Endpoint on DMZ interface (through the firewall)

Similar Messages

• How to allow Flash, Reader, and Shockwave installations through the firewall?

  When I allow a single machine to full access through the firewall on port 80, all three products install flawlessly. I am trying to narrow this down and only open the specific IP ranges used by adobe. Does anyone know which ones need to be allowed for this to work? Also, I do know about the standalone files that can be downloaded and then installed to avoid the firewall issue, but I would like to allow all users who bring their own devices to install these products. With the below IP address open through port 80, I am able to install Flash almost every time, but Reader and Shockwave are less reliable. Thank you for any help you can provide.
  Bill
  23.67.250.122
  23.67.250.129
  23.67.250.104
  23.67.250.147
  23.15.7.153
  23.15.7.130
  23.15.7.160
  23.15.7.99
  23.15.7.155
  23.15.7.113
  23.15.8.203
  23.57.1.169
  23.57.3.235
  23.67.250.88
  23.57.2.70
  8.10.179.247
  66.235.147.77
  96.17.160.72
  96.17.160.18
  192.150.16.58
  192.150.16.64
  193.104.215.66
  199.167.187.72

  I have a method that works for FLASH player, but am trying to come up with a method for the other 2 myself.  To automate flash player, I created a Policy and added the following:
  Under Computer Config, Prefrences, Windows Setting, Files I created a new File Item.
  I set Action = Replace, Created a Source File named mms.cfg* (more below) and have the destination file as systemroot%\System32\Macromed\Flash\mms.cfg (or %systemroot%\SysWOW64\Macromed\Flash\mms.cfg for x64)
  I used notepad to edit the mms.cfg, and used the following in the body:
  AutoUpdateDisable=0
  SilentAutoUpdateEnable=1
  AutoUpdateInterval=0
  My non-admin users now update flash in the background silently and automatically.

• Web Sphere let me call EJB through the firewall.

  Finally I found some light on my problem related to the firewall.
  Seems like the web Sphere gives you the option to specify the port for the application server to communicate with the client. Can I do similar stuff with Sun Application server? Or I ask our customer to use web logic instead?
  http://publib.boulder.ibm.com/infocenter/wasinfo/v4r0/topic/com.ibm.support.was.doc/html/EJB_Container/1008407.html
  Let me know if this can be easily done with the application server configuration.
  Message was edited by:
  skoizumi2133
  Message was edited by:
  skoizumi2133

  Configuring the IIOP listener from the administration interface is possible in Sun application serverThis let you configure the initial port when ejb client connects to the application server but not the port the as talks back to the client.

• After Firefox updated last night, I am no longer able to use it. "Unable to connect" I have added it back through the firewall, nothing works. Help!

  Starting last night, after an update, I am no longer able to use Firefox.
  "Problem loading page"
  "Unable to connect"
  Unable to connect"
  Firefox can't establish a connection to the server at.....
  I have tried various things, even uninstalled and re-installed, took it out of the firewall, and added it back in. But nothing is working.
  Please help!
  Thank You
  Mara

  Hello Mara, see if the next is helpful : [https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can Firefox can't load websites but other browsers can]
  also, try to boot the computer in [http://windows.microsoft.com/en-hk/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7 Windows Safe mode with network support] (press F8 on the boot screen) and check firefox again.
  (If works in Windows Safe mode then probably you have problem with other software, like security software or maybe a system driver, that is running on your computer).
  thank you

• My iTunes can't to the iTunes store , and I've allowed it through the firewall on my Windows  7. Please help!

  Please help! I'm not sure what to do!

  Then, when I opened iTunes, it took a long time to connet, and then it stopped, and I couldn't connect to the iTunes Store.
  Many thanks.
  In the course of your troubleshooting to date, have you worked through the following document?
  Apple software on Windows: May see performance issues and blank iTunes Store

• How do I allow my printer through the firewall?

  I have done everything the trouble shooting stated except for firewall. I don't know how to do this.
  == after virus in Windows.exe stituation was resolved

  I'm not sure how this is related to Firefox.

