DMZ and application restriction

Here's our setup/situation:
- 1 Oracle database with APEX 2.2 installed inside our firewall with several applications
running on it, 1 of which will be accessed from the internet.
- 1 Apache 2.0 web server in our DMZ that accesses the APEX internal web server
using ProxyPass for /pls/htmldb and /i.
- we are trying to figure out how we can restrict access to the one application, app 111, that
people will need to get to from the internet. Right now they can simply change the app
# in the URL to get to the other applications. We're taking a look at mod_rewrite but
it's been a slow, tedious process so far.
So, I'm curious how other people have solved this issue and the various bumps in the road that you encountered. Any and all advice, tips, and solutions are welcome.
Thanks

D-Shizzle,
Here is a possibility.
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
# Prevent direct access to the application 100
RewriteCond %{QUERY_STRING} !NLS_LANG
RewriteRule ^/pls/htmldb/f?p=100 https://www.yourdomain.com
I've seen a similar rewrite rule work for a non Apex application. I'm not an Apache expert and don't have an environment to test this logic in, so your have to test...
Is it possible for you to have two proxy servers? One to handle external traffic and another for internal traffic? On the externally faced server you could investigate ProxyPass logic specific for your external need.
Like I said I'm not an expert, just giving ideas. Once you get your solution working it would be interesting to see the code. I can see the same requirement being requested where I'm working.
Todd

Similar Messages

I can see the Safari icon on my iPhone screen, but the program doesn't run. I have checked the settings and it is on and not restricted. Can I delete the application and reinstall it?

I can see the Safari icon on my iPhone screen, but the program doesn't run. I have checked the settings and it is on and not restricted. It seems that the application has simply stopped running. The little "searching" icon just spins and spins. Can I delete the application and reinstall it?

You can't delete it. you will need to do a restore.
Restore: http://support.apple.com/kb/HT1414

Segregation of Cash application and application of on account AR payments

Hi Friends,
We have a requirement to segregate cash application to customer accounts and application of on account payments from customer account. The requirement is coming from Internal audit. They want a process where a group of users can apply payments to the customers , they can apply payment directly to invloice if they know it. But if they don't know the same, they can post on account to the customer. Another group of users (collectors) can call up customer and find for which invoice, the payment needs to be applied and can clear on account payment to an invoice. In FI module, application of payment to customer can be done by using TR code F-28 and account clearing can be done using Tr code F-04/F-32. These two functions can be segregated by restricting access of F-28 to only cash application group. But if the collector wants, he/she can post to cash account using Tr code F-32/F-04 also. SAP does allow to enter any GL Account in clearing Tr codes also so it does not seem possible to segregate these two functions just by restricting access to Tr code F-28. Restricting access of collectors to all GL Accounts may not work as they may have to post exchange rate gain/loss which are GL Accounts. Has anyone dealt with such situation and how was it solved? Any suggestion would be helpful.
Thanks and regards,
Pinky

Hi Friends,
We have a requirement to segregate cash application to customer accounts and application of on account payments from customer account. The requirement is coming from Internal audit. They want a process where a group of users can apply payments to the customers , they can apply payment directly to invloice if they know it. But if they don't know the same, they can post on account to the customer. Another group of users (collectors) can call up customer and find for which invoice, the payment needs to be applied and can clear on account payment to an invoice. In FI module, application of payment to customer can be done by using TR code F-28 and account clearing can be done using Tr code F-04/F-32. These two functions can be segregated by restricting access of F-28 to only cash application group. But if the collector wants, he/she can post to cash account using Tr code F-32/F-04 also. SAP does allow to enter any GL Account in clearing Tr codes also so it does not seem possible to segregate these two functions just by restricting access to Tr code F-28. Restricting access of collectors to all GL Accounts may not work as they may have to post exchange rate gain/loss which are GL Accounts. Has anyone dealt with such situation and how was it solved? Any suggestion would be helpful.
Thanks and regards,
Pinky

