External Posture Server

Similar Messages

• NAC Framework with TrendMicro Policy Server? External Posture Assessment?

  Hi
  I've got a NAC Framework 2.1 setup using NAC-L2-802.1x with 2950 switches and so far it's working great. I've recently begun testing NAC with TrendMicro OfficeScan, which includes the Trend Policy Server for Cisco NAC.
  I've imported the Trend.adf file, created a new Internal Posture Validation to check these TrendAV settings (DAT version, protection enabled, etc) and it is working great with the clients. (Healthy if up to date, quarantined if out of date).
  What I'm trying to do is get this integrated with the Trend Policy Server for Cisco NAC. I've created an External Posture Validation entry for the Trend Policy Server;
  https://win2k3std:4343/antibody
  And have supplied it with the password (no username is needed to login to the web console of this server). I've also selected Trend:AV as the forwarding credential. I've gone into Network Access Profiles and made sure this was selected as an External Posture Validation Server and set it to quarantine under "Failure Posture Token". When I test this from the client (once I've enable External Posture Validation), it always ends up quarantined (even though the client is fully up to date). If I disable the External Posture Validation server from the NAP, the client test passes as Healthy (since all AV is up to date).
  I've got the Policy Server for Cisco NAC defined under NAC on my Trend OfficeScan server, and on the Policy Server for Cisco NAC, I've got the OfficeScan server defined. Yet, no matter what I've tried, the client always fails with this msg in the CSACS logs;
  Posture Validation Failure on External Policy
  Does anyone have any experience or help with this. Thanks very much.
  Jason Humes

  Please check the links for the Configuration and Troubleshoot of NAC
  www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/48/cam/48cam-book/m_agntd.html
  www.cisco.com/c/en/us/td/docs/security/nac/appliance/configuration_guide/47/cam/47cam-book/m_agntd.html#wp1234860

• External posture validation server LanDesk vs. ACS

  Hi,
  I want you to ask wheather somebody has same problem as me and how did you solve it.
  I want to validate security of hosts with LANDesk® Security Suite 8.7 in cooperation with ACS. My problem seems to be in comunication between ACS and LanDesk validation server. Landesk server in log says that no scan has been made on the host. But when i dont forward LanDesk credentials to LanDesk and I Validate them on ACS, it works. I mean ACS can determine whether the scan has been made and with which result.
  So I think problem isn't in CTA or LanDesk host agent(when they send right credentials). It seems to be somewhere between ACS and LD server.
  Didn't you have similar problem?
  p.s. I have been imported LanDesk plugins into CTA and attributes definition file into ACS. But I am not sure if the External posture validation setup in URL field should be "http://ip.a.d.d:12576/pvs.exe" which i found in LD documentation. In google i found another URL "http://ip.a.d.d:12576/avp.exe". None of them works properly. And on LD server isn't such a file.
  Thans for help
  Daniel Sebek

  Hello,
  NAC Appliance:
  • Offers Authentication, Authorization and Remediation
  • Covers Wireless, VPN and LAN.
  • Only can be used as an appliance. No virtualize offerings. For small locations which ISR routers, a 50 and 100 user module is available.
  • Licensed by user count matching and applied to the corresponding enforcement server. Users bundles are 50, 100, 250, 500, 1500, 2500, 3500 and 5000.
  • Uses SNMP V1,2 and 3 or can be in-band / bump in the wire.
  • Can leverage Cisco Profiler or whitelist non-NAC capable devices.
  • Cisco enforcement appliances can provide collecting abilities for Cisco Profiler with an additional license.
  • Can Leverage Cisco Guest server for advance guest access.
  • Comes in HP or IBM appliance formats.
  • IBM appliances are 3315, 3355 and 3395 appliances. They can support ISE
  • HP appliances are 3310, 3350 and 3390 appliances. They cannot support ISE
  ACS 5.X:
  • Offers 802.1x NAC features and device management (TACACS/RADIUS).
  • Can be an appliance or Vmware. Appliances that are IBM hardware can support ISE. VMware can be migrated to ISE for an additional cost.
  • Provides Authentication and Authorization. Does not offer remediation.
  • Requires switches that support 802.1x COA as specified on cisco.com/go/acs to function as the enforcement agent. ACS alone cannot offer access control.
  • 802.1x NAC features do not require additional licenses for up to 500 users/devices. To scale beyond 500 users/devices, an additional large deployment license is required.

• ISE 1.2 Patch 2 External RADIUS Server Sequence Broken?

