Fingerprint Device access through firewall
Hello Fellow Mates,
One of my client has a fingerprint device configured in his environment. There is the internet router then there is the switch and then some pcs and the device connected. All are accessible through their headoffice as well, but now when the firewall is implemented between the internet router and the switch. Everything is working fine. Everything is accessible from the headoffice except the fingerprint device. internally its fine but cant be accessed from out. ACL allows ip any any. so no ip or port issue. went through the below link and have done everything as well but not luck. The default gateway for the fingerprint device is the Internet router, couldnt give it as the firewall because its in transparent mode.
http://www.midextimeandattendance.com/support/how-to/fingerprint-reader/connect-remotely/
Regards,
-Mateen
The JMX Management Server is only used to start up the native Memory Leak Server. The call to start up the Memory Leak Server returns an anonymous port over wich all further communication with the Memory Leak Server takes place.
This is not a technical constraint though; it just reflects the way the client is currently written. I'll make sure the next version of the MemoryLeak Detector client supports a user specified port for the communication with the Memory Leak Server - at the very least through a system property.
Contact me at hirt(at)bea.com if this is something you need right away. ;)
Kind regards,
Marcus
Similar Messages
-
Webmin Port Access through firewall
OSX 10.8.5
I just finsihed installing the latest version of Webmin.
Everything is working fine but I can not figure out how to allow access through the firewall GUI.
I need to open port 10000. Any suggestions?Thanks, I posted there a few months ago, without luck. I think I've finally found something when Googling the versions of each. iChat on Leopard doesn't use newer authentication protocols and Psi would need recompiled to be compatible. If anyone is curious in the modification here you go:
http://forum.psi-im.org/thread/5091
For now I'm looking for an alternative Jabber server to use. -
Is it possible to restrict SNMP access through firewall
My appoligies if there is already an answered discussion about this, that I didn't find.
In addition to just limiting the IP addresses allowed to have access and TCP/UDP port and direction of access, is it possible to further restrict SNMP traffic through an ASA firewall. Example 1: Can IP address IP_A on network A be forcibly limited to have only readonly SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues(or the configuration of device IB_B )?
IP_A ------- FW -------- IP_B
Example 2: Can IP address IP_A on network A be forcibly limited to have only readonly access to specific OID via SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues (or the configuration of device IP_B)?
IP_A ------> FW ------> IP_B
It looks like IOS 10.3 and above allow devices to have such access limiting. I was wondering if this could also be done via ASA for any end device.
Thanks
JimNo.
An ASA can, as you noted, restrict source and destination IP and port. To do what you are asking, one would need to prevent a string within the payload from being transmitted (or only accept certain strings).
You should just put the access-list on the destination device(s) restricting what host(s) are allowed snmp rw (as you alluded to). That's a very common implementation straight out of the textbook. -
Management server access through firewall
I'm trying to use the memory leak detector with a server in our data canter. The firewall only allows communication on certain ports and I've set -Djrockit.managementserver.port to use one of them.
The initial connection (RMI registry lookup) from the client works fine, but then the client tries to connect back to an "anonymous" (random) port that the RMI (mgmt) server listens at.
Is there a way to specify which port the actual mgmt server listens at? (I've also tried -Dcom.sun.management.jmxremote.port, but that didn't help either)
We'd like to avoid having to open ports for each newly establish connection.
Thanks!The JMX Management Server is only used to start up the native Memory Leak Server. The call to start up the Memory Leak Server returns an anonymous port over wich all further communication with the Memory Leak Server takes place.
This is not a technical constraint though; it just reflects the way the client is currently written. I'll make sure the next version of the MemoryLeak Detector client supports a user specified port for the communication with the Memory Leak Server - at the very least through a system property.
Contact me at hirt(at)bea.com if this is something you need right away. ;)
Kind regards,
Marcus -
Hi,
We have an Oracle 8 DB server inside a firewall and a webserver in the DMZ that can't communicate. It appears that when a client tries to access the Oracle server, Oracle responds with a random port # to use for the session. We can't open all ports on the firewall. How do we set this up? Is there any documentation on this?Your port is specified in your tnsnames on the client and the listener.ora on the database server for sql. The default port is usually 1521. You must open a hole in the firewall both going in and out. It has been four years since I have did this, but I remembered on the firewall having to allow the sql port open to both in and out traffic. Hope this helps - good luck.