DMZ and FIREWALL

Hello,
While trying to figure out why some of the ports that I had set to forward were not forwarding I did two things:-
1) Placed the PC that I was having " bother " with in the " DMZ " Zone
2) Switched off ( disabled ) the firewall in my HH2.
Running two different " port scan " programs from the Internet showed that there was no response ( timeout ) from my IPAddress, which incidentally, changed each time I went from " DMZ " to not " DMZ ".
Does this mean that the DMZ and FIREWALL on my HH do absolutely nothing ?? so it doesn't matter what setting you have.
or does it mean that the Port Scan programs are giving a false sense of security ??
I'd be interested to hear from anyone who has some experience of this..

I have a question in regarding to the location of the (oracle) application server in front of or behind the firewall:
The router to be used has a firewall function built in. Now if I place the (oracle) application server behind this firewall, can the public users still access this (web) app server (even through this firewall)? If so, what parameters should I generally configure?
In DMZ you should put web server ( apache+webcache) and behind firewall a middle tier with the other components of iAS (depend what you want)

SETUP APPLICATION RESTRICTIONS

Please, how can I setup application restrictions on my iPhone 4? Thank you

Go to settings > General > restrictions > and do whatever you want from there.

Sharepoint Internet publishing dmz and lan

we have provided below list to Operation to configure dmz and lan envoirnment
dmz server was not on domain they faced issue to put dmz on domain they have to open on firewall any from
dmz to active directory is there any port we are missing below if we have to have communication from DMZ to db/application server
MCTS,ITIL

WFE -> DB only requires 1433 (or the assigned port) and 1434/udp if using a random port. WFE -> WFE communication is what leverages 32843/32844 (service calls).
Outbound email must be port 25, unless you configure an anonymous relay that SharePoint can communicate to over port 25.
Trevor Seward
Follow or contact me at...
&nbsp&nbsp
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

I wonder to know what is the enterprise solution for windows and application event log management and analyzer

Hi
I wonder to know what is the enterprise solution for windows and application event log management and analyzer.
I have recently research and find two application that seems to be profession ,1-manageengine eventlog analyzer, 2- Solarwinds LEM(Solarwind Log & Event Manager).
I Want to know the point of view of Microsoft expert and give me their experience and solutions.
thanks in advance.

Consider MS System Center 2012.
Rgds

What is the diffrence between sap events and application events

Hi all,
what is the diffrence between sap events and application events.Can any one tell me with examples.
regards,

Hi,
Look at this,
System Events (Default)
The event is passed to the application server, but does not trigger the PAI. If you have registered an event handler method in your ABAP program for the event (using the SET HANDLER statement), this method is executed on the application server.
Within the event handler method, you can use the static method SET_NEW_OK_CODE of the global class CL_GUI_CFW to set a function code and trigger the PAI event yourself. After the PAI has been processed, the PBO event of the next screen is triggered.
The advantage of using this technique is that the event handler method is executed automatically and there are no conflicts with the automatic input checks associated with the screen. The disadvantage is that the contents of the screen fields are not transported to the program, which means that obsolete values could appear on the next screen. You can work around this by using the SET_NEW_OK_CODE method to trigger field transport and the PAI event after the event handler has finished.
Application Events
The event is passed to the application server, and triggers the PAI. The function code that you pass contains an internal identifier. You do not have to evaluate this in your ABAP program. Instead, if you want to handle the event, you must include a method call in a PAI dialog module for the static method DISPATCH of the global class CL_GUI_CFW. If you have defined an event handler method in your ABAP program for the event (using the SET HANDLER statement), the DISPATCH method calls it. After the event handler has been processed, control returns to the PAI event after the DISPATCH statement and PAI processing continues.
The advantage of this is that you can specify yourself the point at which the event is handled, and the contents of the screen fields are transported to the application server beforehand. The disadvantage is that this kind of event handling can lead to conflicts with the automatic input checks on the screen, causing events to be lost.
Hope u understood.
Thanks&Regards,
Ruthra.R

What is the difference between apps and applications?

