's some task. However, you can investin some WYSWYG winhelp file generators. I guess it is not appropriate to suggest any in this forum, but you can do a search on any search engine for keyword "Winhelp", or you can also search on www.download.com
  What this program will do for you is to allow you design your help file and then generate the .hlp for you, some of these programs can also allow you to generate html files that is suitable for web forms.
  I hope this help.

• Design Help / Education

  Does anyone know if Adobe offers any design education
  I need some basic design help using Dreamweaver (as I am
  having issues migrating from Go Live)
  If not Adobe, are there any experienced DW users out there?
  thanks

  Experienced DW users? Well, yeah.
  What do you need?
  Murray --- ICQ 71997575
  Adobe Community Expert
  (If you *MUST* email me, don't LAUGH when you do so!)
  ==================
  http://www.projectseven.com/go
  - DW FAQs, Tutorials & Resources
  http://www.dwfaq.com - DW FAQs,
  Tutorials & Resources
  ==================
  "golfingdad" <[email protected]> wrote in
  message
  news:gefblj$2pt$[email protected]..
  > Does anyone know if Adobe offers any design education
  >
  > I need some basic design help using Dreamweaver (as I am
  having issues
  > migrating from Go Live)
  >
  > If not Adobe, are there any experienced DW users out
  there?
  >
  > thanks
  >

• Design Help! Add new lines

  Hi All,
  I need a design help for adding extra lines on an existing order.
  I have a page with 2 subtabs, first one is for order header info inputs and second one is for line info inputs. The line subtab base on user selection may generate mutile lines in lineVO (multiple rows). After user clicked an apply button on line subtab, a header row will be committed into header table and line row(s) will be in line table.
  I was trying to have another button to allow user enter extra lines after committed existing header and line VO. After user click the "add extra line" button, I retain AM to keep header VO but flush out line VO, with this way, framework will try to delete lines in line table.
  Since there are lots logic requirements, I can't keep adding lines after line VO.last() without committing first round line entering.
  How can I keep Header VO, clean line VO, then enter new line(s) info as ADD but not DELETE/UPDATE? any suggestion??
  Thanks & Regards,
  KJ

  Hi Shreya,
  I am not sure about giving new line in each and every page, but there is an alternate. You can show all data in one single page. That is how much ever records you have, they will be shown on one single page, instead of spanning across multiple pages. You can achieve this by changing the property "Number of Data rows displayed at once" from default 100 to 0.
  Hope it helps.
  Regards,
  Arunan.C

• Vlan design help

  Hi
  I have a new switch and am in the process of configuring it. The switch will be used for servers in the DMZ. My issue is should I configure all the vlans in my current environment to be included in this switch, or just those related to those in the dmz.
  If it is the later, how would trunking work? how would I be able to forward traffic from other vlans on the trunk if the switch only know about the DMZ vlans?
  Thanks for your help
  Dan

  Hi
  Thanks everyone for your replies. I'm kind of new to the networking field, so creating a secure policy isn't my expertise, but I'm trying though.
  Currently all the switches, even the old switch with the DMZ servers in it, are connected to each other via fibre links, which create a redundant loop.
  From what I can understand from what you have said is that I should not put this new switch in the loop, but have it sit by itself. So if it wanted to access the firewall (pix 515e), which is sitting on another switch I would have to have an ethernet connection between my new switch and the firewall switch, as there aren't any free fibre ports on teh firewall switch. Am I right or is there a better way of designing it?
  Thanks in advance
  Dan