• The big deal in implements one interface through the whole system

  Hi guys,
  I'm working with java developing in a ERP system. Initially we have a desktop system and now we are merging it to be a web application. We are trying to use the same classes on both modes, and we're having problems to identify what class is hybrid ( works on web and desktop ) or isn't.
  Well one solution that they found was implements one hollow interface called InterfaceWeb, just to mark the classes that works on web and desktop, although our system isn't perfectly object oriented, this solution was the worst that I ever seen. At least I think this way and I'd like to know if someone agree, disagree or have some explication for this choose.
  []s

  Matheus.Omega.Mendes wrote:
  Well one solution that they found was implements one hollow interface called InterfaceWeb, just to mark the classes that works on web and desktop, although our system isn't perfectly object oriented, this solution was the worst that I ever seen. At least I think this way and I'd like to know if someone agree, disagree or have some explication for this choose.Hard to say without actually seeing it. Probably not a good idea.
  Presumably the design was driven by time to market and cost rather than just because the developers didn't want to refactor.
  As per the other suggestion, normally besides breaking the layers out you could share common functionality with a layer of its own (or several)

• Specify the port number to go through the firewall

  I noticed the ibm application server gives option to specify the listener port for EJB using this parameter -Dcom.ibm.CORBA.ListenerPort=8888 .
  Can I do the same thing for Sun Application Server?

  org.omg.CORBA.ORBInitialPort
  This is only for the initial connection. After the ejb container receives the call, it is going to communicate with the connecting client using random port number.

• Can I open a port range in the firewall for one host?

  Can I open a port range in the firewall for one host?  In other words, I want to be able to open ports 54001 to 54050 to allow one remote host in my LAN to access that port range in my Mac Server.  Is this possible?  Currently, the only option I see is to open individual ports for all external hosts (eg http or https)
  Thanks in advance!

  Which version of OS X Server are you using?
  Server 2.2 and earlier includes an interface to a software firewall that can be configured to open specific ports very easily. Descriptions of how to configure the firewall can be found in the documentation for these versions.
  Server 3.x no longer has an interface to the software firewall - it is still there, but you need to use other methods do configure it.  A popular example of such a method is the icefloor utility.
  Apple suggest that for Server 3 you delegate firewall duties to an external router.  Server 3 includes the ability to configure the firewall component of Apple Airport routers 'automatically'
  if you connect a machine running Server 3 directly to an Airport Router the router appears in the LH pane in the Server.app window (usually second line, below the entry for the server itself), and you can control what services are 'enabled' through the firewall there.
  a more common solution perhaps is to use a non-apple router, and configure the firewall (and so open specific ports) through whatever control interface is provided for that router.  There are many many kinds of hardware router you could use, and the control interfaces used vary widely - so you will have to consulting the documentation for your own router to work out how to do this.
  If you post information about your software versions, and hardware configuration, it is possible that you can get more specific help with the tasks involved in opening the ports.
  Hope this helps.

• OSX ML firewall is blocking smtp/imap connection to the server. how can i enable it without turning off the firewall?

  With the firewall turned on and with the "block all incoming connections" option untick, I can send email to internal and external addressee. However,
  1. Mail clients both from LAN and from outside (WAN connected) could not connect to the mail server. Both SMTP and IMAP could not connect to the server.
  2. External MTA (say from google or yahoo MX server) could not connect to the server too.
  both of these issues are resolved if I set the firewall to OFF. Is there a workaround without turning this off? appreciate your input/advise..

  I've used Mail on Exchange and Gmail with the firewall on for send/recieve on my Mac no problem there.
  However,  are you asking about the MacServer? If so, you're in the wrong section...
  Remember how public-facing systems work, they have to be universally accessible directly or through a DMZ zone in the firewall/gateway. This means the firewall/gateway has to be upstream from the server, not directly on the server.
  Also, check your DNS settings on the computers and server both inside and outside the network.

• I accidently deleted the Wi-fi interface in the Networks Menu window. HELP!

  My computer is now saying that my Wi-Fi is not configured. It wont let me re-add the interface through the network window and I don't know what else to do! It's currently only working through Ethernet. HELP!
  WIFI in the tool bar says "Wi-Fi: Not Configured."

  Restart the computer and try again. If there's no change, then from the Location menu at the top of the preference pane, select Edit Locations. A sheet will drop down. Click the plus-sign button to create a new location. Give it any name you want. In the new location, set up the Wi-Fi service with the same settings you used before. Click Apply and test.

