Firewall Configuration for Leopoard 10.5.2

Similar Messages

• B2B with Firewall configuration for Outgoing messages

  Hi,
  We have put B2B midtier within Intranet. We have firewall configuration for our network.
  When B2B sends the business message to remote trading partner.The connection first hits the firewall. Inorder to pass through the firewall what ports do we need to open on firewall ..?
  Any suggestions..?
  Thakls

  Hello Praveen,
  Please use B2B in the rever proxy configuration with OHS. Pleae refer to 5.5 Configuring Reverse Proxies and Load Balancers in the Oracle® HTTP Server Administrator's Guide 10g Release 2 (10.1.2)
  In tip.properties pleae give proxy host and port (10.60.15.24 and port 4085) and restart the B2B server and follow above document for configuring OHS in reverse proxy mode by changing the http.conf
  Please let me know.
  Rgds,Ramesh

• Ftp - ftpd and firewall configuration for passive connections

  I set up ftpd on my imac. Connecting and logging on work ok, but when I try to get a directory listing or xfer or send multiple commands it always locks up, i get a message "421 Service not available, remote server timed out. Connection closed" and I see that the ftpd process for that connection has terminated.
  Turning the firewall completely off allows ftpd to work correctly, but I was under the impression that if I check the "FTP Access" box under services, the firewall should CORRECTLY self-configure to allow connections to ftpd. Opening ports 1024-65535 guarantees that ftpd will work with a client's passive connection, but is there a better way?
  I tried opening 20 for the data connection and 21 for control, but unless I tell everyone to use an active connection, there is still a long wait before most ftp clients notice that passive isn't working and switch to an active connection, so I would like to avoid that also.

  Hi, we use FTPd (with Pure FTPd Manager) on our internal server here. While I'm not a complete expert, I do know that we were able to get passive FTP working only after we got this setup properly.
  The main reason we got this was for it's ability to set a default port range for passive FTP to work on. In Pure FTPd Manager, you go to Preferences/Settings and you will see the area to input your passive port range (we use 51000-51100).
  Then you just need to forward those ports (on a router) to your FTP server, and/or open those ports on your server firewall.
  It sounds like you already have ports 20-21 setup.
  Hope this helps!
  G5 Dual 2Ghz   Mac OS X (10.4)   1.5GB RAM

• Security/Firewall recommendations for DirectAccess 2012 (Dual-NIC Edge Configuration)

  Hello all,
  We have installed and configured DirectAccess 2012 with the Edge Configuration with the thought that we would be able to install TMG directly on this server (as we did with the original 2008 DirectAccess/UAG). It appears that we cannot install TMG on Server
  2012 R2, so now we have a server directly connected to the outside world with public IP's assigned to it and no firewall other than Windows Firewall. I know that most organizations choose to configure DirectAccess behind an Edge device (hindsight being perfect,
  we should have as well) however we did not and it appears that we can't easily change this without completely reconfiguring DirectAccess (which took several days to get it right).
  So my question: What are the security/firewall recommendations for a DirectAccess server in an Edge scenario? I've Googled this and have not found much. Thanks in advance,
  Brad
  -Brad

  Its always good to have a Firewall infront of a domain joined machine and of course DA Server is not an exception.
  Server 2012 can work behind a Firewall with NAT functionality enabled or disabled.
  if you have a fully functional DA with EDGE profile enabled, still you can configue any firewall(without NATing functionality) without changing the configuration settings in DA.
  Also you can have TMG protecting your existing DA setup. Below is the link for it.
  http://www.isaserver.org/articles-tutorials/general/implementing-windows-server-2012-directaccess-behind-forefront-tmg-part1.html
  Please let me know, how it goes.