• WRT310N: Help with DMZ/settings (firmware 1.0.09) for wired connection

  Hello. I have a WRT310N and have been having a somewhat difficult time with my xbox 360's connection. I have forwarded all the necessary ports (53, 80, 88, 3074) for it to run, and tried changing MTU and what-not.
  I don't know if I have DMZ setup incorrectly, or if it's my settings.
  Setup as follows:
  PCX2200 modem connected via ethernet to WRT310N. 
  The WRT310N has into ethernet port 1 a WAP54G, and then upstairs (so that my Mother's computer can get a strong signal) I have another WAP54G that I believe receives its signal from the downstairs 54G. 
  In the back of the WRT310N, I have my computer connected via ethernet port 3, and my Xbox 360 connected via ethernet port 4.
  Now, I first figured I just have so many connections tied to the router and that is the reason for being so slow. However, when I unplug all the other ethernet cords and nothing is connected wirelessly, except for my Xbox connected to ethernet port 4, it is still poor. Also, with everything connected (WAP54G and other devices wirelessly) I get on my PC and run a speedtest.  For the sake of advice, my speedtests I am running on my PC are (after 5 tests) averagely 8.5 Mbps download, and 1.00 Mbps upload, with a ping of  82ms.
  Here is an image of the results:
  http://www.speedtest.net][IMG]http://www.speedtest.net/result/721106714.png
  Let me add a little more detail of my (192.168.1.1) settings for WRT310N.
  For starters, my Father's IT guy at his workplace set up this WRT310N and WAP54G's. So some of these settings may be his doing. I just don't know which.
  "Setup" as Auto-configurations DHCP. I've added my Xbox's IP address to the DHCP reservation the IP of 192.168.1.104. This has (from what I've noticed) stayed the same for days.
  MTU: Auto, which stays at 1500 when I check under status.
  Advanced Routing: NAT routing enabled, Dynamic Routing disabled. 
  Security: Disabled SPI firewall, UNchecked these: Filter Anonymous Internet Requests, Multicast, and Internet NAT redirection.
  VPN passthrough: All 3 options are enabled (IPSec, PPTP, L2TP)
  Access Restrictions: None.
  Applications and Gaming: Single port forwarding has no entries. Port Range Forwarding I have the ports 53 UDP/TCP, 88 UDP, 3074 UDP/TCP, and 80 TCP forwarded to IP 192.168.1.104 enabled. (192.168.1.104 is the IP for my xbox connected via ethernet wired that is in DHCP reserved list)
  Port Range Triggering: It does not allow me to change anything in this page.
  DMZ: I have it Enabled. This is where I am a bit confused. It says "Source IP Address" and it has me select either "Any IP address" or to put entries to the XXX.XXX.XXX.XXX to XXX fields. I have selected use any IP address. Then the source IP area, it says "Destination:"  I can do either "IP address: 192.168.1.XXX" or "MAC address:" Also, under MAC Address, it says DHCP Client Table and I went there and saw my Xbox under the DHCP client list (It shows up only when the Xbox is on) and selected it.  
  Under QoS: WMM Enabled, No acknowledgement disabled.
  Internet Access Priority: Enabled. Upstream Bandwith I set it to Manual and put 6000 Kbps. I had it set on Auto before, but I changed it. I have no idea what to put there so I just put a higher number. 
  Then I added for Internet Access Priority a Medium Priority for Ethernet Port 4 (the port my xbox is plugged into).
  Administration: Management: Web utility access: I have checked HTTP, unchecked HTTPS.
  Web utility access via Wireless: Enabled. Remote Access: Disabled.
  UPnp: Enabled.
  Allow Users to Configure: Enabled.
  Allow users to Disable Internet Access: Enabled.
  Under Diagnostics, when I try and Ping test 192.168.1.104 (xbox when on and connected to LIVE), I get:
  PING 192.168.1.104 (192.168.1.104): 24 data bytes
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  Request timed out.
  --- 192.168.1.104 data statistics ---
  5 Packets transmitted, 0 Packets received, 100% Packet loss
  Also, when I do Traceroute Test for my Xbox's IP, I just keep getting: 
  traceroute to 192.168.1.104 (192.168.1.104), 30 hops max, 40 byte packets
  1 * * * 192.168.1.1 Request timed out.
  2 * * * 192.168.1.1 Request timed out.
   As for the Wireless Settings, it is all on the default settings with Wi-Fi Protected setup Enabled.
  To add, I have tried connecting my modem directly to the Xbox and my connection is much improved. I have no difficulty getting the NAT open, for it seems my settings are working for that. Any help with these settings would be VERY much appreciated. 
  Message Edited by CroftBond on 02-18-2010 01:09 PM

