Fingerprint Device access through firewall

Similar Messages

• Webmin Port Access through firewall

  OSX 10.8.5
  I just finsihed installing the latest version of Webmin.
  Everything is working fine but I can not figure out how to allow access through the firewall GUI.
  I need to open port 10000. Any suggestions?

  Thanks, I posted there a few months ago, without luck. I think I've finally found something when Googling the versions of each. iChat on Leopard doesn't use newer authentication protocols and Psi would need recompiled to be compatible. If anyone is curious in the modification here you go:
  http://forum.psi-im.org/thread/5091
  For now I'm looking for an alternative Jabber server to use.

• Is it possible to restrict SNMP access through firewall

  My appoligies if there is already an answered discussion about this, that I didn't find.
  In addition to just limiting the IP addresses allowed to have access and TCP/UDP port and direction of access, is it possible to further restrict SNMP traffic through an ASA firewall.  Example 1:  Can IP address IP_A on network A be forcibly limited to have only readonly SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues(or the configuration of device IB_B )?
       IP_A   ------- FW -------- IP_B
  Example 2:  Can IP address IP_A on network A be forcibly limited to have only readonly access to specific OID via SNMP polling access to IP_B on network B on the other side of an ASA firewall regardless of the community string it issues (or the configuration of device IP_B)?
       IP_A ------>  FW ------> IP_B
  It looks like IOS 10.3 and above allow devices to have such access limiting.  I was wondering if this could also be done via ASA for any end device.
  Thanks
  Jim

  No.
  An ASA can, as you noted, restrict source and destination IP and port. To do what you are asking, one would need to prevent a string within the payload from being transmitted (or only accept certain strings).
  You should just put the access-list on the destination device(s) restricting what host(s) are allowed snmp rw (as you alluded to). That's a very common implementation straight out of the textbook.

• Management server access through firewall

  I'm trying to use the memory leak detector with a server in our data canter. The firewall only allows communication on certain ports and I've set -Djrockit.managementserver.port to use one of them.
  The initial connection (RMI registry lookup) from the client works fine, but then the client tries to connect back to an "anonymous" (random) port that the RMI (mgmt) server listens at.
  Is there a way to specify which port the actual mgmt server listens at? (I've also tried -Dcom.sun.management.jmxremote.port, but that didn't help either)
  We'd like to avoid having to open ports for each newly establish connection.
  Thanks!

  The JMX Management Server is only used to start up the native Memory Leak Server. The call to start up the Memory Leak Server returns an anonymous port over wich all further communication with the Memory Leak Server takes place.
  This is not a technical constraint though; it just reflects the way the client is currently written. I'll make sure the next version of the MemoryLeak Detector client supports a user specified port for the communication with the Memory Leak Server - at the very least through a system property.
  Contact me at hirt(at)bea.com if this is something you need right away. ;)
  Kind regards,
  Marcus

• DB access through Firewall

  Hi,
  We have an Oracle 8 DB server inside a firewall and a webserver in the DMZ that can't communicate. It appears that when a client tries to access the Oracle server, Oracle responds with a random port # to use for the session. We can't open all ports on the firewall. How do we set this up? Is there any documentation on this?

  Your port is specified in your tnsnames on the client and the listener.ora on the database server for sql. The default port is usually 1521. You must open a hole in the firewall both going in and out. It has been four years since I have did this, but I remembered on the firewall having to allow the sql port open to both in and out traffic. Hope this helps - good luck.

• Unable to access the Firewall through ASDM

                     Hi All,
  Thanks in advance ,
  in my organisatin we are facing one issue with launching of ASDM in ASA 5520 , when wer are trying to access the Firewall through ASDM we are unable to access that , see the java error loggs below , yes i know if we reload the firewall then this problem will solve , but my organisation management donsent want to reload the firewall , other procedure is to upgrage the ASDM version , just let me know the procedure for this
  Using JRE version 1.7.0_25 Java HotSpot(TM) Client VM
  User home directory = C:\Users\shussain
  c:   clear console window
  f:   finalize objects on finalization queue
  g:   garbage collect
  h:   display this help message
  m:   print memory usage
  q:   hide console
  s:   dump system properties
  ASDM Application Logging Started at Tue Aug 20 11:04:48 AST 2013
  Local Launcher Version = 1.5.30
  Local Launcher Version Display = 1.5(30)
  OK button clicked
  Trying for ASDM Version file; url =
  https://192.168.50.2/admin/
  Server Version = 6.1(3)
  Server Launcher Version = 1.5.30, size = 319488 bytes
  invoking SGZ Loader..
  Cache location = C:/Users/shussain/.asdm/cache
  Exception in thread "SGZ Loader: launchSgzApplet" java.lang.NumberFormatException: For input string: "1 year 192"
  at java.lang.NumberFormatException.forInputString(Unknown Source)
  at java.lang.Integer.parseInt(Unknown Source)
  at java.lang.Integer.parseInt(Unknown Source)
  at com.cisco.pdm.Check.h(DashoA10*..:1358)
  at com.cisco.pdm.Check.c(DashoA10*..:858)
  at com.cisco.pdm.Check.a(DashoA10*..:438)
  at com.cisco.pdm.PDMApplet.start(DashoA10*..:132)
  at com.cisco.nm.dice.loader.r.run(DashoA19*..:410)

