Firewall configuration between clusters

Similar Messages

• Windows 2008 R2 - IPSEC Firewall Configuration

  Hi,
  I want to open IPSEC between two servers with a firewall in between them.  Both servers are Windows 2008 R2.   I want to limit the IPSEC so that only data can flow from Intranet Server 1 to DMZ server1.  (I don't want to allow DMZ server
  to initiate data transfer to intranet)   So, this IPSEC rule is for ONE WAY traffic.
  I have asked my network team to open the following ports:
  From Server1 on intranet to Server2 in DMZ:
  UDP 500
  protocol type 50
  Protocol type 51
  However, the IPSEC connectivity is failing.  The server does not appear to be NEGOTIATING security.  To simply the configuration, I am currently only using a passphrase to authenticate the IPSEC.
  I am wondering if I have to open the same firewall ports from the DMZ to the intranet too.  Can anyone confirm if the ports must be enabled in both directions to have IPSEC work?  and if this is the case, I guess I would have to rely on the IPSEC
  policy itself to BLOCK communication from the DMZ to the Intranet.

  Hi,
  Would you please tell us that how did you configure the IPsec policy?
  Have you assigned the IPsec policy after you configured it?
  In addition, when configuring IP filters for traffic that must be secured, make sure to mirror the filters.
  More information for you:
  Windows 2008 R2 - IPSEC Firewall Configuration
  http://technet.microsoft.com/en-us/library/cc730656.aspx
  Step-by-Step Guide to Internet Protocol Security (IPSec)
  http://technet.microsoft.com/en-us/library/bb742429.aspx
  Best Regards,
  Amy

• Firewall - Configuration/GUI of the Mac OS X 10.6 / 10.7 Firewall

  First I would like to thank Apple
  for making the Mac OS X operating system.
  And thank you for the Lion update coming soon.
  We properbly all are waiting to get the
  Mac OS X 10.7 Lion update.
  I have seen the full feature list of Lion:
  http://www.apple.com/macosx/whats-new/features.html
  All the great new innovation and apps is great stuff.
  But I came to wonder about one thing though.
  The internet apps like:
  FaceTime, iCloud, iChat, AirDrop etc.
  They more or less all requires custom ports on different
  protocols to be opened and configurated.
  Even the SIP for Facetime has to be enabled etc.
  Like the FaceTime Firewall ports here:
  http://support.apple.com/kb/HT4245
  In the full feature list page of Mac OS X Lion
  there is not listed anything about the Mac OS X Lion Firewall!
  In Snow Leopard we can't configurate the Firewall with
  custom ports and protocols etc.
  Everybody refer to the Hanynet NoobProof and WaterRoof
  firewall apps. I'm using the NoobProof my self right now.
  http://www.hanynet.com
  But I think the Mac OS X Snow Leopard and Lion could do with a
  much better and way more easier firewall GUI to be able to
  configurate ports and protocols and firewall rules and even NAT.
  Isn't the Mac OS X about doing it the easy way!
  I think a Firewall in Mac OS X with only a On and Off button (more or less)
  wont cut it any longer!
  For people not knowing about Firewall its OK to have an On/Off button,
  but for the user that know about firewall, ports and protocols
  it would be great to have a button to go in an be able to configurate
  making rules and opening ports on specific protocols and doing NAT etc.
  The Mac OS X Firewall GUI created by Bryan Hill called
  "Brickhouse" and now called "Flying Buttress"
  updated last in 2005!
  (Which I could NOT get to work in Snow Leopard)
  it had a very good and easy
  to use Graphical User Interface. (GUI).
  See it here:
  http://www.securemac.com/firewallsecurityshareware.php
  Why isn't there any like that for the present Mac OS X????
  Anybody know anything that will help in that direction???
  Anybody know a nicer firewall GUI or App for
  Snow Leopard / Lion ???
  Please comment here.
  Best regards
  Jesper
  from Denmark.

