DMZ and Firewall Issues or where to place the Infra Server

Similar Messages

• DMZ and FIREWALL

  Hello,
  While trying to figure out why some of the ports that I had set to forward were not forwarding I did two things:-
  1) Placed the PC that I was having " bother " with in the " DMZ " Zone
  2) Switched off ( disabled ) the firewall in my HH2.
  Running two different " port scan " programs from the Internet showed that there was no response ( timeout ) from my IPAddress, which incidentally, changed each time I went from " DMZ " to not " DMZ ".
  Does this mean that the DMZ and FIREWALL on my HH do absolutely nothing ?? so it doesn't matter what setting you have.
  or does it mean that the Port Scan programs are giving a false sense of security ??
  I'd be interested to hear from anyone who has some experience of this..

  I have a question in regarding to the location of the (oracle) application server in front of or behind the firewall:
  The router to be used has a firewall function built in. Now if I place the (oracle) application server behind this firewall, can the public users still access this (web) app server (even through this firewall)? If so, what parameters should I generally configure?
  In DMZ you should put web server ( apache+webcache) and behind firewall a middle tier with the other components of iAS (depend what you want)

• Where to place the third party jars on WLS 7.0SP2

  Our application use the thirdparty JDBC driver, for example, the JDBC driver for
  mySQL. I donot want my customer to modify startWeblogic.cmd or some file else
  to make the jar file available for the applicaiton.
  my question is if some directory exists under weblogic700/server where I can place
  the jar file(that is, like the installed extension of JDK or JRE).
  I try to place the jar file on server/ext, it does not work.
  Guofeng

  "Guofeng Zhang" <[email protected]> wrote in message
  news:[email protected]...
  >
  Our application use the thirdparty JDBC driver, for example, the JDBCdriver for
  mySQL. I donot want my customer to modify startWeblogic.cmd or some fileelse
  to make the jar file available for the applicaiton.
  my question is if some directory exists under weblogic700/server where Ican place
  the jar file(that is, like the installed extension of JDK or JRE).
  I try to place the jar file on server/ext, it does not work.
  GuofengDisclaimer: I am a newcomer to the world of BEA WLS,
  so try this at your own risk.
  For the 3rd party classes to be found, they have to be included somewhere
  in the CLASSPATH. The best place (IMO) for customisation of the CLASSPATH
  is in the extEnv.sh. You will not find it in a standard installation of
  WLS, but if you look in $WL_HOME/server/bin/startWLS.sh you will see this:
  PATH=".${PATHSEP}${WL_HOME}/server/bin${PATHSEP}${JAVA_HOME}/jre/bin${PATHSE
  P}${JAVA_HOME}/bin${PATHSEP}${PATH}"
  # Import extended environment
  if [ -f extEnv.sh ]; then
  . extEnv.sh
  fi
  Note the inclusion of "." at the start of PATH. This is magic that enables
  the ". extEnv.sh" command to locate the "extEnv.sh" script.
  In "extEnv.sh" you can use the EXT_PRE_CLASSPATH, EXT_POST_CLASSPATH,
  EXT_PRE_PATH, EXT_POST_PATH and LD_LIBRARY_PATH to add additional classes
  and directories to the server environment.
  For additional information, refer to the WebLogic Server Administration
  Guide (http://e-docs.bea.com/wls/docs70/adminguide/startstop.html).
  Similar, if you look in $WL_HOME/server/bin/setWLSEnv.sh you will see this:
  PATH="${WL_HOME}/server/bin${PATHSEP}${JAVA_HOME}/jre/bin${PATHSEP}${JAVA_HO
  ME}/bin${PATHSEP}${PATH}"
  export PATH
  # Import extended environment
  if [ -f extEnv.sh ]; then
  . extEnv.sh
  fi
  Note the missing "." in the PATH. This effectively means that even if
  the "extEnv.sh" script exists in the current directory, then ". extEnv.sh"
  command will only look along the PATH for the "extEnv.sh" script! To me,
  that looks like an error (probably caused by a DOS-programmer used to
  the default behavior in DOS to always look in the current directory
  regardless of the setting PATH), so as part of my localised installation
  procedure, I replace the offending part of setWLSEnv.sh with:
  # Import extended environment
  if [ -f extEnv.sh ]; then
  . ./extEnv.sh
  fi
  which forces the "." command to read the "extEnv.sh" file in the current
  directory, regardless of the setting of the PATH variable. I have
  notified BEA of this, but their responses is that it is per design!
  Regards,
  Jan Bruun Andersen

• I keep getting a message pop up the first time I open Photoshop CC for the day, "we sorry, we can't connect to adobe server at this time...I followed instructions to turn off my antivirus and firewall, then open it. But the problem still remains. What can

  I keep getting a message pop up the first time I open Photoshop CC for the day, "we sorry, we can't connect to adobe server at this time...I followed instructions to turn off my antivirus and firewall, then open it. But the problem still remains. What can be done?