I have an application that I've been running on my older Mac. Now that I have a new MacBook Pro, I have to reinstall new software that is compatible. When I go to the vendor website I see an application I can download or a link to the Mac App Store. Is an application different than an app? When should you download them from a vendor website and when should you go to the app store? Do apps end up in the Launchpad and an application in your Applications folder? I can't seem to find information on what is the distinction. Are they actually two different things? Any help would be appreciated.

No difference between apps and applications. If you download the app from the Apple AppsStore you have better security and a conveninet place to have all your downloads. Nothing wrong with downloading from a trusted developer though.
EDIT: Yes they will either wind up in your Download folder as a .dmg you will have to double-click on to install, or most app store apps will install to your Applications folder.

How to have one centeral management console for DB and Application server?

Hi
Thank you for reading my post
I read in several places that ORACLE provide facilitis that help developers to have one centeral console to manage Application server / Database and what ever oracle products.
I want to know that, when i have Oracle 10g r2 and Application server 10.1.3.1 installed, how i can use that centeral management console?
is it some other application that i should install ?
or it is just some more configuration?
thanks

What you are looking for is called Grid Control.
You will need the Grid Control Agent installed on each server that has products from Oracle's technology stack installed (database, web server, app server, etc). You will also need install the Grid Control software and repository.
You can download Grid Control from the following link:
http://www.oracle.com/technology/software/products/oem/index.html

Menu bar and application toolbar

is there a way to change item text on menu bar and application toolbar eg in business partner overview(T-Code fmcacov) i want to change text 'Business Partner" to "tax Payer" on both menu bar an application toolbar. i have tried the norma way of going to change the screen but when i am on the GUI status its not going to change mode even sfter entering the access key

Hi ,
Open the program and click on GOTO=>ATTRIBUTES.
Change the text to the heading which you want.
SAVE & ACTIVATE.
Regarding opening in change mode, the steps you have carried out are correct.
You need to comment the existing gui-status by placing cursor on that line & click delete.
Then click on INsert button and add new gui-status.
Best regards,
Prashant

The system could not find a javax.ws.rs.ext.MessageBodyWriter or a DataSourceProvider class for the com.rest.assignment.EmpBean type and application/json mediaType. Ensure that a javax.ws.rs.ext.MessageBodyWriter exists in the JAX-RS application for the