  dear marvin,
  find my firewall sh version output, and asdm version ,
  ciscoasa# sh ver
  Cisco Adaptive Security Appliance Software Version 8.0(4)
  Device Manager Version 6.1(3)
  Compiled on Thu 07-Aug-08 20:53 by builders
  System image file is "disk0:/asa804-k8.bin"
  Config file at boot was "startup-config"
  ciscoasa up 1 year 193 days
  Hardware:   ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
  Internal ATA Compact Flash, 256MB
  BIOS Flash M50FW080 @ 0xffe00000, 1024KB
  Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                               Boot microcode   : CN1000-MC-BOOT-2.00
                               SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                               IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.05
  0: Ext: GigabitEthernet0/0  : address is 0021.a09a.ba76, irq 9
  1: Ext: GigabitEthernet0/1  : address is 0021.a09a.ba77, irq 9
  2: Ext: GigabitEthernet0/2  : address is 0021.a09a.ba78, irq 9
  3: Ext: GigabitEthernet0/3  : address is 0021.a09a.ba79, irq 9
  4: Ext: Management0/0       : address is 0021.a09a.ba7a, irq 11
  5: Int: Internal-Data0/0    : address is 0000.0001.0002, irq 11
  6: Int: Internal-Control0/0 : address is 0000.0001.0001, irq 5
  Licensed features for this platform:
  Maximum Physical Interfaces  : Unlimited
  Maximum VLANs                : 150      
  Inside Hosts                 : Unlimited
  Failover                     : Active/Active
  VPN-DES                      : Enabled  
  VPN-3DES-AES                 : Disabled 
  Security Contexts            : 2        
  GTP/GPRS                     : Disabled 
  VPN Peers                    : 750      
  WebVPN Peers                 : 2        
  AnyConnect for Mobile        : Disabled 
  AnyConnect for Linksys phone : Disabled 
  Advanced Endpoint Assessment : Disabled 
  UC Proxy Sessions            : 2        
  This platform has an ASA 5520 VPN Plus license.
  Serial Number: JMX1304L0HA
  Running Activation Key: 0x0313c076 0x58bdf52e 0xa83245ac 0xb460b058 0x88201caa
  Configuration register is 0x1
  Configuration last modified by enable_15 at 10:18:47.850 AST Wed Aug 21 2013
  ciscoasa#  
  ciscoasa# sh run asdm
  asdm image disk0:/asdm-613.bin
  asdm location internal-network1 255.255.0.0 internal

• I subscribe to the Scotsman newspaper through itunes.  The Paper is accessed through Newsstand.  According to their support I should be able to access the paper on up to five devices, but I can't open it on our second ipad.  Support at the paper can'

  I subscribe to the Scotsman newspaper through itunes.  The Paper is accessed through Newsstand.  According to their support I should be able to access the paper on up to five devices, but I can't open it on our mini ipad.  Support at the paper can't help. It does work on our other ipad.

  I click on Newsstand, then search for The Scotsman.   When I click on The Scotsman App there is no option to Download, only the OPEN box.  When I click on OPEN nothing happens.    It seems to know I'm already subscribed - it shows the subscription under In-App purchases but it doesn't open. I've also tried getting in using Featured and Purchased at the bottom of the screen, but nothing works.  Thanks for trying to help.

• Internet Access through TMG for all HO & Branch office

  Dear Experts!,
  I am new to the Forefront TMG 2010. Have requirement to implement internet access.
  Head office : 192.168.11.x/24 (192.168.11.1 is the TMG server)
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Forefront TMG 2010 standard edition.
  Having 3 NIC's two have different ISP network addresses and one has 192.168.11.1.
  Branch office are connected using MPLS network, the requirement is all branch site internet must be accessed through TMG 2010 server which is homed in Head Office. How to achieve ?
  What needs to be done in external firewall and in TMG for enabling internet access.
  Thanks!
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