-
Unable to access the Firewall through ASDM
Hi All,
Thanks in advance ,
in my organisatin we are facing one issue with launching of ASDM in ASA 5520 , when wer are trying to access the Firewall through ASDM we are unable to access that , see the java error loggs below , yes i know if we reload the firewall then this problem will solve , but my organisation management donsent want to reload the firewall , other procedure is to upgrage the ASDM version , just let me know the procedure for this
Using JRE version 1.7.0_25 Java HotSpot(TM) Client VM
User home directory = C:\Users\shussain
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
m: print memory usage
q: hide console
s: dump system properties
ASDM Application Logging Started at Tue Aug 20 11:04:48 AST 2013
Local Launcher Version = 1.5.30
Local Launcher Version Display = 1.5(30)
OK button clicked
Trying for ASDM Version file; url =
https://192.168.50.2/admin/
Server Version = 6.1(3)
Server Launcher Version = 1.5.30, size = 319488 bytes
invoking SGZ Loader..
Cache location = C:/Users/shussain/.asdm/cache
Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NumberFormatException: For input string: "1 year 192"
at java.lang.NumberFormatException.forInputString(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at java.lang.Integer.parseInt(Unknown Source)
at com.cisco.pdm.Check.h(DashoA10*..:1358)
at com.cisco.pdm.Check.c(DashoA10*..:858)
at com.cisco.pdm.Check.a(DashoA10*..:438)
at com.cisco.pdm.PDMApplet.start(DashoA10*..:132)
at com.cisco.nm.dice.loader.r.run(DashoA19*..:410)dear marvin,
find my firewall sh version output, and asdm version ,
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 1 year 193 days
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Ext: GigabitEthernet0/0 : address is 0021.a09a.ba76, irq 9
1: Ext: GigabitEthernet0/1 : address is 0021.a09a.ba77, irq 9
2: Ext: GigabitEthernet0/2 : address is 0021.a09a.ba78, irq 9
3: Ext: GigabitEthernet0/3 : address is 0021.a09a.ba79, irq 9
4: Ext: Management0/0 : address is 0021.a09a.ba7a, irq 11
5: Int: Internal-Data0/0 : address is 0000.0001.0002, irq 11
6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited
Maximum VLANs : 150
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Disabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : 750
WebVPN Peers : 2
AnyConnect for Mobile : Disabled
AnyConnect for Linksys phone : Disabled
Advanced Endpoint Assessment : Disabled
UC Proxy Sessions : 2
This platform has an ASA 5520 VPN Plus license.
Serial Number: JMX1304L0HA
Running Activation Key: 0x0313c076 0x58bdf52e 0xa83245ac 0xb460b058 0x88201caa
Configuration register is 0x1
Configuration last modified by enable_15 at 10:18:47.850 AST Wed Aug 21 2013
ciscoasa#
ciscoasa# sh run asdm
asdm image disk0:/asdm-613.bin
asdm location internal-network1 255.255.0.0 internal -
I subscribe to the Scotsman newspaper through itunes. The Paper is accessed through Newsstand. According to their support I should be able to access the paper on up to five devices, but I can't open it on our mini ipad. Support at the paper can't help. It does work on our other ipad.
I click on Newsstand, then search for The Scotsman. When I click on The Scotsman App there is no option to Download, only the OPEN box. When I click on OPEN nothing happens. It seems to know I'm already subscribed - it shows the subscription under In-App purchases but it doesn't open. I've also tried getting in using Featured and Purchased at the bottom of the screen, but nothing works. Thanks for trying to help.
-
Internet Access through TMG for all HO & Branch office
Dear Experts!,
I am new to the Forefront TMG 2010. Have requirement to implement internet access.
Head office : 192.168.11.x/24 (192.168.11.1 is the TMG server)
Branch Office 1: 192.168.12.x/24
Branch Office 2 : 192.168.14.x/24
Branch Office 2 : 192.168.16.x/24
Forefront TMG 2010 standard edition.
Having 3 NIC's two have different ISP network addresses and one has 192.168.11.1.
Branch office are connected using MPLS network, the requirement is all branch site internet must be accessed through TMG 2010 server which is homed in Head Office. How to achieve ?
What needs to be done in external firewall and in TMG for enabling internet access.
Thanks!
Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.Hi Ganesh,
Hope this helps
1 - If you wish to give internet as Proxy to users.
Ensure the Below subnet is able to reach TMG Internal Interface that is 192.168.11.1
Subnet
Branch Office 1: 192.168.12.x/24
Branch Office 2 : 192.168.14.x/24
Branch Office 2 : 192.168.16.x/24
Configuration
Enable Proxy in TMG and configure Proper Ports as per your requirements
On the Client IE – Ensure you put Proxy IP as TMG and Port configured in TMG configuration.
Enable a Rule
Access Rule
Source : Internal
Destination : External
Ports : HTTP / HTTPS
Users : Authenticated Users
2 As normal Internet as Gateway to users
You need to request your MPLS provider to change the Default Route of below subnet to 192.168.11.1. By doing this, all the internet request from the below subnet to internet will hit TMG.
