Firewall Needed?

Similar Messages

• How to setup Firewall - Need Help

  I have 2 connections to the internet via BGP. I need to place firewalls for border security. I need to use the FWSM modules on the 6506 that are also acting as my dual core.
  These firewalls will also do NAT. My problem is with load-balancing. I want to be able to load balance & provide redundancy over the firewalls but dont know what my options are.
  If I inject 0.0.0.0 default routes into my OSPF on the BGP routers, my core will have 2 default routes and traffic will pass over both firewalls. I believe that if return traffic takes a different path the return firewall will not have session or xlate information and will drop the traffic. Ok so I can use "tcp bypass" to fix the session problem, but what about the xlate when using PAT?
  What is the best design strategy when implementing 2 firewalls and load-balancing them in this fashion.
  Attached is my network setup. I can subnet IPs if needed to, etc.
  Please help.

  Firewall load balancing is supported when both are configured in Active/Active Failover mode where both are actively handling incoming traffic. The Active/Active Failover is only available when the firewall's are configured in multiple context mode and the they are not VPN endpoints. The multiple context mode means dividing a firewall into multiple virtual firewalls (contexts). Each context works independently as an individual firewall and has its own configuration. Then the user can load balance these contexts (virtual firewalls) to be active on either of the physical firewalls. In other cases the only option is to use a router in front of the firewall for load balancing.

• Windows firewall needs turned on to install in Windows 7-wireless install

  HP Photosmart Premium Fax e All in one printer c410A
  1. Lost abilty to connect with printer & Diagnostics say to reinstall. 
  2.  I am installing latest version, and have followed all steps meticulously but in order to install it says I have to have windows firewall on. (HP Software will not fix problem nor will windows software, and I can not tun on manually. )
  HP installation exits uninstalling as it goes.
  I have AVG antivirus installed & firewall is on there.
  Any ideas?

  Hello Tango2014, and welcome to the HP Forums, I hope you enjoy your experience!
  I see you are experiencing installation issues. I would like to help.
  I would suggest Uninstalling the Printer Software.
  Once it is uninstalled, I would suggest putting your system into clean boot mode within the Microsoft configuration.  You can do so by following this document: How to perform a clean boot in Windows.
  Once the computer is in clean boot mode, I would suggest reinstalling the HP Printer Install Wizard for Windows.
  Good luck and please let me know the results of your troubleshooting steps. Thank you for posting on the HP Forums!
  Please click “Accept as Solution " if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos, Thumbs Up" on the right to say “Thanks" for helping!
  Jamieson
  I work on behalf of HP
  "Remember, I'm pulling for you, we're all in this together!" - Red Green.

• What port-range in the firewall of a Socks (e.g. JSocks) server?

  Hi there,
  I am using the JSocks implementation of a socks v5 server.
  Some of my questsions are quite general (not only specific to JSocks) and I hope that someone knows the answer. Unfortunately the forum of JSocks (sourceforge) is only rudymentary so I think this place is better to answer my questions.
  However...
  As I understand the socks proxy, the server waits on a specific port - normally 1080 and processes the client requests (bind, connect, accept...).
  For example one client requests a bind. Then the socks server opens a port locally on the socks host and (if successful) replies the new listening port and ip to the requesting client. ...
  (Forget authentication, cascaded proxies and ip-ranges at this point!)
  Now, if other clients should be able to access this port, the firewall (if any) needs to allow connection to this port.
  My questions:
  What should be an adequate port range for the socks proxy? With other words: what is the port range of the new ports that are created for the requesting clients?
  How schould a seperate firewall be configured not to conflict with a socks proxy?
  Specific to JSocks (if somebody knows this he wins a virtual cookie): What is the port range that JSocks uses if it opens (generates) new ports for its clients?
  Where is the port range defined in the jsocks - I havent found any?
  Imagine that on the same machine there are other running applications that are listening on predefined ports. (e.g. 8080, 21, ...) - what is the best way to exclude the ports in jsocks?
  Any hints and explanations are welcome!
  Edited by: krafzig on Oct 28, 2008 8:27 AM

  You only need one port.OK, initially I need only - lets say port 1080.
  But then for example a client c1 requests a bind. The socks server opens a new socket for the client (e.g. on 50000) and tells the client on which port on the socks he is now listening, right?
  In order to allow client c2 to connect to this new port the firewall needs to allow access to the new port (50000) first.
  So there are more ports - there might be hundrets or thousands, right?
  If its on a seperate box it doesn't matter. If its on the same box it should manage different ports.yes, different ports!
  However, it should allow access to the ports that the socks opens for the clients, right?
  Optimal would be a dynamic adaptation of the firewall, whenever the socks opens a new port the firewall grants access.
  I assume its configurable, so its up to you.No, unfortunately it is not configurable. At least I havent found anything.
  Probably won't either.???
  Don't use ports already used. `netstat -a` will list all the used port on that box. obviously, and Jsocks allows to configure reusage of ports by flag true/false;
  Has anybody setup a socks proxy with a firewall and knows how this is/should be done normally?
  Has anybody experiences with JSocks?