  Thank you very much for responding to my thread Thomas and roam.
  Wheter it is a question to run a firewall on Mac OS X or not,
  is not my question. And thank you, but I do know the difference between a
  GUI for the Mac OS X built in firewall and a 3rd party stand alone firewall.
  If I and properbly many other Mac OS X users choose to run with a firewall,
  many of us would like to be able to configurate as WE want it to be.
  Many users have special needs that require speciel configuration of the firewall.
  There are other things than Apple network technologies you know!
  Running a firewall or not. There is Pro's and Con's on both. It's a free choise right. I respect both.
  I have 8 CPU cores and 16 threads on my Mac Pro, so I think my Mac can handle a running firewall!
  "Better safe, than sorry!" As they say "Over there".
  ;o)
  Apple has chosen to make a firewall in
  Mac OS X, then there must be a reason why it is there.
  And besides that.
  I would bet that, the more popular the
  Mac computers gets in the future and the more marketshare
  the Mac computers get over the hopeless Windows platform.
  The more hackers will be interesting in hacking the Mac OS X.
  So a firewall would be something to consider the more Apple has success.
  I think that is quite logical.
  I'm sure there is almost as many undiscovered security holes in UNIX
  as there is on the Windows platform. It is just a question of time
  before the hackers will point their weapons against the Mac OS X.
  So let me explain a bit more precise what I need…
  I'm used to configurate lots of hardware Routers with Firewalls. Doing things like creating firewall rules, opening ports on specific protocols, WAN-to-LAN and LAN-to-WAN, NAT IP redirection, enabling SIP, content filtering, wireless accesspoints with encryption and MAC Address filtering, creating VPN tunnels, setting up Remote Desktop on Windows and Mac computers for Terminal Servers etc.
  I'm also administrating FTP servers and NAS harddisks.
  All that is always being configurated in a nice intuitive user interface via my web browser. Wheter it is a Router, NAS disk etc. THATS WHAT I WANT with the Firewall in Mac OS X. An "intuitive graphical user inteface" where I easily can configurate the Mac OS X firewall or a stand-alone firewall for that matter.
  Yes I self use on my Mac Pro the Hanynet NoobProof firewall GUI right now.
  But both the Hanynet firewall GUI's are crap. Lets face it!
  They work yes! But the User Interface is NOT Mac OS X standard right!!!
  If you pair the user interfaces with standard unser interfaces of a normal end-user Gateway Router with Firewall. Like ZyXEL, NetGear etc.
  The Hanynet NoobProof don't have the feature to
  choose ports on specific protocols.
  With Apple FaceTime there are ports on both the
  TCP and UDP protocols that has to be open for communication.
  On the other side the Hanynet WaterRoof GUI
  I know that it has the features to configurate ports on specific protocols but!
  The User Interface is waaaaaaaay too complex and is anything else than intuitive!
  I can't find ether head or tale in WaterRoof GUI!!! Completely Lawsy Interface. It is SO non Mac like!
  (it needs a interface designer like myself)
  I mean, "The Mac" and Mac OS X is all about doing things the "EASY, Nice and Intuitive Way" right!
  I can't be that I'm the only one in the world that need a better and faster configuration of the Mac OS X firewall, can it?! There must be hundred thousands of other Mac OS X users with the same wish.
  I know I'm a "designer", not a "programmer".
  The only thing I program is HTML, CSS and DVD Video titles.
  So with all due respect.
  *** The question is…
  Does anybody know a Firewall GUI or stand alone firewall for Mac OS X Snow Leopard/Lion that are easier than Hanynets????????????????
  =========
  If I was an Apple employed that delt with Mac OS X security.
  I would make the Mac OS X firewall user interface different.
  Top level choise could be: ON, OFF and CUSTOM.
  So people with non knowledge of firewalls could just choose ON or OFF
  to their liking. And leaving the choise for people that would like
  to customize the firewall settings with the "Custom" button.
  And there after a nice intuitive graphical user interface
  to make all sorts of custom settings JUST like on a Gateway Router with built in firewall.
  A firewall like that could not hurt anybody could it???!!!
  It's MY Mac, I want to rule over MY firewall.
  I like the Mac OS X very much, I think it is absolutely brilliant,
  but the Firewall settings is NO GOOD for custom firewall configurations.
  Apple has to pay attention to it, the sooner the better.
  Please feel free to comment.
  Best regards
  Jesper
  Denmark.