  I own 2 of these routers (one is a spare) with the latest firmware and I have been having trouble with them for over a year.  In my case the connection speed goes to a crawl and the only way to get it back is to disable the SPI firewall.  Rebooting helps for a few minutes, but the problem returns.  All of the other fixes recommended on these forums did not help.  I found out the hard way that disabling the SPI Firewall also closes all open ports ignoring your port forwarding settings.  If you have SPI Firewall disabled, you will never be able to ping your IP from an external address.  Turn your SPI Firewall back on and test your Ping. 
  John

• Wireless design help

  Hi guys........just have  few qestions about designing WLC 5508
  The  scenario is  that currently one of the client has a firewall Tiering T1 internet facing and T2 internal whioch has multiple DMZ connected.
  T2 firewall has a DMZ switch connected which has a router which connects to MPLS cloud to different site across the country. (around 10 sites) all static routing.
  Now the client is thinking to deploy wireless at all 10 sites using H-REAP. The issue is that client has only one WLC and they are not willing to buy other as i was thinking to deploy two WLC one for corporate and one for guest users. (one in internal network and on in DMZ)
  Now my question is as follwow.
  1- Keeping in mind that there is only one WLC where should i physically put it?
  2- How guest users will work ? How the authentication will be done?
  3-There are 8 SFP ports in WLC how physical topology will look like?
  4-How many Vlans i have to make for wirless users  will that be 10? (1 at each site) ?
  my last question is that how these ports work on WLC are they just like swicth e.g  one port can be assigned to different vlan....just confuse about interfaces and vlans on WLC (interfces concept)
  Thanks guy and hope to get a response ASAP.

         OSITAN N Many thanks  please comment
                                      Internet
                                                 FW 1
                                                     !                                                        <---------------------Traffic comming this way
                                                  FW2--------DMZ--------------SW---------- Router -----------------IP MPLS-----------------
                            ------Trusted-----  !                                                                                                        !
                                                     !                                                     ------Branch Router------->               RT 
                                  !           !               !                                                                                               SW
                               DSN      AD            DHCP                                                                                          !
                                                                                                                                                              AP  
                                                                                                                                                            USER
  1 Where WLC Place so that Guest trafice dont go to Trusted area?
  2. Its gona be H-Reap so DHCP would be local for branch
  3. Voce user  Qos? priority how ? example
  4 Guest Firewall rules to use only internet ?

• Basic Design Question - Firewall Router segment

  I'm at a new place and have to re-do the current lan.  Small office, 80-100 users. Existing setup is flat network, no QoS, no VLANs.  I have already replaced an older PIX with a new ASA (5525x) and added a DMZ.  
  I am currently trying to draw up a proposed design which currently will be single firewall, multiple VLans(user, server, voice, guest).  My question is regarding the link between core router(L3 switch, whatever) and firewall.   I'm thinking the correct setup is to have a seperate /30 subnet on the interfaces between the firewall and router as below, and then router will just have a default route of 0.0.0.0 0.0.0.0 10.1.100.2     Is this correct? 
  Internet-------Firewall-(10.1.100.2/30)----------------------------(10.1.100.1/30) --Router ----(10.1.1.1/24, 10.1.2.1/24, 10.1.3.1/24, etc)                 
  Thanks,

  Your design is good. But as for the subnet between the core (router or L3 switch - switch preffered) and edge FW, i suggest something a little larger than a /30. Like a /28. You may want to add a standby FW in a few months or years, or a new WAN connection to that 'demarc' subnet' at some point. It's good practice to leave some romo for growth. Even if you dont forsee it right now.
  ==========================
  http://www.rConfig.com 
  A free, open source network device configuration management tool, customizable to your needs!
  - Always vote on an answer if you found it helpful

