Firewall and security
Hello All,
I have a basic question
"The requirement is such that we need to create a portal for our vendors to access and we still want that all our vendors (no matter how trusted they may be ) not to access our systems that are inside the firewall."
Is this possible in EP or how does EP support/address this??can any one send me the architecture diagram and an explanation for the same.
Thanks and Regards
Pradeep Bhojak
Hi Pradeep,
SAP's EP is designed to work with in a variety of firewall/DMZ configurations. With out knowing your specific network architecture, it would be had to say how it would best fit your environment. I suggest you download the portal master guide and security guide from service marketplace.
http://service.sap.com/nw-ep On the navigation panel, select Portal > Media Library > Documentation & More > EP6 SP2 (or your portal version) > Fundamentals.
This guides give insight into the portal architecture and how it will work in your environment.
Thanks,
John
Similar Messages
-
Nvidia Firewall and Secure Sites
Dear All,
I am hoping someone can help me.... I have Googled for answers and searched this board but not found answers!
One reason I bought my Neo Platinum was for the hardware firewall, which on the whole seems to be great... apart from the fact I cannot connect to my online bank when any setting other than OFF is enabled. Basically my browser hangs and times out.
I have read that a number of other people have this problem and also a number of people DON'T have this problem! Sites which I cannot access include:
www.postbank.nl
www.americanexpress.com
www.nettavisen.no
I have tried copying the OFF profile with the view to enabling things systematically to discover which setting prevents the site from loading, but even a copy of OFF doesn't load anything...
After my last Google, I downloaded the Beta 6.11 with the updated Firewall, which adds application control, and set rules for my Java plug-in as others thought that it was due to this, but despite having the same settings as others I still can't access the sites listed above.
I also used the wizards to allow secure HTTP traffic, but that hasn't solved my problem!
Please, if you can access these sites with Nvidia's Firewall switched on, would you post details of your Nvidia Firewall settings so that I can check mine?!
Failing that, if you could post any links that may help me I would be very grateful... I cannot find very much information regarding the Firewall on t'internet.... Other than the Administrators Guide .pdf document....
Many Thanks,
fMThanks Shanks!
Have looked at that, and read through the admin user guide, but most of it means nothing to me!
I want someone to tell me... I'm too lazy, I know
To anyone else having this problem.... I think the answer is to open Port 443 (an absolute requirement in order to use Secure Sockets Layer (SSL) I will check later and post back....)
fM -
I can't get the IOS 5 to work for windows Vista. I'm running kaspersky pure 2.0, windows firewall and windows defender. I have turned them all off, I then attach my Ipod 4th gen and I get the "cannot connect to itunes update server". I ran diagnostics in itunes and it tells me I dont have a internet connection. I'm on the internet right now, and I DO have a internet connection, but it tells me Itunes says otherwise. I'm able to send this message on the same pc with internet connection but keep running into this error. I have now read discussiong boards through apple and disabled all my firewalls, still no luck. I was able to update the lates version of itunes, and just waiting to get my ipod updated now, please help me.
On the computer you should be able to go to the network properites. Go to the TCP part and unchec the line that says obtaind DNS automatically and check the one that says use the following. Add the 8.8.8.8 and Google other 8.8.4.4.
For more info see:
https://developers.google.com/speed/public-dns/ -
Unable to configure Outlook with ASA firewall and IWSVA
Dear Sir,
We are unable to configure MS outlook in our network which is having IWSVA proxy and cisco ASA 5510 firewall.
snapshot of outlook error details are attached for your reference.
In our network L3 is behind IWSVA which is behind cisco ASA 5510.
when we change following NAt rule and ACL incoming rule it works fine
nat (inside,outside) source static any interface unidirectional
nat (inside,outside) source static obj_Proxy interface unidirectional
access-list 100 extended permit ip any any
access-list inside_access_in extended permit ip object-group Proxy_Server any
all required ports are allowed in IWSVA also please tell me if we have to make any changes in IWSVA like mapping ports etc.
Thanks in advance
Regards:
Anand Singh DhouniHello Anand,
I already replied to you on the other post, Please mark this as answered so we can focus on one ticket and avoid duplicates.
For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
Any question contact me at [email protected]
Cheers,
Julio Carvajal Segura -
I get a message that my network connection has timed out while trying to update my iPhone on iTunes. Has anyone else had that problem and if so what solutions have you found? I was told to turn off my firewall and/or virus protection while updating but am nervous about doing that for obvious reasons. I'm also disgusted with Apple not providing free tech support.