  Hi community,
  We have upgraded our proof of concept ISE 1.2 lab to Patch level 2.
  Our lab design includes the use of external RADIUS servers which we off-load certain authentication rules to.
  To ensure resiliency of the external RADIUS service, we have two of these which we add to a RADIUS Server Sequence, the idea being that if the first in the list is unavailable, ISE will try the second and all will be well.
  Now this worked for us in testing ISE 1.2, but I have noticed that after the upgrade to Patch 2 ISE is sending the majority RADIUS traffic to the first (failed) external RADIUS server, with only the odd RADIUS Access-Request to thte next in the list.
  Anybody else come across this??
  All helpful comments rated!
  Many thanks, Ash.

  I couldn't find any known issues with this feature. Could you please paste the screen shot of external radius sequence and configuration. Also, how are we determing that the first server in the sequence is DEAD?
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Dbcon connection from sap db2 to external sql server

  Hi ,
  I am trying to connect from my sap server which is in unix platform with DB2 database to external SQL server using DBCON as  MSSQL_SERVER=<server_name> MSSQL_DBNAME=<db_name>. But while running ADBC_TEST_connection i am getting the error . When i check the error log it says
  Loading DB library '/usr/sap/DVL/SYS/exe/run/dbmssslib.so' ...
  M  *** ERROR => DlLoadLib()==DLENOACCESS - dlopen("/usr/sap/SID/SYS/exe/run/dbmssslib.so") FAILED
    "Unable to find library '/usr/sap/DVL/SYS/exe/run/dbmssslib.so'."  [dlux.c       445]
  M  {root-id=002655A9DCD21EE3B89D69F99DF39F0D}_{conn-id=00000000000000000000000000000000}_0
  B  *** ERROR => Couldn't load library '/usr/sap/SID/SYS/exe/run/dbmssslib.so'
  How to resolve this issue. As it was mentioned in few forum we need to download the dbsl library from kernel patches and to load in kernel path. As my  db is DB2  can  we download dbmssslib.so this library and load in kernel file? Is it will work?
  Regards,
  Rai

  Hi Rai,
  This error indicates that the ABAP stack could not find the SAP DBSL for SQL Server (dbmssslib.dll) in the kernel directory. If you encounter this error on a Unix - based server the root cause is clear: the DBSL does not exist for other platforms than Windows or Linux x84_64. In this case use a Windows-based or a Linux x86_64-based SAP Application Server to establish the connection. If your system does not contain a Windows-based or a Linux x86_64-based Application Server you need to setup a small one as workaround. If you encounter this error on a Windows Application Server or a Linux x86_64 based Application Server make sure that the DBSL is properly installed in the kernel directory as explained in the document below.
  For more details on configuration and troubleshooting refer to below SCN document
  How to access an external Microsoft SQL Server database
  Hope this helps.
  Regards,
  Deepak Kori

• Settings and usage of external FTP Server in ECC 6.0

  Dear all,
  I work in ECC 6.0, and I want to configure and use an external FTP Server for upload, download and delete file from FTP Server.
  My questions are:
  1) Which are steps for configure an FTP connection?
  2) How can I read, delete and send a flat file to the FTP Server? Can you send a sample code?
  Thanks in advance for your help.
  Best Regards,
  Giulio

  Please check program RSFTP002  is a good example given by SAP .
  a®

• File transfer from a FTP server to another External FTP server

  Hi,
  I have one FTP server , I need to transfer a file from this FTP server to aother external FTP server. Could any one please help me how to write a batch file on FTP server so that my file is transfered to another FTP server by executing the Batch file. I don't want to use SAP server for this.
  best regards
  bobby

  CREATE CONTROLFILE
  Caution:
  Oracle recommends that you perform a full backup of all files in the database before using this statement. For more information, see Oracle9i User-Managed Backup and Recovery Guide.
  Purpose
  Use the CREATE CONTROLFILE statement to re-create a control file in one of the following cases:
  All copies of your existing control files have been lost through media failure.
  You want to change the name of the database.
  You want to change the maximum number of redo log file groups, redo log file members, archived redo log files, datafiles, or instances that can concurrently have the database mounted and open.
  Note:
  If it is necessary to use the CREATE CONTROLFILE statement, do not include in the DATAFILE clause any datafiles in temporary or read-only tablespaces. You can add these types of files to the database later.
  An alternative to the CREATE CONTROLFILE statement is ALTER DATABASE BACKUP CONTROLFILE TO TRACE, which generates a SQL script in the trace file to re-create the controlfile. If your database contains any read-only or temporary tablespaces, that SQL script will also contain all the necessary SQL statements to add those files back into the database.
  http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/statements_54a.htm#SQLRF01203