• Optimal configuration for Cisco E3000 Router

  Hi All,
  Following are the details of my current home network setup, I would like to hear more recommendations and drawbacks of this setup.
  ISP has provided with a Cisco  DPC3825 DOCSIS 3.0 Gateway which has 4 Ethernet ports and a wireless networking but only 2.4 GHz.. This router is connected to the cable CPE box to internet. I have enabled the Firewall features of this router and disabled the Wireless network. This has also the DHCP server running. 
  The Second router is a Cisco E3000 which supports 2.4 GHz / GHz wireless networking. Connection to gateway is made via the 1st Ethernet port of gateway and then to the Internet port of E3000 router. I have connected my wireless devices to E3000 with GHz wifi lan. This router also has the firewall activated and DHCP server running as well.
  Both routers have WEP2 Personal / AES security configured. Currently these two devices are on two different IP ranges ..etc gateway is 192.168.0.1 and e3000 is 192.168.1.1.
  The E3000 is primarily configured for my online video for TV (Panasonic Vireacast). Please let me know if this is the best configuration or any other possible options.
  Thanks,
  RG

  This configuration is called LAN to WAN configuration and this is the best configuration considering that you want to behave both the router as a router.
  Because the other confiuration would be LAN to LAN then you can only use 1 router as a router and 2nd router as a switch.
  http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&docid=529c188bc0ee4f7da79ffc22f2be33ec_4579.xml&pid=80&r...
  The first configuration in the article is is LAN to LAN, scroll down the window for LAN to WAN configuration.

• Basic Firewall configuration

  Hello all,
  I've been using Solaris 11 Express to host a server, and no matter what I do with the firewall gui utility, it won't open the ports I want to open. It clearly retains changes I made as root, but still I get connection refusals from my clients. I noticed also when I used the firewall utility, it never seemed to accept my role password for root, it just kept asking over and over again without giving me an error. I eventually made it so I could log in as root and force changes, which is how I got it to retain the changes I wanted without getting stuck in the role/credential loop. However, like I mentioned before, it's like the changes I made aren't active somehow. I've also tried disabling the firewall entirely, which seems to make no difference. Are there any good Solaris 11 Express / Firewall configuration guides out there?
  Thanks.

  There were some bugs in the area of root being a role and the Visual Panels client (and its back end RAD). I highly recommend
  you upgrade to Solaris 11 or even better Solaris 11.1 (which was announced at Oracle OpenWorld 2012 and will be available soon).
  If you can still reproduce this behaviour there we can investigate fixing it. Solaris 11 Express is no longer a supported release.

• LAN side firewall settings for Direct Access (Windows Server 2012 R2) in DMZ?

  I am currently planning to set up our first Direct Access server (Windows Server 2012 R2). I will be in our firewall DMZ and we will be using the IP-HTTPS listener.
  For the Internet facing rule only TCP 443 inbound/outbound is sufficient but for the LAN facing rules (not talking about the Windows server firewall) what would be the recommended firewall rules for a Direct Access server? Is there a best practice guideline
  to follow for this? Appreciate any advice or comments. Thank you.

  Hi Barkley
  Please see this Technet Link which will backup your requirements - https://technet.microsoft.com/en-gb/library/jj574101.aspx
  Section Reads - 
  When using additional firewalls, apply the following internal network firewall exceptions for Remote Access traffic:
  ISATAP—Protocol 41 inbound and outbound
  TCP/UDP for all IPv4/IPv6 traffic
  Also another link from http://www.ironnetworks.com/blog/directaccess-network-deployment-scenarios#.VO3tfvmsVrU
  "I have had a number of conversations with security administrators and network architects who have expressed a desire to place the DirectAccess server between two firewalls (firewall sandwich) in order to explicitly control access from the DirectAccess
  server to the internal corporate network. While at first this may sound like a sensible solution, it is often quite problematic and, in my opinion, does little to improve the overall security of the solution. Restricting network access from the DirectAccess
  server to the internal LAN requires so many ports to be opened on the inside firewall that the benefit of having the firewall is greatly diminished. Placing the DirectAccess server’s internal network interface on the LAN unrestricted is the best configuration
  in terms of supportability and provides the best user experience."
  Kindest Regards
  John Davies
  Thank for your reply and information John. I find it somewhat disappointing that Microsoft does not provide much more in the way of documentation and information regarding this topic. I required more information to show to our security team so they will allow
  us to have the internal facing NIC not have more restrictive rules in place as it is a security concern.