See this article about the ports that have to be open during the update process. iTunes has to contact Apple during the download. iTunes for Windows: Troubleshooting security software issues
-
Mail Delivery System Errors and Securing/Protecting agains spam
Good morning all.
This morning I started recieving these:
From: Mail Delivery System <[email protected]>
Subject: [It] Postfix SMTP server: errors from imr-mb02.mx.aol.com[64.12.207.163]
Date: November 18, 2011 8:51:23 AM EST
To: Postmaster <[email protected]>
Transcript of session follows.
Out: 220 mail.cotaoil.com ESMTP Postfix
In: EHLO imr-mb02.mx.aol.com
Out: 250-mail.cotaoil.com
Out: 250-PIPELINING
Out: 250-SIZE
Out: 250-VRFY
Out: 250-ETRN
Out: 250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI
Out: 250-AUTH=LOGIN PLAIN CRAM-MD5 GSSAPI
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: MAIL From:<[email protected]> SIZE=3485
Out: 250 2.1.0 Ok
In: RCPT To:<[email protected]> ORCPT=rfc822;[email protected]
Out: 451 4.3.5 Server configuration error
In: DATA
Out: 554 5.5.1 Error: no valid recipients
In: RSET
Out: 250 2.0.0 Ok
In: QUIT
Out: 221 2.0.0 Bye
How this started:
Over the past couple of days to approx a week, I have seen a massive influx of Spam on our server. Spam coming in on random ex employee names that no longer work for the company.
Previous to the spam, I turned on "forward un-deliverable mail to" and set to me. The CEO was missing emails because people were not spelling his name correctly. I have actually been able tyo catch a lot of employee emails some important, others not.
In trying to make the mail server more secure, one of the features I tried to turn on was SMTP Client Restrictions, Which broke SMTP for my users. Obviously the error is mine and I need to do more research, but love some feedback on what needs to be set on the server and clients for SMTP client restrictions to work.
I know THE HOFF (mr hoffman) had information at some point to help users secure postfix, can anyone point me in the right direction, as well as any tips here on how to stop the influx of spam?
pstconf -n is here:
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
header_checks = pcre:/etc/postfix/custom_header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mail_owner = _postfix
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maximal_queue_lifetime = 2d
message_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost, mail.cotaoil.com, cotaoil.com, $mydomain
mydomain = mail.cotaoil.com
mydomain_fallback = localhost
myhostname = mail.cotaoil.com
mynetworks = 127.0.0.0/8,192.1.1.10,192.1.1.11
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/imap/dovecot/mail
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_sasl_password_maps =
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated hash:/etc/postfix/smtpdreject cidr:/etc/postfix/smtpdreject.cidr reject_rbl_client zen.spamhaus.org permit
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unknown_recipient_domain reject_unknown_sender_domain reject_invalid_hostname reject_unauth_destination check_policy_service unix:private/policy permit
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.cha in.pem
smtpd_tls_cert_file = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.cer t.pem
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.key .pem
smtpd_tls_loglevel = 0
smtpd_use_pw_server = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
mail:~ administrator$I am not certain what you mean by immediately removing the 192.1.1.10 and 192.1.1.11, AIX servers that I use to relay admin emails to an IT address here. Some sort of a gateway implemented on a pair of IBM boxes, I might presume.
192.1.1.0/24 is in a public address space that you don't have assigned (unless you're BBN). If that IP routing leaks out, then some folks can get cranky. Or should you eventially need to contact hosts within the address space of the "real" occupants of 192.1.1.0/24, routing won't necessarilt play nice. There may well be a static IP route here, depending on the details of the router configuration, as otherwise that IP traffic would be going to BBN and not to those servers. The Internet works because folks play by the rules, when working with IP routing and DNS services. And if your predecessor used this address space (and not the likely 192.168.0.0/16 block), I'd look around to see if there were other unusual network configuration choices.
TCP port 25 is the server-to-server mail port. That's the main connection used among mail servers. Blocking that has the effect that you've discovered.
It's the clients that can also use that port that need to be relocated off the port, as the clients don't have the reverse DNS and related tests that would allow them access to that port, with various common server security configurations.
Open TCP 587 at the firewall and ensure that this port is active at the mail server host, as a starting point. You can test that with (among other tools) with a remote "telnet your.mail.server.host.name 587" command or similar; that's a primitive (but effective) (common) port test.
With the Apple Mail client, make sure the SMTP server is configured to use the default SMTP ports. Mail > Preferences > Account > Account Information > Edit SMTP Server > select the target SMTP server > Advanced > select "use the default ports (25, 465, 587)" and consider using SSL and authentication. (Apple Mail tries a few ports automatically, so the set-up can be different than other clients.)