• Internet Requests bypassing the firewall

  Hi All,
  The client wants to have a single landscape for the Internet and Intranet users (External Facing Portal for Only Authenticated users), also they wish to have the request coming from the internet directly i.e not through the firewall. What do you guys suggest for the same?
  What I feel is that it could be done by publishing the hostname as a global hostname on the internet (virtual IP address). So the requests from the intranet would be handled by the proxy and the access to the portal from the internet would be handled as a request on any other internet portal.
  But, considering the security issues should AND can be this be done?
  Thank You.
  Regards

  It's a Inter-tel phone system. My boss is currently talking to the
  Installers boss about finding out what specific ports need to be
  opened.
  On Tue, 01 May 2007 14:02:34 GMT, Rick Bousquet
  <[email protected]> wrote:
  >Dan Larson wrote:
  >
  >> Hello,
  >>
  >> We have a software vender that is installing our new phone system.
  >> They say that they need a public IP address for the new system to
  >> administer it. I said "No problem which ports in the firewall do you
  >> want opened" the response I got was not some, or even all, but "It
  >> needs to bypass the firewall."
  >>
  >> CAN a BM 3.8 sp4 firewall be bypassed? NAT is evidently ok but the
  >> vender reacted in horror when I tried to talk to them about what
  >> specifically they needed and just got "No firewalls".
  >
  >Who's phone system is it? I have setup BM to allow access to Phone systems
  >a number of ways. I can't believe they are telling you that. I think they
  >are probably clueless and just don't understand firewalls and since they
  >don't they would rather pass the buck.

• Internet Edge Router and the Firewall

  What is the best way to monitor an Internet Edge router from the Internal network behind the Firewall?
  We want to pull more information from the edge router like netflow.  We can use SNMPv3 and ACLs to keep the router secure.
  But I am looking for the best config to keep both the router and firewall as secure as possible while still allowing us to monitor performance and faults.
  I am running an ASA and a 2821.

  I'd start with locking down the router configuration if you haven't already. Cisco Configuration Professional (free) offers a nice GUI for analyzing and delivering all the necessary commands to secure the router.
  Getting Netflow from your router doesn't add much more than getting it from your ASA.
  If you're querying through the firewall to the routers using SNMPv3 (and have deleted the v1/v2 communities) that's one good step. The only other thing I might suggest is sending syslogs to your management system from the router. To do that you'll need to add an access-list and probably a NAT entry to your firewall to allow the incoming syslog traffic.
  Most important beyond all the technology is to make sure that your people follow a process to regularly analyze and act upon the information being reported and gathered. Without that all the rest isn't worth the time it take to implement it.

• Firewall Rules for Printing and Scanning through Windows Firewall

  Hello,
  I am having trouble determining the Ports, Programs, and Services required for printing and scanning with my AIO.
  I am using Windows Firewall in Windows 7, and am only allowing certain rules in and out.
  I know the firewall is the problem, for when I disable it, everything works fine.
  Which rules are required for printing and scanning through the firewall?

  4th Bump,
  Is there anyone who can help me with this?
  As I said before, other printer manufacturers such as Lexmark and Brother provide this exact information.
  Why doesn't hp have a document for this? Does everyone just disable their firewall or open every port?

• Cisco 8851 phones registering through Checkpoint firewall

  We have a customer with a secured network, using Checkpoint firewalls and have a VPN site-to-site tunnel between our Cisco ASA and their Checkpoint firewall, with Cisco phones on the far side of the tunnel and CallManager 8.6 behind the ASAs.  We have all the proper network ports referenced, but cannot get either a new Cisco 8851 (SIP) or a Cisco 7942 phone to register.  The 8851 phone, when it tries to register, uses the 6970 port for distributed TFTP via HTTP first (by design), followed by TFTP/69.  The 7900 phone never generates TFTP on port 69 at all.  What is also strange is that the source port 5060 on the 8851 phone seems to be masked with an upper ephemeral network port (51566) when the request traverses the network, regardless of it passing through the firewall or a router.  I know that TFTP uses UDP, but there is nothing in the docs that state it uses these upper port ranges?
  Is this behavior normal for a Cisco SIP-based phone, and with the Skinny phone, is there something with Checkpoint firewalls that causes issues with Cisco VOIP phones.  I have done key-word searches on the Forum for this issue, but have not found anything significant.  I have also looked at the Nokia support forum, and saw some briefs, but it didn't directly describe our issue.  Any help would b e greatly appreciated.
  Thanks,

  Hi Andrew
  The attached document may assist:
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_0/CCM_7.0PortList.pdf
  A lot depends on topology etc, and the handset registration protocol you are using (SIP vs SCCP).
  Hope this helps.
  Barry Hesk
  Intrinsic Network Solutions