• SNC with SAPRouter configuration for Third party company

  Hi expers,
  Need your advise for my below scenario.
  We are running SAP on IBM i. My question is about outside world connectivity with encryption mechanism to SAP AS.
  As of now , we are not using SNC either for internal / external network connectivity with SAP apps server. But we are going to allow third party company to connect for one of the payment processing takes place. Since the third party company not accepting VPN connectivity, we are planning to implement Separate SAPRouter configured with SNC, (encryption option), and open the firewall port for them. How much secured it is ? we are in the process of installaing and configuring windows server for SNC & SAPRouter installation. What are all the required configuration in  SAP Application server level & new SNC server, for this ? How exactly SAPGui ( from third party company) to SAP Apps Server will go through the traffic ? Need experts advise on this ?
  Basically I want to make sure, once it is configured, trafic will go through encrypted way outside of our network.  Thanks in advance for all your valuable  reply !

  Hi mgrant,
  The information at the bottem of the article in in Keith_Beddoe's personal website may help. Link: Using your own router for Infinity
  The MTU Size needs to be set as 1492
  Cheers
  jac_95 | BT.com Help Site | BT Service Status
  Someone Solved Your Question?
  Please let other members know by clicking on ’Mark as Accepted Solution’
  Try a Search
  See if someone in the community had the same problem and how they got it resolved.

• Windows 2008 R2 - IPSEC Firewall Configuration

  Hi,
  I want to open IPSEC between two servers with a firewall in between them.  Both servers are Windows 2008 R2.   I want to limit the IPSEC so that only data can flow from Intranet Server 1 to DMZ server1.  (I don't want to allow DMZ server
  to initiate data transfer to intranet)   So, this IPSEC rule is for ONE WAY traffic.
  I have asked my network team to open the following ports:
  From Server1 on intranet to Server2 in DMZ:
  UDP 500
  protocol type 50
  Protocol type 51
  However, the IPSEC connectivity is failing.  The server does not appear to be NEGOTIATING security.  To simply the configuration, I am currently only using a passphrase to authenticate the IPSEC.
  I am wondering if I have to open the same firewall ports from the DMZ to the intranet too.  Can anyone confirm if the ports must be enabled in both directions to have IPSEC work?  and if this is the case, I guess I would have to rely on the IPSEC
  policy itself to BLOCK communication from the DMZ to the Intranet.

  Hi,
  Would you please tell us that how did you configure the IPsec policy?
  Have you assigned the IPsec policy after you configured it?
  In addition, when configuring IP filters for traffic that must be secured, make sure to mirror the filters.
  More information for you:
  Windows 2008 R2 - IPSEC Firewall Configuration
  http://technet.microsoft.com/en-us/library/cc730656.aspx
  Step-by-Step Guide to Internet Protocol Security (IPSec)
  http://technet.microsoft.com/en-us/library/bb742429.aspx
  Best Regards,
  Amy

• Firewall - Configuration/GUI of the Mac OS X 10.6 / 10.7 Firewall

  First I would like to thank Apple
  for making the Mac OS X operating system.
  And thank you for the Lion update coming soon.
  We properbly all are waiting to get the
  Mac OS X 10.7 Lion update.
  I have seen the full feature list of Lion:
  http://www.apple.com/macosx/whats-new/features.html
  All the great new innovation and apps is great stuff.
  But I came to wonder about one thing though.
  The internet apps like:
  FaceTime, iCloud, iChat, AirDrop etc.
  They more or less all requires custom ports on different
  protocols to be opened and configurated.
  Even the SIP for Facetime has to be enabled etc.
  Like the FaceTime Firewall ports here:
  http://support.apple.com/kb/HT4245
  In the full feature list page of Mac OS X Lion
  there is not listed anything about the Mac OS X Lion Firewall!
  In Snow Leopard we can't configurate the Firewall with
  custom ports and protocols etc.
  Everybody refer to the Hanynet NoobProof and WaterRoof
  firewall apps. I'm using the NoobProof my self right now.
  http://www.hanynet.com
  But I think the Mac OS X Snow Leopard and Lion could do with a
  much better and way more easier firewall GUI to be able to
  configurate ports and protocols and firewall rules and even NAT.
  Isn't the Mac OS X about doing it the easy way!
  I think a Firewall in Mac OS X with only a On and Off button (more or less)
  wont cut it any longer!
  For people not knowing about Firewall its OK to have an On/Off button,
  but for the user that know about firewall, ports and protocols
  it would be great to have a button to go in an be able to configurate
  making rules and opening ports on specific protocols and doing NAT etc.
  The Mac OS X Firewall GUI created by Bryan Hill called
  "Brickhouse" and now called "Flying Buttress"
  updated last in 2005!
  (Which I could NOT get to work in Snow Leopard)
  it had a very good and easy
  to use Graphical User Interface. (GUI).
  See it here:
  http://www.securemac.com/firewallsecurityshareware.php
  Why isn't there any like that for the present Mac OS X????
  Anybody know anything that will help in that direction???
  Anybody know a nicer firewall GUI or App for
  Snow Leopard / Lion ???
  Please comment here.
  Best regards
  Jesper
  from Denmark.