  Hi Ganesh,
  Hope this helps
  1 - If you wish to give internet as Proxy to users.
  Ensure the Below subnet is able to reach TMG Internal Interface that is 192.168.11.1
  Subnet
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Configuration
  Enable Proxy in TMG and configure Proper Ports as per your requirements
  On the Client IE – Ensure you put Proxy IP as TMG and Port configured in TMG configuration.
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : Authenticated Users
  2 As normal Internet as Gateway to users
  You need to request your MPLS provider to change the Default Route of below subnet to 192.168.11.1. By doing this, all the internet request from the below subnet to internet will hit TMG.
  Subnet
  Branch Office 1: 192.168.12.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.14.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.16.x/24 Default Route 192.168.11.1
  IF you have any L3 Switch then you can also make Default gateway as L3 for all the subnet and from L3 device point it to TMG
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : All Users ( Important )
  Two ISP
  In network Rules : You need to use NAT
  You will have a Rule which NATS internal to  External
  On external - Choose which ISP interface should be used  and Apply NAT rule

• HT1329 if the music that is on the iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?

  if the music that is on an iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?

  See this support article:
  http://support.apple.com/kb/HT1848
  You can also download at least some of your content (audiobooks being a notable exception) again from the iTunes Store:
  http://support.apple.com/kb/ht2519
  For additional instructions, particularly for content not purchased from the iTunes Store, check out this user tip from TuringTest:
  https://discussions.apple.com/docs/DOC-3991
  and this page on "How-to Geek":
  http://www.howtogeek.com/104298/sync-your-ios-device-with-a-new-computer-without -losing-data/
  Regards.
  Forum Tip: Since you're new here, you've probably not discovered the Search feature available on every Communities page, but next time, it might save you time (and everyone else from having to answer the same question multiple times) if you search a couple of ways for a topic, both in the relevant forums and in the Apple Knowledge Base, before you post a question.

• Guest LDOM disk access through multiple IO domains

  Hi All,
  I am working on a configuration, wherein the boot disk to the Guest LDOM is being provided through an image file hosted on a VxVM diskgroup (vmdg1). The configuration has another copy of the same image file being provided through another VxVM diskgroup (vmdg2)l through another virtual disk service.
  let me clear the configuration a little more in detail
  A T-5240 server having 2 IO domains configured
  Primary (Control domain + IO domain + Service domain) configuration
  A VxVM diskgrop (vmdg1) having a boot image file
  Secondary (IO domain + Service domain) configuration
  A VxVM diskgroup (vmdg2) having a copy of the boot image file
  these devices are exported through their respective virtual disk services with the same mpgroup name to a guest LDOM. The vdsisk is then assigned to the guest ldom which is using the volume through the primary service.
  When the guest LDOM is started it starts with the disk export through the Primary domain. All writes happen fine. When the VxVM diskgroup is deported from the Primary the Guest LDOM still remains online as starts using the disk image path through the secondary domain.
  I then bring the VxVM diskgroup and the mounts back online on the Primary domain and deport the diskgroup from the secondary domain to see if it failsback to the image through the Primary domain. The Guest LDOM now is in a hung state and does not allow access through the local console or through network logins.
  Has anyone see such a problem? Also is it recommended to use disk based image as a backend device in mpgroups through "ldm add-vdsdev" ?
  TIA,
  Sudhir

  As far as I know then only way to "re-balance" the I/O across the domains is to unbind/bind the guests. Not a great answer, but this could be done as part of the guests patching cycle.
  I think there is an RFE to provide MPxIO-like features to guests.

• Am not able to use facebook on my Iphone 4, softwareversion:iOS7.1, also tried to access through safari and chrome that i have installed it gives an error message saying: "safari could not open the page because server stopped responding",

  Am not able to use facebook on my Iphone 4, softwareversion:iOS7.1, also tried to access through safari and chrome that i have installed it gives an error message saying: "safari could not open the page because server stopped responding", i tried network reset, reset the whole device, rebooting , changing airplane mode rebooting nothing fix the issue, but i can access other sites and google , am using Vodafone as my carrier with 2g network, when at home able to access facebook.com through wifi in safari requesting assistance thank you

  If you can access Facebook while on Wifi at home, but you are unable to access it while away running on your carrier's 2G network, I could phone your carrier.  You have already completed the Cellular Data troubleshooting for the iPhone, so any limitations keeping your from connecting to Facebook over cellular will have to be answered by your carrier.