Subnet
Branch Office 1: 192.168.12.x/24 Default Route 192.168.11.1
Branch Office 2 : 192.168.14.x/24 Default Route 192.168.11.1
Branch Office 2 : 192.168.16.x/24 Default Route 192.168.11.1
IF you have any L3 Switch then you can also make Default gateway as L3 for all the subnet and from L3 device point it to TMG
Enable a Rule
Access Rule
Source : Internal
Destination : External
Ports : HTTP / HTTPS
Users : All Users ( Important )
Two ISP
In network Rules : You need to use NAT
You will have a Rule which NATS internal to External
On external - Choose which ISP interface should be used and Apply NAT rule -
if the music that is on an iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?
See this support article:
http://support.apple.com/kb/HT1848
You can also download at least some of your content (audiobooks being a notable exception) again from the iTunes Store:
http://support.apple.com/kb/ht2519
For additional instructions, particularly for content not purchased from the iTunes Store, check out this user tip from TuringTest:
https://discussions.apple.com/docs/DOC-3991
and this page on "How-to Geek":
http://www.howtogeek.com/104298/sync-your-ios-device-with-a-new-computer-without -losing-data/
Regards.
Forum Tip: Since you're new here, you've probably not discovered the Search feature available on every Communities page, but next time, it might save you time (and everyone else from having to answer the same question multiple times) if you search a couple of ways for a topic, both in the relevant forums and in the Apple Knowledge Base, before you post a question. -
Guest LDOM disk access through multiple IO domains
Hi All,
I am working on a configuration, wherein the boot disk to the Guest LDOM is being provided through an image file hosted on a VxVM diskgroup (vmdg1). The configuration has another copy of the same image file being provided through another VxVM diskgroup (vmdg2)l through another virtual disk service.
let me clear the configuration a little more in detail
A T-5240 server having 2 IO domains configured
Primary (Control domain + IO domain + Service domain) configuration
A VxVM diskgrop (vmdg1) having a boot image file
Secondary (IO domain + Service domain) configuration
A VxVM diskgroup (vmdg2) having a copy of the boot image file
these devices are exported through their respective virtual disk services with the same mpgroup name to a guest LDOM. The vdsisk is then assigned to the guest ldom which is using the volume through the primary service.
When the guest LDOM is started it starts with the disk export through the Primary domain. All writes happen fine. When the VxVM diskgroup is deported from the Primary the Guest LDOM still remains online as starts using the disk image path through the secondary domain.
I then bring the VxVM diskgroup and the mounts back online on the Primary domain and deport the diskgroup from the secondary domain to see if it failsback to the image through the Primary domain. The Guest LDOM now is in a hung state and does not allow access through the local console or through network logins.
Has anyone see such a problem? Also is it recommended to use disk based image as a backend device in mpgroups through "ldm add-vdsdev" ?
TIA,
SudhirAs far as I know then only way to "re-balance" the I/O across the domains is to unbind/bind the guests. Not a great answer, but this could be done as part of the guests patching cycle.
I think there is an RFE to provide MPxIO-like features to guests. -
Am not able to use facebook on my Iphone 4, softwareversion:iOS7.1, also tried to access through safari and chrome that i have installed it gives an error message saying: "safari could not open the page because server stopped responding", i tried network reset, reset the whole device, rebooting , changing airplane mode rebooting nothing fix the issue, but i can access other sites and google , am using Vodafone as my carrier with 2g network, when at home able to access facebook.com through wifi in safari requesting assistance thank you
If you can access Facebook while on Wifi at home, but you are unable to access it while away running on your carrier's 2G network, I could phone your carrier. You have already completed the Cellular Data troubleshooting for the iPhone, so any limitations keeping your from connecting to Facebook over cellular will have to be answered by your carrier.
-
Error on Device Access API class/interface import
Hi,
I have followed https://apex.oracle.com/pls/apex/f?p=44785:141:128148408213710::::P141_PAGE_ID,P141_SECTION_ID:144,1032#prettyPhoto/1/ video tutorial to set up Java ME Embedded development environment in my Windows system and I have chosen Raspberry PI as embedded platform for ME applications.
I thought of experimenting on Pi’s GPIO header to control a LED through a Switch. But import statement for com.oracle.deviceaccess.PeripheralConfig is giving error in NetBeans IDE and there is no Java ME library containing this interface in the ME SDK installation directory so that I can include that in project classpath to get rid of this error.
Where can I download the JAR for Device Access API?
Please suggest…
Thank you.Thank you for your reply.
I could successfully execute ‘blinking LED’ application on Raspberry PI, I have done this using DeviceManager class, GPIOPin interface present in device-io_1.0.jar which has come with ME SDK installation (C:\Java_ME_platform_SDK_8.0\lib).