  Thank you very much for responding to my thread Thomas and roam.
  Wheter it is a question to run a firewall on Mac OS X or not,
  is not my question. And thank you, but I do know the difference between a
  GUI for the Mac OS X built in firewall and a 3rd party stand alone firewall.
  If I and properbly many other Mac OS X users choose to run with a firewall,
  many of us would like to be able to configurate as WE want it to be.
  Many users have special needs that require speciel configuration of the firewall.
  There are other things than Apple network technologies you know!
  Running a firewall or not. There is Pro's and Con's on both. It's a free choise right. I respect both.
  I have 8 CPU cores and 16 threads on my Mac Pro, so I think my Mac can handle a running firewall!
  "Better safe, than sorry!" As they say "Over there".
  ;o)
  Apple has chosen to make a firewall in
  Mac OS X, then there must be a reason why it is there.
  And besides that.
  I would bet that, the more popular the
  Mac computers gets in the future and the more marketshare
  the Mac computers get over the hopeless Windows platform.
  The more hackers will be interesting in hacking the Mac OS X.
  So a firewall would be something to consider the more Apple has success.
  I think that is quite logical.
  I'm sure there is almost as many undiscovered security holes in UNIX
  as there is on the Windows platform. It is just a question of time
  before the hackers will point their weapons against the Mac OS X.
  So let me explain a bit more precise what I need…
  I'm used to configurate lots of hardware Routers with Firewalls. Doing things like creating firewall rules, opening ports on specific protocols, WAN-to-LAN and LAN-to-WAN, NAT IP redirection, enabling SIP, content filtering, wireless accesspoints with encryption and MAC Address filtering, creating VPN tunnels, setting up Remote Desktop on Windows and Mac computers for Terminal Servers etc.
  I'm also administrating FTP servers and NAS harddisks.
  All that is always being configurated in a nice intuitive user interface via my web browser. Wheter it is a Router, NAS disk etc. THATS WHAT I WANT with the Firewall in Mac OS X. An "intuitive graphical user inteface" where I easily can configurate the Mac OS X firewall or a stand-alone firewall for that matter.
  Yes I self use on my Mac Pro the Hanynet NoobProof firewall GUI right now.
  But both the Hanynet firewall GUI's are crap. Lets face it!
  They work yes! But the User Interface is NOT Mac OS X standard right!!!
  If you pair the user interfaces with standard unser interfaces of a normal end-user Gateway Router with Firewall. Like ZyXEL, NetGear etc.
  The Hanynet NoobProof don't have the feature to
  choose ports on specific protocols.
  With Apple FaceTime there are ports on both the
  TCP and UDP protocols that has to be open for communication.
  On the other side the Hanynet WaterRoof GUI
  I know that it has the features to configurate ports on specific protocols but!
  The User Interface is waaaaaaaay too complex and is anything else than intuitive!
  I can't find ether head or tale in WaterRoof GUI!!! Completely Lawsy Interface. It is SO non Mac like!
  (it needs a interface designer like myself)
  I mean, "The Mac" and Mac OS X is all about doing things the "EASY, Nice and Intuitive Way" right!
  I can't be that I'm the only one in the world that need a better and faster configuration of the Mac OS X firewall, can it?! There must be hundred thousands of other Mac OS X users with the same wish.
  I know I'm a "designer", not a "programmer".
  The only thing I program is HTML, CSS and DVD Video titles.
  So with all due respect.
  *** The question is…
  Does anybody know a Firewall GUI or stand alone firewall for Mac OS X Snow Leopard/Lion that are easier than Hanynets????????????????
  =========
  If I was an Apple employed that delt with Mac OS X security.
  I would make the Mac OS X firewall user interface different.
  Top level choise could be: ON, OFF and CUSTOM.
  So people with non knowledge of firewalls could just choose ON or OFF
  to their liking. And leaving the choise for people that would like
  to customize the firewall settings with the "Custom" button.
  And there after a nice intuitive graphical user interface
  to make all sorts of custom settings JUST like on a Gateway Router with built in firewall.
  A firewall like that could not hurt anybody could it???!!!
  It's MY Mac, I want to rule over MY firewall.
  I like the Mac OS X very much, I think it is absolutely brilliant,
  but the Firewall settings is NO GOOD for custom firewall configurations.
  Apple has to pay attention to it, the sooner the better.
  Please feel free to comment.
  Best regards
  Jesper
  Denmark.