  Moving this discussion to the Creative Cloud Download & Install forum.
  R.O.B. please see Sign in, activation, or connection errors | CC, CS6, CS5.5 - http://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html for information on how to resolve the connection error between the computer and our activation server.

• 502 - Web server received an invalid response while acting as a gateway or proxy server. There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream cont

  I am getting error while accessing url of lyncweb.domain.com, dialin.domain.com and meet.domain.com pointing to RP server.
  502 - Web server received an invalid response while acting as a gateway or proxy server.
  There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

  When i try with https://lyncfrontend.domain.local:4443 and https://lyncfrontend.domain.com:4443 both opens but when i open the external domain name i get certificate .
  ARR version installed is 3.0
  To throw more light on the configuration:
  Lync 2013 implemented, internal domain name is : domain.local and external domain name is : domain.com
  All servers in VMs are with 4 core processor, 24gb ram, 1TB drive.
  Frontend : Windows 2012r2 with Lync 2012 Standard Edition - 1 No (192.168.10.100)
  Edge : Windows 2012 with Lync 2012 Std - 1 No 
  (192.168.11.101 DMZ) in workgroup
  ISS ARR Reverse Proxy 3.0 : Windows 2012 with ARR and IIS configured. (192.168.11.102)
  Certificate : Internal Domain root CA for internal and External (Digicert).
  Internal Network : 192.168.10.x /24
  External Network (DMZ) : 192.168.11.x /24
  Public Firewall NAT to DMZ ip for firewall and RP server. So having two public IP facing external network.
  Edge has : sip.domain.com, webconf.domain.com, av.domain.com
  IIS ARR RP server has : lyncdiscover.domain.com, lyncweb.domain.com, meet.domain.com, dialin.domain.com
  Have created SRV record in public : _sip.tls.domain.com >5061>sip.domain.com, _sipfederationtls._tcp.domain.com>5061>sip.domain.com, _xmpp-server._tcp.domain.com>5269>sip.domain.com
  Installed frontend server using MS Lync server 2013 step by step for anyone by Matt Landis, Lync MVP.
  Internal AD Integrated DNS pointing Front-end
  Type of Record FQDN
  IP Description 
  A sip.domain.com
  192.168.10.100 Address internal Front End  or Director for internal network clients 
  A admin.domain.com
  192.168.10.100 URL Administration pool
  A DialIn.domain.com
  192.168.10.100 URL Access to Dial In 
  A meet.domain.com
  192.168.10.100 URL of Web services meeting
  A lyncdiscoverinternal.domain.com
  192.168.10.100 Register for Lync AutoDiscover service to internal users
  A lyncdiscover.domain.com
  192.168.10.100 Register for Lync AutoDiscover service to external users  
  SRV Service: _sipinternaltls Protocol: _tcp Port: 5061
  sip.domain.com Record pointer services to internal customer connections using TLS 
  External DNS pointing Edge & Proxy
  Type of Record FQDN
  IP Endpoint
  A sip.domain.com
  x.x.x.100 Edge
  A webconf.domain.com
  x.x.x.100 Edge
  A av.domain.com
  x.x.x.100 Edge
  SRV _sip._tls.domain.com
  sip.domain.com: 443 Edge
  SRV _sipfederationtls._tcp.domain.com
  sip.domain.com:5061 Edge
  A Meet.domain.com
  x.x.x.110 Reverse Proxy
  A Dialin.domain.com
  x.x.x.110 Reverse Proxy
  A lyncdiscover.domain.com
  x.x.x.110 Reverse Proxy
  A lyncweb.domain.com
  x.x.x.110 Reverse Proxy
  In IIS ARR proxy server following server farms are added and configured as per link ttp://y0av.me/2013/07/22/lync2013_iisarr/
  In proxy server had setup only following server farm : While running remote connectivity web service test : meet, dialin, lyncdiscover and lyncweb.
  The client inside works fine internally and through vpn. Login with external client also working fine. But we are getting error in MRCA as follows.
  a) While testing remote connectivity for lync getting error : The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  Certificate was installed properly.
  b) For remote web test under Lync throws error : A Web exception occurred because an HTTP 502 - BadGateway response was received from IIS7.
  HTTP Response Headers:
  Content-Length: 1477
  Content-Type: text/html
  Date: Wed, 14 May 2014 10:03:40 GMT
  Server: Microsoft-IIS/8.0
  Elapsed Time: 1300 ms.
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