I don't have enough space here for a full write-up on how mail or IP works, and setting up an arbitrary mail client or an IP network can be an adventure; I assumed the Apple mail client in the above. See the user collaboration services disscussion of mail services in the Mac OS X Server Advanced Administration manual as some background. (And if this stuff all looks a little cryptic, that's understandable, and you might want to consider getting some set-up help or consider moving to hosted mail services and making this stuff somebody else's problem.) -
Could anyone run through what I need to do to make sure my Firewall is secure through my network router (I can't seem to tell how to find out on here) and if the computer's Firewall is active as well? I'm not sure if my network is secure and would like to figure out how to find out and do so if need be.
Thank youYour router's built-in firewall is controlled by accessing the router. Consult the router's user guide to find out how to access the router's control software. If you have an Apple router use Airport Utility in your Utilities folder.
Most all routers' firewalls are on by default so there is nothing you need do unless you wish to disable it. The OS X firewall is off by default. It is enabled through the Security preference pane. Since your router already has a firewall active there's no need to activate the OS X firewall unless you are particularly paranoid. In which case you can download and install the third-party utility, Little Snitch, to monitor your network traffic - VersionTracker or MacUpdate.
If you have a wireless network as well, then be sure you enable WPA2 security in your router. Again, the router's user guide will have information on how to enable security. For Apple routers use Airport Utility Help from the Airport Utility's Help menu and search for "security" or "wpa."
Being set behind a hardware router should provide all the protection you would require other than from email spam and internet browsing. Unfortunately there isn't much one can do about that. -
After installing the new update for Firefox 3.6, no matter what I do, I cannot connect to the internet using Firefox. I can get on the internet using my other browsers (Google Chrome and Internet Explorer), so Firefox is the only one that doesn't work. I have already checked my firewall and have added and removed Firefox from my firewall to no avail. I've also already uninstalled and reinstalled Firefox, but so far it hasn't helped.
I have already tried removing firefox from my firewall. Even when I do that, my firewall doesn't detect firefox and prompt me to add it. And when I manually add it, it still doesn't work anyways. I've already tried the link as well, but it has been unhelpful. :/
I'm not sure if it matters, but a few weeks before this, I did download Microsoft Security Essentials. -
i try to restore ipad to ios 7.0.4 but the tunes show error ,the ipad could not be restore because the firmware file was corrupt, i have the latest update from itunes and windows and i turn off antivirus and firewall and the error is the same , what i do?, my ipad is show apple logo
please what i doHello JD_NINJA,
Thanks for using Apple Support Communities.
Error 9006 when restoring your iOS device indicates that there is security software on your computer which is preventing connection to the Apple server or your device. To troubleshoot this issue please follow the directions below.
Check your security software
Related errors: 2, 4, 6, 9, 1611, 9006. Sometimes security software can stop your device from communicating with either the Apple update server or with your device.
Check your security software and settings to make sure that they aren't blocking a connection to the Apple servers.
Get help with iOS update and restore errors - Apple Support
When restoring your iPhone, please make sure to follow the directions in the link below to properly restore.
Restore your device from an iCloud or iTunes backup - Apple Support
Take care,
Alex H. -
iso5 download error, network timed out, how do i stop this, all of my firewalls and security on my pc are currently swiched off but this still didnt help>
trid multiple times over the last few weeks, after waiting 45 minutes for the download to comlete the network times out whilst processing the downloadThe router is in your house.
In a nutshell, a modem communicates with the Internet and brings a single communications link to your house, The router takes that single link and divides it up among many links, both wired and wireless, to support many devices in your house. The router and the modem may be separate physical boxes or, more commonly, they're in the same enclosure.
Unfortunately, if there is a firewall in the router, you will need help. I don't think that it's a good idea to try to walk you through it via the forum. You should contact the router supplier and have them walk you through the investigation. -
dear all i have facing promblem when i download ios 6 in itune, as well as in ipad, when i start download after some time or after 200 to 300mb it stop, and a error msg shown , i have talked to apple india cutomer care and after that i disabled my window firewall, and as well as my antivirius and i also disabled my modem firewall but after that still i m unable to update my new ipad with ios 6
There is nothing in that other thread that clarifies what you did about Error 3014
Here is the description of that error:
Error 1004, 1013, 1638, 3014, 3194: These errors may be the result of the connection to gs.apple.com being redirected or blocked. Follow these steps to resolve these errors:
Install the latest version of iTunes.
Check security software. Ensure that communication to gs.apple.com is allowed. Follow this article for assistance with security software. iTunes for Windows: Troubleshooting security software issues.