• How to configure multiple clusters on the same machine.

  I am attempting to configure multiple clusters on the same set of machines. I have set the cluster name and multicase IP addresses to be different for each cluster. However I am still getting and error that states:
  "This indicates that there are multiple clusters on this network attempting to use overlapping network configurations."
  Is this not possible? If it is possible, is there some further way i need to tell the VMs they are part of different clusters?
  Thanks,
  Jacob

  FYI: I'm using the wrong multicast IP above. 224.0.0.1 is reserved and something else should be used. See:
  Re: UDP flood hosed my LAN?

• Windows server 2012 failover cluster error: Cluster resource 'Virtual Machine Configuration ... of type 'Virtual machine configuration in clustered role ... failed.

  I have two windows 2012 host server that are clustered using windows failover cluster feature. Each server is hosting four VMs. When migrating from Host2 to Host1, the migration failed with the following error:
  Cluster resource 'Virtual Machine Configuration SCPCSQLSRV01' of type 'Virtual Machine Configuration' in clustered role 'SCPCSQLSRV01' failed. The error code was '0x569' ('Logon failure: the user has not been granted the requested logon type at this computer.').
  When this happens, the VM that I was migrating can no longer be started even on the original host. The only remedy is to restart the host server.
  Any suggestion on resolving this problem?
  Thanks
  Ikad

  Thanks. The article referred to above gives the solution to my issue. There is a group policy that is applied to the OU where the host servers were placed. Doing gpupdate /force temporarily removes the problem. Unfortunately the NT Virtual Machine\Virtual
  Machines account is a special account that cannot be added like other accounts and granted the log on as a service right. The thread
  http://social.technet.microsoft.com/Forums/en-US/winserverhyperv/thread/d56f2eae-726e-409a-8813-670a406593e8 contains how it can be added which is by creating a group and running the command
  Net localgroup VMTest “NT Virtual Machine\Virtual Machines” /add
  to add it to a local group VMTest. VMTest is then assigned the right to log on as a service.
  Ikad

• Stream Configuration between different 11gr1 and 11gr2

  I have oracle downstream set-up between two DBs both are 11gr1, i want to upgrade my my target DB to 11gr2. I want to ask whether my streams set-up would work after this or not.
  OR
  Is it possible have streaming between two version of oracle.
  I shall be V thankful for you guidance.

  Hi,
  Yes it possible to have streams configured between 2 different versions.
  Anand

• Configuration between SAP PI and BPM in SAP PO

  Dear Experts,
  I am working on SAP PO 7.31 and want to carry out configuration between SAP PI and BPM in SAP PO. I carried the post installation
  activities in NWA i.e. CTC.
  Helplessly , I could not find any documents and notes to refer the configurations.
  Regards
  Rebecca

  AAEx configuration:
  Advanced Adapter Engine Extended (AEX) - Installation and Configuration - III
  Configuring SAP BPM and PI runtime:
  Configuring Message Processing from PI to BPM - Process Orchestration - SAP Library
  Sample BPM
  NetWeaver BPM for System-to-System Message Orchestration (Including Migration of ccBPM to NW BPM)
  Hope this helps

• ALE configuration Between HR and FI system

  Dear All,
  We have HR system on ECC6 and FI system on 4.x version,
  i have to do ALE configuration between these two systems , please guide me what bapi's , idocs and what background jobs i need to run on FI system or HR system
  please advise at the earliest.
  Regards,
  Najeeb ..

  http://searchsap.techtarget.com/general/0,295582,sid21_gci1130337,00.html
  http://help.sap.com/printdocu/core/Print46c/en/data/pdf/CABFAIS/CABFAIS.pdf

• Basic Firewall configuration

  Hello all,
  I've been using Solaris 11 Express to host a server, and no matter what I do with the firewall gui utility, it won't open the ports I want to open. It clearly retains changes I made as root, but still I get connection refusals from my clients. I noticed also when I used the firewall utility, it never seemed to accept my role password for root, it just kept asking over and over again without giving me an error. I eventually made it so I could log in as root and force changes, which is how I got it to retain the changes I wanted without getting stuck in the role/credential loop. However, like I mentioned before, it's like the changes I made aren't active somehow. I've also tried disabling the firewall entirely, which seems to make no difference. Are there any good Solaris 11 Express / Firewall configuration guides out there?
  Thanks.