• The Post Office Agent might not be configured for SOAP.

  I have a virtual server with VMware ESXi 5 running SLES11 sp1, OES11 and GroupWise 12.
  The GroupWise system have one domain and one post office with several users.
  The users can access the mailbox with the GroupWise Windows Client, but when they try to login in the GroupWise Webaccess, they get the following error: "[9505] Your post office is unavailable. The Post Office Agent might not be configured for SOAP. Please contact your system administrator".
  1.- The post office agent have the SOAP option turned on.
  2.- I check the java environment variables and they are pointing to the right directory.
  3.- The Linux Firewall is turned off.
  4.- rcapache2 start and rctomcat6 start dont show errors.
  5.- I check the webacc.cfg file and all IPs address and ports (POA & DVA) are fine.
  Any help, comment or suggestion will be welcome.
  Thanks in advance.

  Check to see if the port is being used by SLES...
  --El
  Originally Posted by crivera
  I have a virtual server with VMware ESXi 5 running SLES11 sp1, OES11 and GroupWise 12.
  The GroupWise system have one domain and one post office with several users.
  The users can access the mailbox with the GroupWise Windows Client, but when they try to login in the GroupWise Webaccess, they get the following error: "[9505] Your post office is unavailable. The Post Office Agent might not be configured for SOAP. Please contact your system administrator".
  1.- The post office agent have the SOAP option turned on.
  2.- I check the java environment variables and they are pointing to the right directory.
  3.- The Linux Firewall is turned off.
  4.- rcapache2 start and rctomcat6 start dont show errors.
  5.- I check the webacc.cfg file and all IPs address and ports (POA & DVA) are fine.
  Any help, comment or suggestion will be welcome.
  Thanks in advance.

• RV120W [IKE] ERROR: Could not find configuration for X.X.X.X

  All
  I setup the RV120W to allow my MAC desktops to connect in over the internet. MAC;s are running IPSecuritas or VPNTracker. Both don't work.
  Setup is
  Basic VPN Setup Default Values for IKE:
  Gateway Policies
  Client Policies
  Exchange Mode:
  Main
  Aggressive
  ID Type:
  Local WAN (Internet) IP
  FQDN
  Local WAN (Internet) ID:
  Local WAN (Internet) IP
  remote.com
  Remote WAN (Internet) ID:
  Remote WAN (Internet) IP
  local.com
  Encryption Algorithm:
  3DES
  3DES
  Authentication Algorithm:
  SHA-1
  SHA-1
  Authentication Method:
  Pre-Shared Key
  Pre-Shared Key
  Key-Group:
  DH-Group 2 (1024 Bit)
  DH-Group 2 (1024 Bit)
  Lifetime:
  8 Hours
  8 Hours
  Basic VPN Setup Default Values for VPN:
  Encryption Algorithm:
  3DES
  Authentication Algorithm:
  SHA-1
  Lifetime:
  1 Hours
  PFS Key Group:
  DH-Group 2 (1024 Bit)
  NETBIOS:
  Enabled (Gateway Policies)
  Disabled (Client Policies)
  When my clients try and login. All I see in the logs is
  011-11-28 10:05:43: [rv120w][IKE] ERROR:  Could not find configuration for 212.183.140.51[65212]