Check the hosts file. The restore will fail if there is an active entry to redirect gs.apple.com. Follow iTunes: Advanced iTunes Store troubleshooting to edit the hosts file or revert to a default hosts file. See section "Blocked by configuration: (Mac OS X/Windows) > Rebuild network information".
Try to restore from another known-good computer and network.
If the errors persist on another computer, the device may need service. -
Setup and Security of XP Mode in Windows 7 SP1
I purchased my new ThinkPad W530 with Windows 7 SP1 and XP Mode factory installed to allow use of some "legacy" programs. Presumably the first thing I have to do (if I can figure out how to get XP activated) is to download all the updates before extended support ends in April. Reading the accompanying Lenovo documentation, I see the statement, "Note: For secuirty reasons, you should run a version of the antivirus program and firewall that you use with your Windows 7 operating systems." (I presume they mean inside the virtual machine.)
Has anyone satisfactorily accomplished this? Does it mean I have to install (for example) MSE in the virtual copy of XP, somehow keep it updated as well, and, of course, turn on the Windows XP SP3 firewall (and/or purchase and install another copy of, for example, W78C)? Will such installations and settings persist from session to session of XP Mode, or do they have to be renewed at every new session? Similarly with Windows Updates -- do they persist through a shutdown once installed?
Once XP support ceases, I suppose the only safe thing to do is shut off Internet access to XP entierely through its built-in firewall. Does that agree with prevailing wisdom?
Any experience or suggestions would be most welcome! -- JCW2Nobody has answered your questions, so I'll give it a shot, but I emphasize I'm not any kind of expert.
Here's how I set up Windows 7 Virtual PC XP Mode:
1) Both the XP Mode and Virtual PC install packages are available on the download.microsoft.com web site and can be installed once your PC has passed the "Genuine Windows" test, so it's convenient to visit that website with Microsoft's Internet Explorer--an ActiveX control will be used.
2) The Windows XP Mode is installed first, then the Virtual PC "Update" (.msu) package. I think a reboot was necessary the last time I did it.
3) Once rebooted, use the "Windows Virtual PC"-->"Windows XP Mode" shortcut to start the process rolling. You don't need to be logged into an admistrative account to do this--use your regular login account--since the Windows Virtual PC machines are set up for each individual user of your machine.
4) You will be asked various questions, such as to set a password for XP Mode--make sure you tick the option to store the password, and later to enable automatic Windows Updates. Depending on the speed of your PC, the complete setup might take 5-10 minutes.
5) Finally, the window opens to the complete XP desktop, and the first thing to do is to start the MSIE 6.0 browser using the "Windows Update" shortcut in the Start Menu. The browser will ask for permission to install various bits and pieces of the Windows Update program, and eventually get you to a web page that offers a choice of Automatic or Custom updates. I always choose Custom, since I don't want extra programs like Bing Bar or Windows Live Blog/Video/Picture editors. I do install "Windows Search 4.0" for easy searches in the virtual XP machine.
N.B. If you install a program in Windows XP mode that registers itself as the default program for particular file types, these choices will often be transferred to the host Windows system! So you have to be really careful when installing e.g. an old version of Microsoft Office in Windows XP mode, since you may then find that opening an Office document in Windows 7 suddenly starts up the program version installed in the virtual XP Mode. You can correct these missteps in the Windows 7 Control Panel's "Default Programs" area.
6) Using the Windows Update website displayed in the browser choose and install all the updates you want--I install everything except the optional standalone programs like the ones I mentioned earlier.
7) You'll need to go through 2 or 3 reboot cycles of the virtual XP machine to get all the updates. I also switch to the "Microsoft Update" web site choice given on the "Windows Update" website in order to obtain the maximum number of critical and optional updates. make sure the XP system's "System Restore" feature is enabled!
8) Install all the other programs you want in the virtual XP machine and their updates.
9) At this point, I shutdown the XP machine entirely via the "Ctrl+Alt+Del" menu point of the XP Mode window and choosing "Shutdown" in the XP dialog--remember that XP Mode is configured to hibernate when the close button is used on the XP Mode enclosing window.
10) Each time before I make major changes in the virtual XP machine I go via the Windows 7 Start Menu into the Settings of the Windows XP Mode machine (i.e. "Windows Virtual PC"-->"Windows Virtual PC" and enable "Undo Disks". This setting is useful when you recognize that something has gone wrong/mis-configured in the XP Mode and you want to completely drop the changes. After the major changes are shown to work, use the "Apply changes" choice in the Undo Disk settings panel. I keep the Undo Disk always enabled in any case.
