Gatekeeper to gatekeeper through a Checkpoint FW

Has anyone established communications through Checkpoint FW NG R55 without using the service "any"? I am trying to establish external IP videoconferencing through a FW but can not get it to work without using the "any" service.
Thanks

This doesn't sound like it has anything to do with Gatekeeper.  Gatekeeper simply prevents certain kinds of apps from opening.  You should set Gatekeeper back to the default (middle) setting for the best balance of safety and flexibility.
What is the extension at the end of the problem files' names?  Is it .jpg or .jpeg, or is it something else, or is it missing entirely?  (Note that you may need to select the file and choose File -> Get Info in order to see the full filename with the extension, as extensions can be hidden.)

Similar Messages

  • LAB OF GATEWAY, GATEKEEPER & CUCM

    Hi
    I want to do practice on cucm, gateway & gatekeeper through lab enviroment. Please give me some kind of scenario to create lab . I want practice on data & voice enviroment kind of thing through data vlan & voice vlan. I have following device for practice
    1 cisco router 3600
    1 cisco router 2501
    1 L3 switch HP procurve 24 port
    3 L2 switch hp procurve 24 port
    1 broadband connetion
    2 laptop with good configuration
    cucm 7 iso
    ip communicator
    softphone (sip based)
    please suggest me any kind of network design (voice & data) according to available metiral with me so that I can start practice.

    Wrong forum, try "ip telephony". You can move the post using the control panel on the right.
    Anyway it seems to me that you don't have enough equipment.

  • WAAS Cached content access through Checkpoint firewall

              Hello,
    I would like to open access to the cached content on the WAAS from a server through a Checkpoint firewall. The server has to have L3 access to the actual WAE device, from what I understand. Is this feasable? What ports would I need to open in the Checkpoint?
    Thanks
    Doug Bradfield      

    Hello Douglas,
    You're correct, if you see an optimized connection  is probably being cache ( probably not the whole file)  there is a big difference between "cache data" and "preposition data" .
    Cache data is not for you to control or manually retrieve from the WAE box. WAAS controls what is being cache or delete when more new data comes through.
    Preposition data is something you can manually store on the Remote WAE so remote users are benefit of a faster access to files already preposition. But this is uppon remote users request to the server( Users don't know that WAAS exist they just see the  server-share they've always use) so WAAS notice that a user is requesting a file that a remote WAE already got in their preposition files, so it provide faster access to the file.
    Neither of this two options above will let you access WAAS content like you describe on the initial question, you said you want open access to WAE files from a server right ?  you can still get the files on your server and this files can be optimazed if you  server is behind the WAAS optimization path, but you'd need to go and from the server copy the files one by one just like if you were retrieving them from a  client PC.
    hope this helps!

  • CSM through Firewall

    Is there any specific configuration to be made in the CSM or Checkpoint/PIX Firewall to allow clients access the CSM virtual IP through the Checkpoint/PIX Firewall??
    I am having problem connecting thru' the checkpoint firewall to the CSM virtual IP (all ports in firewall are open, no restrictions)......but it works just fine when not going thru' the firewall.

    Do you have a PIX or a Checkpoint firewall. IF PIX, look at the logs in debugging mode and see what is being denied.

  • Which parameter to change to avoid "cannot allocate new log"