Hi,
Im trying to create a Rest WS with a @GET method that will return me an Emp object. I need the output as a JSON string.
I have created a dynamic web project and added javax RS jars:
When im trying to run this, i'm getting the below mentioned error:
FlushResultHa E org.apache.wink.server.internal.handlers.FlushResultHandler handleResponse The system could not find a javax.ws.rs.ext.MessageBodyWriter or a DataSourceProvider class for the com.rest.assignment.EmpBean type and application/json mediaType. Ensure that a javax.ws.rs.ext.MessageBodyWriter exists in the JAX-RS application for the type and media type specified.
RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation of the handlers chain: WebApplicationException (500 - Internal Server Error)
Please help as im stuck with this from long.
Thanks in advance.
Below is the code for my service class:
package com.rest.assignment;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@Path("/restService")
public class RestService extends Application {
 @GET
 @Path("/getEmpDetails")
 @Produces(MediaType.APPLICATION_JSON)
 public Response getStringResponse()
 EmpBean empBean = new EmpBean();
 String filePath = "C:/Program Files/IBM/workspace/HelloWorld/src/com/rest/resources/EmpData.properties";
 Properties properties = new Properties();
 try {
 properties.load(new FileInputStream(filePath));
 } catch (FileNotFoundException e) {
 e.printStackTrace();
 } catch (IOException e) {
 e.printStackTrace();
 Enumeration e = properties.propertyNames();
 String result="";
 String[] empDetailsArr;
 while (e.hasMoreElements()) {
 String key = (String) e.nextElement();
 String empDetails = properties.getProperty(key);
 empDetailsArr=empDetails.split(",");
 empBean.setFirstName(empDetailsArr[0]);
 empBean.setLastName(empDetailsArr[1]);
 empBean.setEmpId(empDetailsArr[2]);
 empBean.setDesignation(empDetailsArr[3]);
 empBean.setSkillSet(empDetailsArr[4]);
 result = empDetailsArr[1];
 //return empBean;
 return Response.ok(empBean).type(MediaType.APPLICATION_JSON_TYPE).build();
 @Override
 public Set<Class<?>> getClasses() {
 Set<Class<?>> classes = new HashSet<Class<?>>();
 classes.add(RestService.class);
 classes.add(EmpBean.class);
 return classes;
and my empBean goes like this:
package com.rest.assignment;
public class EmpBean {
 private String firstName;
 private String lastName;
 private String empId;
 private String designation;
 private String skillSet;
 public String getFirstName() {
 return firstName;
 public void setFirstName(String firstName) {
 this.firstName = firstName;
 public String getLastName() {
 return lastName;
 public void setLastName(String lastName) {
 this.lastName = lastName;
 public String getEmpId() {
 return empId;
 public void setEmpId(String empId) {
 this.empId = empId;
 public String getDesignation() {
 return designation;
 public void setDesignation(String designation) {
 this.designation = designation;
 public String getSkillSet() {
 return skillSet;
 public void setSkillSet(String skillSet) {
 this.skillSet = skillSet;
Web.xml goes like this:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>restWS</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>REST</servlet-name>
<servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
<init-param>
 <param-name>javax.ws.rs.Application</param-name>
 <param-value>com.rest.assignment.RestService</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>REST</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
When i try to return a string from my get method, it gives me a proper response. i get this exception when im trying to return a JSON response.

Hi,
Im trying to create a Rest WS with a @GET method that will return me an Emp object. I need the output as a JSON string.
I have created a dynamic web project and added javax RS jars:
When im trying to run this, i'm getting the below mentioned error:
FlushResultHa E org.apache.wink.server.internal.handlers.FlushResultHandler handleResponse The system could not find a javax.ws.rs.ext.MessageBodyWriter or a DataSourceProvider class for the com.rest.assignment.EmpBean type and application/json mediaType. Ensure that a javax.ws.rs.ext.MessageBodyWriter exists in the JAX-RS application for the type and media type specified.
RequestProces I org.apache.wink.server.internal.RequestProcessor logException The following error occurred during the invocation of the handlers chain: WebApplicationException (500 - Internal Server Error)
Please help as im stuck with this from long.
Thanks in advance.
Below is the code for my service class:
package com.rest.assignment;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Application;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
@Path("/restService")
public class RestService extends Application {
 @GET
 @Path("/getEmpDetails")
 @Produces(MediaType.APPLICATION_JSON)
 public Response getStringResponse()
 EmpBean empBean = new EmpBean();
 String filePath = "C:/Program Files/IBM/workspace/HelloWorld/src/com/rest/resources/EmpData.properties";
 Properties properties = new Properties();
 try {
 properties.load(new FileInputStream(filePath));
 } catch (FileNotFoundException e) {
 e.printStackTrace();
 } catch (IOException e) {
 e.printStackTrace();
 Enumeration e = properties.propertyNames();
 String result="";
 String[] empDetailsArr;
 while (e.hasMoreElements()) {
 String key = (String) e.nextElement();
 String empDetails = properties.getProperty(key);
 empDetailsArr=empDetails.split(",");
 empBean.setFirstName(empDetailsArr[0]);
 empBean.setLastName(empDetailsArr[1]);
 empBean.setEmpId(empDetailsArr[2]);
 empBean.setDesignation(empDetailsArr[3]);
 empBean.setSkillSet(empDetailsArr[4]);
 result = empDetailsArr[1];
 //return empBean;
 return Response.ok(empBean).type(MediaType.APPLICATION_JSON_TYPE).build();
 @Override
 public Set<Class<?>> getClasses() {
 Set<Class<?>> classes = new HashSet<Class<?>>();
 classes.add(RestService.class);
 classes.add(EmpBean.class);
 return classes;
and my empBean goes like this:
package com.rest.assignment;
public class EmpBean {
 private String firstName;
 private String lastName;
 private String empId;
 private String designation;
 private String skillSet;
 public String getFirstName() {
 return firstName;
 public void setFirstName(String firstName) {
 this.firstName = firstName;
 public String getLastName() {
 return lastName;
 public void setLastName(String lastName) {
 this.lastName = lastName;
 public String getEmpId() {
 return empId;
 public void setEmpId(String empId) {
 this.empId = empId;
 public String getDesignation() {
 return designation;
 public void setDesignation(String designation) {
 this.designation = designation;
 public String getSkillSet() {
 return skillSet;
 public void setSkillSet(String skillSet) {
 this.skillSet = skillSet;
Web.xml goes like this:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<display-name>restWS</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>REST</servlet-name>
<servlet-class>com.ibm.websphere.jaxrs.server.IBMRestServlet</servlet-class>
<init-param>
 <param-name>javax.ws.rs.Application</param-name>
 <param-value>com.rest.assignment.RestService</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>REST</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
</web-app>
When i try to return a string from my get method, it gives me a proper response. i get this exception when im trying to return a JSON response.