• Transfer file to an external FTP SERVER

  HI Gentelemen!!,
  I'm trying to open an external FTP connection, sending a file from the  MiniSAP.
  Which is the appropiate RFC connection that I have to use??
  Anybody know how to set RFC connection to access an external FTP server.
  This are the MF that I use:
  CALL FUNCTION 'SCRAMBLE_STRING'
  To encrypt password
  CALL FUNCTION 'FTP_CONNECT'
  here i have an import value for RFC DESTINATION
  return handle - I use it to close the connection
  CALL FUNCTION 'FTP_COPY'
  CALL FUNCTION 'FTP_DISCONNECT'
  Use HANDLE numbre to close the connection
  Thanks for your help.
  POLAK.-

  I am not sure minisap has sapftp and sapftpa executable.
  Anyway the two RFC destination used to do FTP are SAPFTPA and SAPFTP. This are 2 TCP/IP RFC destination (Type T) that launch either the program sapftp or sapftpa on the application server.
  If these rfc destination are not setup in transaction SM59 you can try to define them but it might not work on minisap.
  Regards

• Transfer Excel file to external FTP server via PGP

  Hi SDN!
  I have build an scheduled report to generated an Excel-file from an internal table and saved it in the database. Now my task is to upload it to an external FTP Server of a partner company. The File contains sensible data and shall be encrypted via PGP.
  How can i upload to an external FTP server and before that, encrypt the file with PGP? I appreciate any help and look forward to reward some great posts.
  Thanks for your help!
  Edited by: Steffen Wieprecht on Aug 7, 2008 1:00 PM

  I found a solution myself, maybe someone is interrested:
  I installed a WS FTP Professional on a Server.
  Onto this server I wrote the files that have to be ftp-uploaded into one specific folder.
  A Perl Script in the scheduled tasks of the machine checks if a new file is in the folder and starts the upload.
  In WS FTP the site upload is defined with all PGP Keys so they are store secure.
  This solution can be used by any programming language that is able to write files in the upload folder.
  Best Regards,
  Steffen

• How to schedule Adapter to Pickup File on external FTP Server

  Any solution is very much appreciated for the following Problem.
  My Scenarios are  File to XI to FIle
  My problem is XI is picking up file on FTP Server while file is being written by Webservice ( This Webservice can not write .tmp file or movie file from one directory to another. So these options are ruled out )
  These are proposed steps:
  1. Job Scheduler creates Dummy File on XI File System
  2. XI Picks up File on XI File System and Invokes External Webservice and receives Response that a File "MadFile" has been written to external FTP Server.
  3. After XI receives response from webservice, XI should get "MadFile" from FTP Server
  How Can I implement step 3 above.
  ( Please do not suggest executing scripts as the the application where webservice running do not want to write it )

  ST,
  At times one has to take a stand and using a BPM like this is actually complicating things. Using the script option is the best solution!
  Menahwile, even BPM solution doesn't make sense to me as like you correctly told, your Second Receive Step can poll over the file and pick up the temporary file! Even if you can handle this using Adapter Scheduling, you would need Correlation and I am pretty sure that as you are using a dummy file, this also cannot be achieved!
  Would suggest that another option would be to ask the webservice to send a call directly to XI after writing the file. The moment XI receives the Webservice request,  XI can invoke a java proxy to collect the file ( polling using File adapter is not going to help ) and then pass this file to the integration engien and so on.
  Even my solution is not a very good one, but, if nothing works out, it is something atleast. But, I would ask you to push for the tmp folder plus script.
  Regards
  Bhavesh

• How many DNS record need to create in Internal & external DNS server for exchange?

  Hi friends,
  I recently installed Exchange Server 2010 in my organization for testing purpose and I've register a pubic ip too for exchange server on godaddy.com. How many
  internal & External DNS records reqired to configure on external & Internal dns server so my all feature like Auto-discover, Activ -sync,& webmail start working perfectly.
  It's my first time configuring exchange for a organization.
  Thanks & Regards,
  Pradeep Chaugule

  Hi,
  Just as what ManU Philip said, you need to create
  Autodiscovery.domaincom and mail.domain.com for external dns server.
  Generally, you configure your Exchange Servers as DNS clients of your internal DNS server.
  Refer from:
  http://technet.microsoft.com/en-us/library/aa996996(v=exchg.65).aspx
  Best Regards.