• Since upgrading iMac to osx lion I have been experiencing problems in mail, it spontaneously stops receiving and tells me it can't find the pop server and also the biggest problem is that when I send with an attachment the recipient doesn't receive it.

  Since upgrading iMac to osx lion I have been experiencing problems in mail, it spontaneously stops receiving and tells me it can't find the pop server and also the biggest problem is that when I send with an attachment the recipient doesn't receive it.
  I have to restart mail most times before it starts recieving or recognizes the pop server.
  As I said a lot of recipients do not recieve my mails when there is an attachment or when I reply to their email.

  Contact iTunes Customer Service and request assistance
  Use this Link  >  Apple  Support  iTunes Store  Contact

• I am trying to update my iphone 3gs and it has been saying try again the activation server is temporarily unavailable

  I am trying to update my iphone 3gs and it has been saying try again the activation server is temporarily unavailable

  This usually happens if the phone has been Hacked / Jailbroken / Modified...
  is this the case...?

• All my mail have disappeared From my mac and my iOS devices. Seemingly from the iCloud server as well. How can I recover them?

  All my mail have disappeared from my mac and my iOS devices. Seemingly from the iCloud server as well. How can I recover them?

  Well, you can't since the emails are stored on icloud's mail server.  Try this test, using a computer's browser, log into icloud.com and check the mail page.  If they are gone, then they are really gone.
  Now, I thought I could go into a Time Machine backup and view old emails from a day ago.  Unfortunately, Time Machine doesn't seem to save icloud based email, since regardless of the past date I go to, only the current emails show up, not older ones.  My conclusion is that I wouldn 't be able to recover them from a TM backup.
  What had you been doing on the mac or device that causes emails to be deleted?  (I hope you don't have a family member or friend using the same icloud account - they may have deleted all emails by mistake.)

• Infrastructure Help Where to Place the Cache 505

  Should I put our cache server before our Pix Firewall or in the DMZ?

  This depends on where your wccp router is located. The rule of thumb is to place the cache engine closest to the clients.If your wccp router is on the outside of the firewall and your CE is either on the inside or DMZ you would have to create a conduit for GRE and a static for translation for the CE. Keep in mind that by placing the CE on the inside or the dmz, there will be extra traffic going through the pix because of the wccp redirection.
  I hope this helps.
  Gonzalo

• Where to place the class file of the java bean when using the packager

  I am using the activex bridge in j2se 1.5.0_06
  now i have created the jar file for my bean but where do i place the class file?
  i.e the bean..if i keep it in jdk\bin the packager gives me an error..i created a folder in my public jre jre\axbridge\bin and placed the class file there too but even this didnt work
  Kindly tell me what is the fully qualified package bean name if i have placed all my files under jdk\bin..

  D:\Java\jdk1.5.0_06\bin>packager -reg d:\java\jdk1.5.0_06\bin\PersonBean.jar Per
  son
  Processing D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\Person.idl
  Person.idl
  Processing D:\PROGRA~1\MICROS~2\VC98\INCLUDE\oaidl.idl
  oaidl.idl
  Processing D:\PROGRA~1\MICROS~2\VC98\INCLUDE\objidl.idl
  objidl.idl
  Processing D:\PROGRA~1\MICROS~2\VC98\INCLUDE\unknwn.idl
  unknwn.idl
  Processing D:\PROGRA~1\MICROS~2\VC98\INCLUDE\wtypes.idl
  wtypes.idl
  Registration failed:
  The packaged JavaBean is not located under the directory <jre_home>\axbridge\bin
  this is the error i get