  The error that you are getting that shows in the log file by the "pings being blocked" it refers to the connection being block by the firewall or security on your computer.
  Things that you should look for is: What type of internet security software you are using will a lot of the time block QVPN from working.
  With Windows 7 it has a lot of added security so the windows 7 Firewall has to be on because soon as the firewall is turn off or another firewall is loaded that turns off Win7 firewall, the Win7 OS turns off IPSEC and that is needed for quick VPN to work. Hope this has been helpful and gave you some more understanding.

• TACACS+ configuration for Cisco ASA

  I tired configuring TACACS+ configuration for ASA but unable to complete it. I have ACS 3.3 for all other Cisco Routers and Switches

  Leo,
  I was looking around and come across this post. It's very late, however, wanted to add my inputs for other community members.
  RSA Token/One-Time-Password support available with ASDM only in SINGLE ROUTED MODE. If you are in Single Routed Mode, you can do OTP with ASDM if you are running ASA 8.2+  with ASDM 6.2+.
  If the firewall is running in multi-context and transparent mode. It won't work. Below is the enhancement request that was filed for the same feature to be supported.
  CSCtf23419    ASDM OTP authentication support in multi-context and transparent modes
  With WLC is yet not possible and there is a enhancement request filed.
  CSCuf61598    WLC: Need ability to support multiple sessions via OTP authentication
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Firewall settings for Crystal Enterprise

  I have recently started working from home and have found that I cannot access the Enterprise report repository via my locally installed version of Crystal Reports XI r2. The application starts up fine but when I try to open a report from the Enterprise location I put in my logon details but after a few minutes I get an error 'Transport error: comunication failure'.
  My network team have looked into it and say that this is happening because the ports that Crystal is trying to use are seemingly randomly assigned and they cannot define a rule for me to allow access.
  Is there any way for me to define which port(s) Crystal will connect via so that networks can open a hole in the firewall for me?

  Hello Keith,
  You are asking an Enterprise configuration issue, not a data connectivity issue. You really should post your question to the Business Objects forums.
  Enterprise can be configured to work with firewalls. Ports can be set on the various servers using command line switches, etc. I believe firewall configuration is covered in the BOE XIR2 Admin guide, or possibly one of the appendicies. Here's a link to the BOE XIR2 Admin guide:
  [BusinessObjects Enterprise XI Release 2 Administrator's Guide|http://help.sap.com/businessobject/product_guides/boexir2/en/xir2_bip_Admin_en.pdf]
  If you need additional assistance you should consider opening a support case.
  I hope this helps!
  Sincerely,
  Dan Kelleher

• Firewall Settings for Crystal Reports

  In the SAP Solutions Installation and Administration Guide the fire wall settings which are described are based on the SAP Gateway service listening port and the SAP Dispatcher service listening port.
  Both the port are opened but there is still the database popup asking for the username/password when the report is refreshed used with a SAP account within Infoview.
  If this report is tested on an environment without a firewall there is no database popup.
  So my question is if it is enough to only open both the SAP ports in the firewall or do we also need additional ports for different BO services like the Crystal Report processing services.
  Thanks,
  Jan

  Hello Keith,
  You are asking an Enterprise configuration issue, not a data connectivity issue. You really should post your question to the Business Objects forums.
  Enterprise can be configured to work with firewalls. Ports can be set on the various servers using command line switches, etc. I believe firewall configuration is covered in the BOE XIR2 Admin guide, or possibly one of the appendicies. Here's a link to the BOE XIR2 Admin guide:
  [BusinessObjects Enterprise XI Release 2 Administrator's Guide|http://help.sap.com/businessobject/product_guides/boexir2/en/xir2_bip_Admin_en.pdf]
  If you need additional assistance you should consider opening a support case.
  I hope this helps!
  Sincerely,
  Dan Kelleher