• Error on Device Access API class/interface import

  Hi,
  I have followed https://apex.oracle.com/pls/apex/f?p=44785:141:128148408213710::::P141_PAGE_ID,P141_SECTION_ID:144,1032#prettyPhoto/1/ video tutorial to set up Java ME Embedded development environment in my Windows system and I have chosen Raspberry PI as embedded platform for ME applications.
  I thought of experimenting on Pi’s GPIO header to control a LED through a Switch. But import statement for com.oracle.deviceaccess.PeripheralConfig is giving error in NetBeans IDE and there is no Java ME library containing this interface in the ME SDK installation directory so that I can include that in project classpath to get rid of this error.
  Where can I download the JAR for Device Access API?
  Please suggest…
  Thank you.

  Thank you for your reply.
  I could successfully execute ‘blinking LED’ application on Raspberry PI, I have done this using DeviceManager class, GPIOPin interface present in device-io_1.0.jar which has come with ME SDK installation (C:\Java_ME_platform_SDK_8.0\lib).
  But https://apex.oracle.com/pls/apex/f?p=44785:141:10585690084130::::P141_PAGE_ID,P141_SECTION_ID:144,1033#prettyPhoto/2/ demonstrates the same application by using classes and interfaces present in com.oracle.deviceaccess package (for eg, com.oracle.deviceaccess.PeripheralManager, com.oracle.deviceaccess.gpio.GPIOPin) and the import on the same is not working in my IDE (compile time error).
  I have used below software installers in a Windows7 system for development environment set up:
  Java SE SDK: jdk-8u11-windows-x64.exe
  Java ME SDK: oracle-jmesdk-8-0-rr-win32-bin.exe
  NetBeans all-in-one bundle: netbeans-8.0-windows.exe
  NetBeans plugins for Java ME: oracle-jmesdk-8-0-rr-nb-plugins.zip
  I have used only above installers.Have I missed anything during development environment setup??
  Please suggest further…
  Thanks

• Printing from websites accessed through Firefox is unitelligible - just symbols, whereas fine with Safari.

  For the last week or so, whenever I try to print from a website accessed by Firefox (either to pdf or printer) the resulting pages(s) are completely unitellibible -- they look like a kind of code. I have McAfee- SitAdvisor is disabeled and Firefox has full access through the Firewall. My Windows FIrewall is turned off.
  When I use Safari for the same operations, everything prints fine.
  Please advise.
  Thanks

  I also have this problem. I believe it is caused by being connected through a proxy which is adding a second compression to the data. (I think IF uses gzip compression already).
  Added details:
  * Opera also works.
  * I can view the IF admin section on FF
  * I can view the forum if I go through a web proxy.

• When accessed from Firewall, the OSB WSDL is inserting schemalocation with HTTP port instead of HTTPS

  We have OSB service and we are able to access over firewall. Also the WSDL, Schemas etc., But when we external users access the WSDL, they are not able to get complete content i.e schemas are not imported.
  Reason is WSDL has http (<import schemaLocation="http://test.com:80/xxxxxx/Proxy/schema") with port no 80 instead of https (<import schemaLocation="https://test.com/xxxxxx/Proxy/schema") .
  Since we don't specify the complete schema location in WSDL, how does WSDL include the complete schema path? And how to change it https path instead of http?

  Namaste,
  Sorry for the delayed response.
  Yet, my one query is not answered.
  Q:Are you ABLE to get the Desired path in Endpoint URL(https) as well?
  Explanation:
  What I mean is, When the external users access the WSDL (I am assuming External Users are able to access WSDL through Firewall),
  As you have mentioned that XSD imports have HTTP instead of HTTPS, but how about the soap:address location? Even this points to HTTP instead of HTTPS?
  (Ex:
  <wsdl:service name="CaduceusSiteService">
      <wsdl:port name="site_pt" binding="tns:site_pttBinding">
          <soap:address location="https://www.test.com/test123"/>    ---> is this HTTP or HTTPS?
      </wsdl:port>
  </wsdl:service>
  BTW, did you set, HTTP Transport Configuration --> HTTPS required parameter to "YES"? (This is a prerequisite).
  We had a similar issue, where we had HTTP instead of HTTPS when WSDL accessed from Firewall.
  However, after lot of struggle, we got it worked after changing Firewall (MS TMG) settings to support for "text/xml".
  I think, it could be the same settings needed to done in your case too. Please do check the firewall settings.
  Thanks,
  Nagaraj Ganapa

• Disable Webservices access through web

  Hi All,
  In OFMW and AIA 11g ps3, how can we disable webservices access through web i.e. restrict webservice call from outside
  world using OWSM security policies?
  We dont want to use username based authentication or any other policies that is based on authentication and authorization.
  Please let me know how can we achieve this?
  Thanks in advance.

  Hi,
  I think the best way would be to block the access to services at firewall so that these services have restricted access within the network. This can be achieved only if none of the services need to be exposed over to the internet.
  Regards,
  Neeraj Sehgal