• Server change name and need to know where to change the configuration

  Hi all,
  Want to check that if the web application and the database server has change the server name what we need to change in the BO app and also data intergrator edge xi3.1. Hope someone can assist me on this so that i won't need to re-install  BO edge with data intergrator again. I cannot find any information anywhere that would inform me where to change. I really need it urgently.
  Regards,

  This is something that has plagued BusinessObjects Edge/Enterprise admins for a while--you can't change the server name for BusinessObjects XI 3.1 once it has been installed. There were some forum posts going around, with people trying with limited success but given the range of products and technologies in BusinessObjects (CR, Webi, Voyager, Xcelsius, QaaWS, Explorer, etc.) the server name is embedded in too many places to be able to successfully change the name. Your best bet would be to install BOE on a new server with the correct name then use the Import Wizard to swing the content over.
  On the Data Integrator front, you could probably rename the server and then delete and recreate your DI Job Server-- most of the meta data for DI is stored in the local repository database, so you may have a shot. I would definitely test this theory out on a development machine before trying it in a production environment!!

• 1st RMI implementation: where to place the security files?

  Hi all!
  I'm preparing my first implementation of RMI, I'm using the following example:
  http://java.sun.com/docs/books/tutorial/rmi/index.html
  At the moment, I have the following questions:
  where I have to place the security files? (which directory with what files)
  when I try "javaw rmiregistry" there is an error message (can't find main class...)I don't know why... I use the same machine for both client and server... and almoust the same path (client: "...\bin\client" and "...\bin\engine" to server)
  Can you help me?
  Thanks and regards! :)

  1) where I have to place the security files? (which directory with what files) For the given example,
  For server, filename will be = server.policy
  path = should be in the classpath, for better put in folder from where you are executing.
  otherwise, put the exact path in the command as (if file is in c:\:)
  {noformat}java -cp c:homeannsrc;c:homeannpublic_htmlclassescompute.jar
  -Djava.rmi.server.codebase=file:/c:/home/ann/public_html/classes/compute.jar
  -Djava.rmi.server.hostname=zaphod.east.sun.com
  -Djava.security.policy="c:\server.policy"
  engine.ComputeEngineSimilary you can do for client.
  {noformat}

• HT4890 i maid a version update , but when turn on all the data and contcats are old where can be the last dated update

  Dear all
  i have maid a version update to my iphone
  the system has asm me before to make a buck up i did confirm to be on i cloud
  after the new instlation compleitemd on th eiphoen theor was not contcats
  only nimbers wit h no names
  i have tryeid few way and at last i have recived soem list of contacts old date make be a year old
  then i wend to icloud and alos their the list is old
  as wellon th emac it is old
  where is the data and hwo can i get back to what i had on the day of bucking up
  thax
  nati

  There are multiple reasons that lead to issue. You should read the troubleshooting guide to get the right solution to solve the issue: iPhone, iPad, or iPod touch not recognized in iTunes for Windows - Apple Support

• AirDrop and Firewall - works one way, but not the other

  This is strange:
  I have AirDrop on two computers and each of them 'sees' the other (on the AirDrop radar).
  When I drop a file, it tells me that it's waiting for the other computer to accept it.
  On the other machine the dialog pops up and asks if I want to save the file.
  This ist all good.
  When I try this the other way round, I do not get the dialog to save and finally the sending machine expires.
  When I switch off the firewall on the receiver that does not accept files, it works flawlessly.
  However: the other machine has the firewall enabled all the time, and receiving does work there no matter what.
  This is all bad.
  Somehow the firewall seems bugged. The gui does not allow for a lot of experimenting and I am not very good at the console.
  Can someone tell me how to get the firewall to be on and still be able to accept files via AirDrop?
  "ipfw flush" did not help.
  Thanks for the help!

  It's the firewall settings. It seems like a bug, because in the firewall I had Finder set to allow all incoming connections.
  Do the following:
  - System Preferences, Security, Firewall, Advanced settings
  - Remove the entry for Finder by selecting it and press the minus button
  - Check allow signed software
  - Uncheck block all
  It's working for me now.

• I downloaded elements 11 and don't know where ton get the serial number?

  I downloaded elements 11 online but I don't know where to get the serial number?

  Please refer : http://helpx.adobe.com/x-productkb/global/find-serial-number.html