I want Firefox to open to my homepage every time after it crashes. I do not want it to return to the tabs and applications that caused the crash. I am willing to lose information. How do I do this?

Firefox crashes or seizes up when there are too many tabs and applications open, and causes my computer to crash or seize up. I use task manager to close Firefox or I restart my computer. Then, when Firefox restarts again, it automatically re-opens all the tabs and applications that caused the computer to seize or crash in first place. This is a waste of my time. I want Firefox to reopen to my homepage even if it crashes. I am willing to lose information to have Firefox reopen to a low-memory homepage. How do I do this?

Set the Integer pref browser.sessionstore.max_resumed_crashes to 0 on the about:config page to get the about:sessionrestore page immediately with the first restart after a crash has occurred or the Task Manager was used to close Firefox.
* http://kb.mozillazine.org/browser.sessionstore.max_resumed_crashes
That will allow you to deselect the tab(s) that you do not want to reopen, but will allow to reopen other tabs.
See:
* http://kb.mozillazine.org/Session_Restore#Restoring_a_session_after_a_crash
* http://kb.mozillazine.org/Browser.sessionstore.max_resumed_crashes
See also:
* https://wiki.mozilla.org/Session_Restore#Preferences
To open the about:config page, type about:config in the location (address) bar and press the "Enter" key, just like you type the url of a website to open a website. 
If you see a warning then you can confirm that you want to access that page. 
*Use the Filter bar at to top of the about:config page to locate a preference more easily.
*Preferences that have been modified show as bold (user set).
*Preferences can be reset to the default via the right-click context menu if they are user set
*Preferences can be changed via the right-click context menu: Modify (String or Integer) or Toggle (Boolean)