• OTV Deployment with SVI defined in the firewall

  Hello,
  I have the following scenario.
  1) DC 1 is having a firewall(FW1) with NExus 7K
  2) DC 2 is having a firewall(FW2) with NExus 7K
  3) Both firewalls are independent of each other
  4) SVI (Default Gateway) of VLAN 10 and Vlan 20 are defined in the firewall
  5) OTV is deployed across the DC with VLAN 10 and VLAN 20 are overlayed across the DC
  6) Server 1 is in VLAN 10 in DC 1 and server 2 is in VLAN 20 in DC 2
  Question: When server 1 in vlan 10(DC1) wants to communicate to Server 2 in VLAN 20(DC2). The server1 forwards the traffic to the default gateway of VLAN 10(in this case the SVI of VLAN 10 defined in the firewall 1), passes the policy and uses the overlay interface to reach to server 2(VLAN 20 in DC 2)
  Return traffic from server 20 would hit the default gateway of VLAN 20(in this case default gateway defined in the Firewall 2). which ideally is not required, it should directly use the overlay link and land on the Firewall 1 which is on the DC1.
  Can anyone suggest a problem for this solution.
  Regards,
  Henry Rose.

  You only need one port.OK, initially I need only - lets say port 1080.
  But then for example a client c1 requests a bind. The socks server opens a new socket for the client (e.g. on 50000) and tells the client on which port on the socks he is now listening, right?
  In order to allow client c2 to connect to this new port the firewall needs to allow access to the new port (50000) first.
  So there are more ports - there might be hundrets or thousands, right?
  If its on a seperate box it doesn't matter. If its on the same box it should manage different ports.yes, different ports!
  However, it should allow access to the ports that the socks opens for the clients, right?
  Optimal would be a dynamic adaptation of the firewall, whenever the socks opens a new port the firewall grants access.
  I assume its configurable, so its up to you.No, unfortunately it is not configurable. At least I havent found anything.
  Probably won't either.???
  Don't use ports already used. `netstat -a` will list all the used port on that box. obviously, and Jsocks allows to configure reusage of ports by flag true/false;
  Has anybody setup a socks proxy with a firewall and knows how this is/should be done normally?
  Has anybody experiences with JSocks?

• Apple TV and the 10.5.1 firewall

  After updating to 10.5.1 I received an error message in iTunes when trying to update my Apple TV. The error message said my firewall software needed to allow communication over port ####. Turning the built in firewall off fixes the error message and allows the Apple TV to sync.
  What "application" allows the Apple TV to talk to iTunes? I tried allowing iTunes but that doesn't work. If it were Tiger I'd configure the firewall to allow communication over the port the error message in iTunes told me to. But I don't see a way to do so in Leopard.
  So for now the Leopard firewall is useless since I have to turn it off.
  Message was edited by: Host

  Barefootman wrote:
  Mate, my iTunes was not set to share, so, I enabled it. However, it made no difference. Firewall needs to be turned off for syncing to happen. Bugger!
  I stumbled on this unfortunate circumstance this morning. My Apple TV was working as usual last night prior to the 10.5.1 upgrade (the local Firewall was switched on and set to block external connections); tried to watch an item this morning and although the library seemed visible in the listing of sources; selecting it had no effect despite the fact the Apple TV seemed to have a good go at trying to connect.
  Whilst this is happening the Apple TV does not show up in iTunes.
  I tried rebooting the Apple TV, closed and restarted iTunes, checked the iTunes settings before finally turning off the Leopard Firewall. The entry in the Firewall log is -:
  Nov 16 10:10:02 -imac Firewall[40]: Deny iTunes connecting from 192.168.1.64:49163 uid = 0 proto=6
  I have no need of the local Firewall in the home setting as I am behind an edge Firewall, it would be a good idea for this to work a little better though!