• External DNS server not replicating records to secondary after migration from 2003 to 2012

  Hi
  I have a query relating to 2012 Server and DNS.
  Last week we de-commissioned our primary external DNS server (Windows 2003 Server) and moved the role over to a new Windows 2012 server.
  Since this point replication to our secondary server (3rd party hosted) does not seem to occur and our DNS records seem to have expired on the secondary server as we cannot look these up via nslookup.
  I cannot see any failures in the event log of the server; I have checked our external firewall logs and nothing is being blocked inbound/ outbound as far as I can see. And the server’s local firewall has been disabled.
  The server is a standalone server in a workgroup with a standard filebased primary zone, with no AD integration and recursion disabled.
  When I created the zone I copied the .dns file from the old server and selected this in the interface during the creation of the zone on the new server.  The new server has the same internal and external IP as the old server and the old server is off-line.
  I have also manually increased the serial number of the zone and still no joy.
  One thing that I have noticed is when I open the zones properties/Name Servers and click edit on the external nameserver I get the infamous "The server with this IP address is not authoritative for the required zone" error.
  Any help Would be appreciated, thanks in advance

  Nice to hear that you are close in finding the problem. So in short:
  You have enabled Zone transfers in DNS management console for the applicable zone
  You have verified that your DNS is listening to the correct interfaces
  You have enabled firewall rules to accept TCP and UDP traffic to port 53
  You have checked if "BIND secondaries" option is applicable to your case
  You have initiated a zone transfer from the secondary server
  Lefteris Karafilis 
  MCSE, MCTS, SEC+ 
  LinkedIn: http://www.linkedin.com/in/lkarafilis 
  Mail: [email protected] 
  Blog: http://www.karafilis.net 

• Web Dynpro application calling external web server using HTTPS giving error

  Hello,
  I don't know whether this is the right question in this forum but my ABAP web-dynpro applicaiton is expected to call another HTTP application on external web server through HTTPS. Presently it is calling through plain HTTP but we want to have HTTPS.
  Here are the steps that we followed based on the link from help.sap.com
  1] Received the certificate files from external web server
  2] Created SSL Anonymous client
  3] Imported the certificate files under this client and added into the certificate list
  4] Re-started ICM
  5] Created RFC Destination of type HTTP to connect to external server with SSL option and basic authentication. This RFC destination was working under plain HTTP.
  When tried with Test connection it gave error "ICM_HTTP_CONNECTION_FAILED".
  Any idea what might be missing. Thanks in advance.
  Regards
  Rajeev

  Used proper certificate after which the error went away

• Integrating External File Server In SAP EP - Help Needed.

  Hello All,
  We have a EP 7.0 Running on HP-UX, can some one please tell me how I can integrate an External File Server or a Web DAV Folder into the SAP EP.
  Any suggestion would be a great help.
  Best Wishes,
  John.
  Message was edited by:
          John Bray

  Hi John,
  This would be helpful for you for Webdav or external filesystems  
  <a href="http://help.sap.com/saphelp_ep60sp2/helpdata/en/ed/b334ea02a2704388d1d2fc3e4298ad/frameset.htm">Integrating Documents from a Windows System into KM</a>
  Pls reward points if  helpful
  Regards
  Vineeth

• DMS Document Storage in External Content Server

  Dear All,
  We are working on a DMS scenario, where we need to store the document in an external content server, and not in SAP DB. We are evaluating the solutions around the content server, and we see that SAP provides a HTTP Interface to SAP Content Server, and this interface can be configured through OAC0 and OACT, and managed through CSADMIN. Now, a set of questions:
  1. If we intend to use SAP Content Server, do we need to purchase additional license for it? Our understanding is that the software is delivered with SAP Installation DVD, and as such no licensing charges are required.
  2. If we DO NOT intend to use SAP Content Server, and rather use an external content server (Possibly utilizing the File System at the OS level as a repository), how will the configuration of OAC0 and OACT look like in such a case? We definitely can not use HTTP Content Server as storage type, How will the entries be organized in this case?
  Has anyone worked on a scenario like this? It will be really nice if you can share your experience and expertise in this regard.
  Awaiting replies.
  Thanks and Sincere Regards,
  Sid

  Hi Ravindra,
  Thanks for the clarification. Do I understand correctly that, for a external content server (without an installation of SAP Content Server) also, we need to specify the storage type as HTTP Content Server ? But in such a case, how will the work processes be handled? As I understand, SAP Content Server engine will handle the incoming/outgoing requests through a Web Server. So, don't we need a similar arrangement for an external content server also? In that case, will the connection parameters be for a HTTP Content Server or for RFC Archive, where we can specify a RFC Destination of type G and connect through it?
  Thanks and Regards,
  Sid