But https://apex.oracle.com/pls/apex/f?p=44785:141:10585690084130::::P141_PAGE_ID,P141_SECTION_ID:144,1033#prettyPhoto/2/ demonstrates the same application by using classes and interfaces present in com.oracle.deviceaccess package (for eg, com.oracle.deviceaccess.PeripheralManager, com.oracle.deviceaccess.gpio.GPIOPin) and the import on the same is not working in my IDE (compile time error).
I have used below software installers in a Windows7 system for development environment set up:
Java SE SDK: jdk-8u11-windows-x64.exe
Java ME SDK: oracle-jmesdk-8-0-rr-win32-bin.exe
NetBeans all-in-one bundle: netbeans-8.0-windows.exe
NetBeans plugins for Java ME: oracle-jmesdk-8-0-rr-nb-plugins.zip
I have used only above installers.Have I missed anything during development environment setup??
Please suggest further…
Thanks -
For the last week or so, whenever I try to print from a website accessed by Firefox (either to pdf or printer) the resulting pages(s) are completely unitellibible -- they look like a kind of code. I have McAfee- SitAdvisor is disabeled and Firefox has full access through the Firewall. My Windows FIrewall is turned off.
When I use Safari for the same operations, everything prints fine.
Please advise.
ThanksI also have this problem. I believe it is caused by being connected through a proxy which is adding a second compression to the data. (I think IF uses gzip compression already).
Added details:
* Opera also works.
* I can view the IF admin section on FF
* I can view the forum if I go through a web proxy. -
We have OSB service and we are able to access over firewall. Also the WSDL, Schemas etc., But when we external users access the WSDL, they are not able to get complete content i.e schemas are not imported.
Reason is WSDL has http (<import schemaLocation="http://test.com:80/xxxxxx/Proxy/schema") with port no 80 instead of https (<import schemaLocation="https://test.com/xxxxxx/Proxy/schema") .
Since we don't specify the complete schema location in WSDL, how does WSDL include the complete schema path? And how to change it https path instead of http?Namaste,
Sorry for the delayed response.
Yet, my one query is not answered.
Q:Are you ABLE to get the Desired path in Endpoint URL(https) as well?
Explanation:
What I mean is, When the external users access the WSDL (I am assuming External Users are able to access WSDL through Firewall),
As you have mentioned that XSD imports have HTTP instead of HTTPS, but how about the soap:address location? Even this points to HTTP instead of HTTPS?
(Ex:
<wsdl:service name="CaduceusSiteService">
<wsdl:port name="site_pt" binding="tns:site_pttBinding">
<soap:address location="https://www.test.com/test123"/> ---> is this HTTP or HTTPS?
</wsdl:port>
</wsdl:service>
BTW, did you set, HTTP Transport Configuration --> HTTPS required parameter to "YES"? (This is a prerequisite).
We had a similar issue, where we had HTTP instead of HTTPS when WSDL accessed from Firewall.
However, after lot of struggle, we got it worked after changing Firewall (MS TMG) settings to support for "text/xml".
I think, it could be the same settings needed to done in your case too. Please do check the firewall settings.
Thanks,
Nagaraj Ganapa -
Disable Webservices access through web
Hi All,
In OFMW and AIA 11g ps3, how can we disable webservices access through web i.e. restrict webservice call from outside
world using OWSM security policies?
We dont want to use username based authentication or any other policies that is based on authentication and authorization.
Please let me know how can we achieve this?
Thanks in advance.Hi,
I think the best way would be to block the access to services at firewall so that these services have restricted access within the network. This can be achieved only if none of the services need to be exposed over to the internet.
Regards,
Neeraj Sehgal
Maybe you are looking for
-
A STANDARD XML TAG IS NOT WORKING PROPERLY WHEN USED IN RTF FILE FOR XML RE
Hi, I am using the following tag : <?if:TASK_STATUS='Open'?><xsl:attribute xdofo:ctx="block"name="color">red</xsl:attribute> <?end if?> for changing foreground color of text which depending on certain conditiosi need to print in pdf format using xml
-
Cferror catches error, but no error exists
Hello gang .. I got the following issue with one of my fusebox 4 apps. Coldfusion complains that a variable is undefined in a page, the session variable is a dynamic variable that I put together after collecting some information. Here is how it works
-
well after some weeks of playing I have 2 applescripts that are scripted to give PVR like features to a eyetv equiped mac. 2 scripts are published here: 1) radiotimes - download all of the freeview channel information from the publicaly available rad
-
Can't get a book I purchased on iphone ibooks to show up on ibooks ipad
I've updated software, synced both devices to itunes, turned on icloud, told ibooks to sync devices and the book i purchased on my iphone will not show up in ibooks on ipad. i've spent hours on this already. anybody? please help.
-
Is anyone else getting the error "Service Temporarily Unavailable?"
I am trying to manage our schools iTunesU site and have been unable to login since Wednesday, September 4, 2013. Is anyone else running into this with their sitemanager? Our course manager logins work and students can access the content, we just ca