• Contact import Firewall issue

  We have just started to roll out the curves to a group of 20 at our company.  One of them took their phone to Verizon to copy their contacts from their old Moto Q and was told that the firewall needs turned off on the phone.  I have tried to do so on it and there is a red padlock next to the the Enabled status.  I cant seem to find where in the policy on the BES server to turn this feature off so Verizon can get the contacts off.  Any help would be greatly appreciated.
  Thanks.
  Solved!
  Go to Solution.

  Hi there!
  Are you the user or the BES admin? If the former, please see your BES admin. If the latter, we should move your query to the BES forum so that the right experts can see it:
  http://supportforums.blackberry.com/rim/board?board.id=BlackBerryEnterpriseSolution
  But please don't double-post...just respond and we'll have the MODS move it if that's appropriate.
  Thanks!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Is Calendar Server accessible through a firewall?

  What ports on a firewall need to be opened in order to access the Calendar
  Server over the internet?
  <P>
  Ports 5730, 5731, 5732
  However, this configuration is not recomended unless you are in a secure
  environment since there is not a secure Calendar protocol.

  The point of using a web-based e-mail client is that ports 80 and sometimes 443 are the only ports you can be sure are open in most cases. It's the protocol that's blocked by the firewall, not the application. If pop and imap are blocked, then no pop or imap client will work.

• Officejet 8620 two problems a)Win7 firewall wifi connection and b)multihoming the printer

  Bought the printer this afternoon and set up one computer - printer connection with wifi as advised in the enclosed paper work and CD. No problems.
  When setting up the second computer (also with wifi) using the enclosed CD I got an error message that the hp software can see the printer at the IP address I gave it but it couldn't auto connect using the "typical connection method". Advice in the dialog box was to change the computer firewall settings for "typical connection" method. No advice  on what that might be. Looking at the Win7 firewall, all HP printer software is checked off for both the home network and public. What else does the Win7 firewall need to enable to make automatic printer connection work???  BTW I took the installation software's advice and punted for now. The warning by the software was that if the printers IP address changes I will have to manually change it in the computer withthe firewall problem (ugh).
  Which leads to the second problem:
  A couple of my computers are ethernet only. No wifi. When I plug ethernet in to the 8620, it sets an IP address for itself on the ethernet, but it  abandons the wifi IP address. How can I print from some ethernet connected computers and some wifi connected ones.
  Any constructive advice is VERY WELCOME.
  I apologize in advance if there is already a solution posted for either of these problems; I could not find them searching the forum.
  Lenny W.
  This question was solved.
  View Solution.

  Welcome to the HP Forums lennyw07016,
  I see by your post that you are having issues installing the printer on a second computer. You would also like to setup the printer on the computers that are hardwired to the router. I can help you with this issue.
  You can only use the Ethernet or Wireless at a time. The Ethernet connection turns off the Wifi.
  You can have the printer setup on the wireless network and still add the printer to the computers with the hardwired connection to the router. As long as they are on the same network.
  I have provided a document for different ways for setting up the printer on the wireless network.
  Installing the Printer Software on a Wireless or Wired (Ethernet) Network Connection.
  You should have the option to type in the printer's IP address.
  Printing a Network Configuration Page.
  Here is another method for converting USB to wireless.
  Installing the Printer Software for a Wireless Network Connection.
  Go to step 4 under the operating system selected.
  If you are still having issues, check the IP address on the computer.
  Go to start, type run in the search box, type in cmd, then type ipconfig.
  Check the IP address.
  Now check the IP address for the printer.
  Do the first 3 sets of numbers match?
  Try and ping the printer.
  In the same window, type ping printers IP address (space between ping and IP address)
  What are the results?
  If you need further assistance, let me know.
  Have a nice day!
  Thank You.
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" on the right to say “Thanks” for helping!
  Gemini02
  I work on behalf of HP

• Help in my project needed

  Hi! I am developing firewall for windows, but i am new to java ( only core java i have done). Please tell me some good resources on the web that could provide me with some tutorials and examples in relation to my project.
  I searched the web but in vain, as linux firewall help is everywhere but not for windows.
  Even your small help is appreciated.
  Thanks in advance!

  study the Internet protocol stack.
  A firewall needs to be able to interpret / manipulate IP packets and needs to plug in at the Internet protocol stack level.
  TCP and UDP datagrams exist on top of IP packets they use the IP stack.
  Java can interpret and manipulate TCP and UDP datagrams but NOT IP packets. It cannot implement a firewall since the things a Firewall needs to manipulate, IP packets are below its level of visibility.

• Firewall that can filter by source port?