  There were some bugs in the area of root being a role and the Visual Panels client (and its back end RAD). I highly recommend
  you upgrade to Solaris 11 or even better Solaris 11.1 (which was announced at Oracle OpenWorld 2012 and will be available soon).
  If you can still reproduce this behaviour there we can investigate fixing it. Solaris 11 Express is no longer a supported release.

• Conferencing between clusters

  need some haelp have 2 cucm clusters a 6.1.5 and a 9.1.1 have 40 sites on new cluster 100 on old cluster they all work fine for dn pstn etc.
  we have ict trunks in between as part of the migration to new cluster if we conference on either cluster that is phones on new or old cluster that all works fine but when we conference between clusters it dosent work dial plan si sine as far as we can see just wondering if anyone knows how cross cluter conferencing works i have involved tac and they said on the ict enable mtp which i did and reset the trunks still dosent work.....
  Any ideas ???????????
  MRGL and MRG are sufficent on each cluster

  Yes, it does work, it comes down really to MRG/MRGL on all devices that require it.
  No special config, it will work the same as if this was a PSTN call. Same logic applies.
  HTH
  java
  if this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Copy configuration between company codes tool

  Hi,
  I would like to know if we can copy configuration between company codes?  If yes, how do we do that?  I know there are some third party tools available, but couldnt recollect now.  Any guesses? 
  Thanks,
  Abdul

  Since it are more than 200 customers, a manual operation isn't very efficient.
  As I understand, no standard SAP programs exist to copy multiple customers from 1 company code to another. A new CATT will have to be created.
  Does anyone have this kind of program, otherwise I will create it from scratch.
  Thanks in advance.
  Best regards,
  Danny

• Replication between clusters

  I've seen the code examples for replication between clusters, while in my view, that's really should be a feature provided by coherence. Customers always feel amazing that have to be done by coding:( . Does coherence have any plan to provide that feature?
  thanks,
  michael

  Have a look at the new incubator area: http://coherence.oracle.com/display/INCUBATOR/Home
  Regards, Paul

• How to Configure the Clustering in WL  6.0

  Describe the procedure of How to configure the Clustering in Weblogic-6.0 with all Possibilities.
            

  Please define the universe in ten words or less and provide three examples.
            Do you have any more-specific questions?
            Peace,
            Cameron Purdy
            Tangosol Inc.
            << Tangosol Server: How Weblogic applications are customized >>
            << Download now from http://www.tangosol.com/download.jsp >>
            "Ramanathithan" <[email protected]> wrote in message
            news:3b8c2387$[email protected]..
            > Describe the procedure of How to configure the Clustering in Weblogic-6.0
            with all Possibilities.
            

• ODI 10g configuration between Hyperion 9.3

  Hi,
  I have to pull the data from Hyperion Essbase, planning via ODI 10g.Please help me out how to configure between Hyperion and ODI 10g.
  If you have notes please send to my id [email protected]
  Thank You,
  Prasad

  Have a read of my blog as I have covered the steps - http://john-goodwin.blogspot.co.uk/2008/12/odi-series-extracting-data-from-essbase.html
  Cheers
  John
  http://john-goodwin.blogspot.com/

• B2B with Firewall configuration for Outgoing messages

  Hi,
  We have put B2B midtier within Intranet. We have firewall configuration for our network.
  When B2B sends the business message to remote trading partner.The connection first hits the firewall. Inorder to pass through the firewall what ports do we need to open on firewall ..?
  Any suggestions..?
  Thakls

  Hello Praveen,
  Please use B2B in the rever proxy configuration with OHS. Pleae refer to 5.5 Configuring Reverse Proxies and Load Balancers in the Oracle® HTTP Server Administrator's Guide 10g Release 2 (10.1.2)
  In tip.properties pleae give proxy host and port (10.60.15.24 and port 4085) and restart the B2B server and follow above document for configuring OHS in reverse proxy mode by changing the http.conf
  Please let me know.
  Rgds,Ramesh