• Roaming and 2.4 vs 5.0 on 1250 series AP design help

  Hello,
  I will be upfront and honest and state that although I am familiar with some wireless technologies, most of this stuff is a mystery to me. I have done some homework and have researched quite a bit, but have ind of hit a wall.
  I have been handed four Aironet 1250 series AP's all with the dual radio modules (2.4 and 5.0). I really need to use only one of the modules so that we can power it via POE and not enchanced POE (long story).
  So, I need help with a design. Here's what I'd like to see.
  1.       I would like to setup "roaming" so that when a wireless client goes from one AP to another it is seamless to the user and the users NIC will associate with the strongest AP signal. Can I do this by simply setting the same SSID and security on each AP, or must I have a controller to do this?
  2.       Also, I cannot seem to get older legacy clients to communicate with the 5.0 Ghz radio module (they can’t even see it) but they work fine when I switch it out for the 2.4. I know this is a very noob question, but can the older clients (non N) work on the 5.0 module)
  I have looked through a ton of documentation but there doesn’t seem to be a configuration guide that I can find for what I need to do.
  That’s it. Can someone please have mercy on me and point me in the right direction? I will be looking in the mean time but I have a lot of unknowns. I think if I can get the two questions answered above, then I can mark as resolved and run with it.
  Thanks a bushel,
  dt

  Hi Dave,
  1. Yes, the conditions for a proper roaming are : same SSID, same security settings, and the APs serving the same client subnet (so that client doesn't have to change its ip address).
  This is sufficient for data, Fast roaming is required for applications like voice and you can then look into using cckm as key mechanism and configure one AP to act as WDS to centralize the roaming keys.
  2. This is not related. 11n is available on both 2.4 and 5 ghz band. The question is if your old adapters are capable of 802.11a or not. 11a is the 54Mbps speed in the 5ghz band. I would guess they are not capable of it.
  Adapters that are on laptop now are often "abgn" meaning they can do N speeds on both 2.4 and 5ghz band. An adapter that would be "bg" or "bgn" would typically be restricted to only 2.4 Ghz.
  Hope this helps,
  Nicolas
  ===
  Please rate answers that you find useful

• New LAN Design Help

  I'm new to Cisco and hoping to implement a large Cisco solution. Unfortunately we're not in the position to hire an expert so I'm seeking some much needed advice!
  The general plan for phase 1 would be:
  A router with 9 interface cards, that will have a 4Gbps trunk to an Internal Network Switch, 1gbps to DMZ switch, 1gbps to WLAN router, 1gbps to identical router for HSRP, 1gbps to WAN switch, and 100mbps to Internet router
  The router will need to participate in OSPF, HSRP and do trunking. It needs to do IPSEC vpn tunnels
  The Internal Network Switch would have about 40 Vlans to individual departments. Each department uplink to the Internal Network Switch would be 100mbps. Eventually this switch will be doubled up for redundancy.
  There would be about 1000 clients going through it via the Internal Network Switch, and through the Router, using the DMZ servers as well as the Internet.
  So I have a few questions regarding this setup:
  1/ Which type of router should I use?
  2/ Which type of switch should I use?
  3/ Is the network schema at all correct or would there be a better way of doing it?
  Hoping for some help!

  1) I recommend going with Cisco 2800 ISR for the IPSec VPN http://www.cisco.com/en/US/products/ps5854/index.html
  2) I recommend going with Cisco 3750G for the DMZ, WLAN, WAN switch connections. This switch provides (with the right image) HSRP, OSPF, EIGRP services.
  http://www.cisco.com/en/US/products/hw/switches/ps5023/index.html
  3) Drop all connections down to the 3750G (all ports support up to 1Gb speed) and perform all the routing there as well as layer2 VLANs.
  Nice, clean and inexpensive solution.
  In addition, 3750s support stackwise cabling so if you purchase more than one switch for port density, in the config it looks like a single switch.