Windows XP mode security (set in the Settings panel of the XP Mode machine):
1) if you are not going to use any Internet connection from programs running in the virtual XP, set the Networking to "Internal Network" or "Not Connected" except when updating the machine.
2) if read/write access to the local disks of the Windows 7 host system is not really required from the XP machine, disable it in the "Integration Features" panel.
3) Microsoft Security Essentials has steadily lost ground in its detection rates of malware activity over the last 2 years, eventhough it is very efficient in use of system resources. One of the lighter weight free anti-malware XP compatible products that keep a local off-line signature database and monitor system activity (e.g. Avira or AVG) will probably keep the XP virtual machine healthy.
4) If you use Internet via the XP machine, you should have good current anti-malware-behavior software installed on the host Windows 7 machine, so that anything that "jumps the gap" from XP to the host is caught--XP is still a relatively greater security risk.
Anyway, that is roughly how I set up Windows XP Mode. -
Configuring Airptort Extreme for Optimum Speed and security 802.11n
Hello,
I am running a Airport Extreme 802.11n with a Macbook Pro Core 2Duo, I would like to configure the Airport Extreme to run in the fastest and most secure mode.
Since I plan on only running .N devices I do not need backwards compatibility with other wireless device.
What advanced settings can I make to the Airport in order to achieve the best wireless transfer rates and security (including firewall security)
Thank you so much in advance!
-NoahThanks so much for the response.
In terms of the firewall test I was running it from
my Macbook Pro core duo 2 via Wireless 5ghz 802.11N
Airport Extreme connection, I ran the firewall test
from the grc.com Guards up firewall test (Test all
ports) it showed that my system was not fully
stealthed and responded to pings. I am trying to
figure out how to best secure my network, I currently
have WPA2 with 25character letters and numbers set on
the router, as well as having my MacbookPro firewall
set to on.
Any suggestions for this setup?
Thanks again!
Get an even better 63-character WPA "strong" passcode (Maximum WPA Security is 63 characters/504 bits)). See these sites for generating one:
http://www.yellowpipe.com/yis/tools/WPA_key/generator.php
http://www.speedguide.net/wlan_key.php -
Temporary turn off firewall and antiviruz
Can someone help how to turn off the firewall and antivirus temporarily to update my ipad2 to ios 5?
You will need to say what antivirus and firewall software that you are using e.g. Norton, McAfee, Kaspersky, Microsoft Security Essentials etc - hopefully there will be somebody on here who uses the same program and will know how to temporarily turn them off
-
Difference between Firewall and Router
I can do VPN remote access configuration by using cisco firewall also I can do it using the cisco router by using the SDM program so what is the benefits from using the firewall or all of them are the same?
I mean it's recommended to use the firewill? if yes, why ?Answer-
1) WE can make Security-Level on Firewall,but router can't
2) We can make firewall in multiple context(Virtual Firewall) but router can't
3) We can create SSL VPN on Firewall,but router can't
4) Whenever a packet inspected by Firewall and another packet comes with same contents then firewall didn't check that packet,
but router checks all packets.(show connections)
5) Firewall works as L2 and L3 both, but router only on L3.
6) Firewall inspects packets on L3 to L7 but router works on L3.
7) Firewall have Failover,router can't
8) Whenever we take trace,then firewall cannot comes on picture,but router always shows as a Hop Count.
Maybe you are looking for
-
How to get field data using a formula
I have a table with fields 'pension contribution' and 'current year'.The first field stores a single record for a given year.Say if 'current year' is 2014 'pension contribution' is 7% and so on. I wanted to get a result by providing a certain year fr
-
hello all, we have a problem with sources coming from visual c++, i can reproduce the problem with the small code: $ cat test.cc #include <math.h> int main() double kk; int j11; j11=4; kk=pow(2,j11); $ CC test.cc "test.cc", line 8: Error: Overloading
-
Hi. how could I display message in status bar but without status. I mean i want to use warmning but without termination and without need to press for example 'Enter' to execute another comment. I need something which works like message "s" - status b
-
I have a mid-2012 MacBook Pro with a 2.3 GHz with an i7 Intel processor and 8GB of RAM running OX 10.9.4. I seem to be running up against the 8GB memory limit a lot of the time, despite making sure I don't have many applications opened (and checking
-
Restoring a Library "Damaged" by iTunes 7.5
I installed 7.5 only to have my current library labeled "Damaged". I have tried to rebuild/restore the library as per Support's proceedure but to no avail. Anyone have any ideas as to how to restore a damaged library that wasn't damaged before 7.5 go