  Hi,
  I have looked everywhere but can't find a firewall for OSX that will allow me to filter incoming or outgoing connections by source port. Just about every one I find can filter by destination port.
  Can anyone help me on this?
  Thank you in advance

  Whoop!
  Thanks for that. That really helped. I don't suppose
  you could point me in the direction of a tutorial
  that will allow me to do what I need?
  Hmmm.
  No tutorials that I can personally reccomend. (I actually use iptables on linux for my firewall needs)
  http://www.novajo.ca/firewall.html looks ok.
  There is a lot of good info on macosxhints, as well, especially on creating the startup script you will need to create.
  Hopefully someone else has a good link to a tutorial.
  Also, brickhouse may do what you need, but it didn't look as if it was quite as configurable as you wanted....

• Firewall - is iTunes (Apple TV) an "essential service"?

  Help says "Essential services are a set of applications that allow your computer to find services provided by other computers on the network. This setting prevents connections to all other sharing and application services."
  Okaaay...
  Anyone know what this set of applications comprises?

  These might include system applications, services, and processes. They can also include digitally signed programs that are opened automatically by other programs.
  itunes is not part of these essential services and access through the firewall needs to be turned on by adding it to the list of specific applications.
  Message was edited by: Winston Churchill

• IP/Port information gathering for new Firewall

  Hi,
  Can anyone suggest some options to gather traffic flow information for  a network to build new firewall rules. Some applications have been running for long time and people who set it up have moved. The Netflow data is huge. I am only interested in connection initiated from outside. So probably looking for a packet with SYN flag might help, but don't know how to do it in Netflow. What about UDP? Would permitting all IP traffic with logging option provide some help in gathering this information?
  Any ideas are welcome!

  Hi,
  Only thing I can think of fast is either having a separate computer doing capture on some switch in front of the firewall OR you could use the PIX/ASA (?) firewall packet capture to capture traffic on the firewall outside interface to monitor which hosts are initiating connections or which hosts are being connected to from Internet. Naturally you would see alot of useless traffic also that is just scanning.
  The packet capture on the firewall itself does have limitations as it has a quite limited buffer (even though it can be set to overwrite old data when buffer is filled) but its quite convinient when you have to do captures fast and remotely.
  If any Cisco employee happens to read this, do you know why there is a approx. 33,5MB limit per capture on the firewall? Even though you can have several of them? Why isnt there an option to have a larger capture file when it doesnt seem the devices resources are a limit?
  I have only had to do this kind of thing once in one old automation network where a firewall needed to be added between to network segments which didnt have any previous access rules. Some ports were known but not all. Basically I just setup logging from the added firewall to a Syslog server and monitored the denied connections realtime from the syslog server while filtering only the needed log messages from the firewall. This helped solve some of missing information.
  I guess if there is some very important servers or computers hosting something you could always do separate captures on the devices themselves or on switches they are connected to if possible.
  - Jouni

• Warcraft Firewall problem

  Hi all
  I bought World of Warcraft for my kids at the weekend, and installed then patched the game which is played over the internet, pretty much without any problems on my G5 tower. Now I need to use my tower for work, pretty much all the time, so I have installed the game on our Mac Book Pro - this is where we have the problem. In order to patch the game after installation (which is done automatically by the game), our Sharing/Firewall needs configuring as per Blizzards instructions here:
  http://faq.wow-europe.com/en/article.php?id=321
  This worked fine for the G5, but the MBP has 2 entrys for ports, presumably because of the newer OS, and requires these:
  TCP Port Numbers
  UDP Port Numbers
  I have tried entering the same info Blizzard suggests in a few variants but neither works. The patch installer suggests the Firewall is blocking the download. There are no other tech support topics I can find to help with this and hope someone out there can tell me what to do ... so I can get some work done!
  Cheers
  Dave

  You're right, even though the patch installer reports a problem, being behind a Firewall, I left it alone, then went back a while later and it had downloaded. All up and working now folks - many thanks.

• Firewall on installing pppoe-setup [solved]

  On installing pkg 'pppoe-setup' one of the questions asked is about the kind of firewall needed, whether not or standalone desktop.... I choose dekstop (all in blocked). But on checking the pkgs installed, i dont see iptables.
  So which firewall it starts or does it blocks in some other way.
  Have to open a port for torrent and stuck.
  installed gufw and opened the port from there but still blocked.
  Last edited by net.reg (2009-10-02 10:49:22)

  The config is in /etc/ppp/pppoe.conf. Just change the firewall to none, I guess.