Need help with ASA 5512 and SQL port between DMZ and inside

Hello everyone,
Inside is on gigabitEthernet0/1 ip 192.9.200.254
I have a dmz on gigabitEthernet2 ip 192.168.100.254
I need to pass port 443 from outside to dmz ip 192.168.100.80 and open port 1433 from 192.168.100.80 to the inside network.
I believe this will work for port 443:
object network dmz
subnet 192.168.100.0 255.255.255.0
object network webserver
host 192.168.100.80
object network webserver
nat (dmz,outside) static interface service tcp 443 443
access-list Outside_access_in extended permit tcp any object webserver eq 443
access-group Outside_access_in in interface Outside
However...How would I open only port 1433 from dmz to inside?
At the bottom of this message is my config if it helps.
Thanks,
John Clausen
Config:
: Saved
ASA Version 9.1(2)
hostname ciscoasa-gcs
domain-name router.local
enable password f4yhsdf.4sadf977 encrypted
passwd f4yhsdf.4sadf977 encrypted
names
ip local pool vpnpool 192.168.201.10-192.168.201.50
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 123.222.222.212 255.255.255.224
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.9.200.254 255.255.255.0
interface GigabitEthernet0/2
nameif dmz
security-level 100
ip address 192.168.100.254 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name router.local
object network inside-subnet
subnet 192.9.200.0 255.255.255.0
object network netmotion
host 192.9.200.6
object network inside-network
subnet 192.9.200.0 255.255.255.0
object network vpnpool
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.168.201.0_26
subnet 192.168.201.0 255.255.255.192
object network NETWORK_OBJ_192.9.200.0_24
subnet 192.9.200.0 255.255.255.0
access-list outside_access_in extended permit icmp any4 any4 log disable
access-list Outside_access_in extended permit udp any object netmotion eq 5020
access-list split standard permit 192.9.200.0 255.255.255.0
access-list VPNT_splitTunnelAcl standard permit 192.9.200.0 255.255.255.0
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static inside-network inside-network destination static vpnpool vpnpool
nat (inside,outside) source static NETWORK_OBJ_192.9.200.0_24 NETWORK_OBJ_192.9.200.0_24 destination static NETWORK_OBJ_192.168.201.0_26 NETWORK_OBJ_192.168.201.0_26 no-proxy-arp route-lookup
object network netmotion
nat (inside,outside) static interface service udp 5020 5020
nat (inside,outside) after-auto source dynamic any interface
access-group Outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 123.222.222.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.9.200.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.9.200.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes128-sha1 3des-sha1
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 2 regex "Windows NT"
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3 regex "Intel Mac OS X"
anyconnect enable
tunnel-group-list enable
group-policy SSLVPN internal
group-policy SSLVPN attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value router.local
group-policy VPNT internal
group-policy VPNT attributes
dns-server value 192.9.200.13
vpn-tunnel-protocol ikev1 l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPNT_splitTunnelAcl
default-domain value router.local
username grimesvpn password 7.wersfhyt encrypted
username grimesvpn attributes
service-type remote-access
tunnel-group SSLVPN type remote-access
tunnel-group SSLVPN general-attributes
address-pool vpnpool
default-group-policy SSLVPN
tunnel-group SSLVPN webvpn-attributes
group-alias SSLVPN enable
tunnel-group VPNT type remote-access
tunnel-group VPNT general-attributes
address-pool vpnpool
default-group-policy VPNT
tunnel-group VPNT ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:36271b5a1b9382621e14c3aa635e2fbb
: end

Hi Vibor. Apologies if my comment was misunderstood. What I meant to say was that the security level of the dmz interface should probably be less than 100.
And therefore traffic could be controlled between DMZ and inside networks.
As per thr security level on the DMZ interface. ....... that command is correct. :-)

I can not print from Firefox, but can from all other browsers and applications (such as MS Word, notepad, etc.). I get a print error on the printing monitor like it's a spooling problem.

This is a recent development but I can not print anything from within Firefox. The print functions open normally, it is going to the correct printer which works..I can print from other browsers and applications. It acts like it is spooling and then a print error occurs and it won't print. I closed and reopened Firefox, opened it in safe mode, cleaned out history/cache/cookies, and rebooted twice. Nothing makes any difference. Also tried printing from the print preview which had the same result. I can print from all other browsers and applications without a problem so it must be within Firefox.

See this: 
http://kb.mozillazine.org/Problems_printing_web_pages

DMZ and application restriction

Similar Messages

Maybe you are looking for