    Hello Everyone.
    I'm running 9i r2 on windows 2003 SD edition server with ISCSI attached. on the ISCSI drive i have 1 group of redo logs together with DBF's in the data directory. The other 2 redo groups are on the 2 separate local disks together with archive logs (in another folder).
    I'm getting a few "cannot allocate new log" errors every couple of days and in the event viewer "Archive process error: ORACLE Instance prdps - Can not allocate log, archival required"
    I'm not sure which parameter i should change.
    Current setup:
    db_writer_processes     1
    dbwr_io_slaves          0
    Here is the output from v$sysstat:
    49     DBWR checkpoint buffers written     8     7410575
    50     DBWR transaction table writes     8     7748
    51     DBWR undo block writes     8     4600265
    52     DBWR revisited being-written buffer     8     5313
    53     DBWR make free requests     8     26383
    54     DBWR free buffers found     8     19838373
    55     DBWR lru scans     8     21831
    56     DBWR summed scan depth     8     21265425
    57     DBWR buffers scanned     8     21265425
    58     DBWR checkpoints     8     1719
    59     DBWR cross instance writes     40     0
    60     DBWR fusion writes     40     0
    This is from alert.log:
    Fri Mar 06 00:25:52 2009
    ARC0: Completed archiving log 1 thread 1 sequence 7004
    Fri Mar 06 00:25:54 2009
    Thread 1 advanced to log sequence 7006
    Current log# 3 seq# 7006 mem# 0: E:\ORACLE\ORADATA\PRDPS\REDO03A.LOG
    Current log# 3 seq# 7006 mem# 1: F:\ORACLE\ORADATA\PRDPS\REDO03B.LOG
    Current log# 3 seq# 7006 mem# 2: G:\ORACLE\ORADATA\PRDPS\REDO03C.LOG
    Fri Mar 06 00:25:54 2009
    ARC1: Evaluating archive log 2 thread 1 sequence 7005
    ARC1: Beginning to archive log 2 thread 1 sequence 7005
    Creating archive destination LOG_ARCHIVE_DEST_1: 'F:\ORACLE\ORADATA\PRDPS\ARCHIVE\PRDPS_001_07005.ARC'
    Fri Mar 06 00:26:03 2009
    Thread 1 advanced to log sequence 7007
    Current log# 1 seq# 7007 mem# 0: E:\ORACLE\ORADATA\PRDPS\REDO01A.LOG
    Current log# 1 seq# 7007 mem# 1: F:\ORACLE\ORADATA\PRDPS\REDO01B.LOG
    Current log# 1 seq# 7007 mem# 2: G:\ORACLE\ORADATA\PRDPS\REDO01C.LOG
    Fri Mar 06 00:26:03 2009
    ARC0: Evaluating archive log 2 thread 1 sequence 7005
    ARC0: Unable to archive log 2 thread 1 sequence 7005
    Log actively being archived by another process
    ARC0: Evaluating archive log 3 thread 1 sequence 7006
    ARC0: Beginning to archive log 3 thread 1 sequence 7006
    Creating archive destination LOG_ARCHIVE_DEST_1: 'F:\ORACLE\ORADATA\PRDPS\ARCHIVE\PRDPS_001_07006.ARC'
    Fri Mar 06 00:26:15 2009
    ARC1: Completed archiving log 2 thread 1 sequence 7005
    ARC1: Evaluating archive log 3 thread 1 sequence 7006
    ARC1: Unable to archive log 3 thread 1 sequence 7006
    Log actively being archived by another process
    Fri Mar 06 00:26:16 2009
    Thread 1 cannot allocate new log, sequence 7008
    All online logs needed archiving
    Current log# 1 seq# 7007 mem# 0: E:\ORACLE\ORADATA\PRDPS\REDO01A.LOG
    Current log# 1 seq# 7007 mem# 1: F:\ORACLE\ORADATA\PRDPS\REDO01B.LOG
    Current log# 1 seq# 7007 mem# 2: G:\ORACLE\ORADATA\PRDPS\REDO01C.LOG
    Thread 1 advanced to log sequence 7008
    Current log# 2 seq# 7008 mem# 0: E:\ORACLE\ORADATA\PRDPS\REDO02A.LOG
    Current log# 2 seq# 7008 mem# 1: F:\ORACLE\ORADATA\PRDPS\REDO02B.LOG
    Current log# 2 seq# 7008 mem# 2: G:\ORACLE\ORADATA\PRDPS\REDO02C.LOG
    Fri Mar 06 00:26:16 2009
    ARC1: Evaluating archive log 3 thread 1 sequence 7006
    ARC1: Unable to archive log 3 thread 1 sequence 7006
    Log actively being archived by another process
    ARC1: Evaluating archive log 1 thread 1 sequence 7007
    ARC1: Beginning to archive log 1 thread 1 sequence 7007
    Should i just change
    db_writer_processes     1
    dbwr_io_slaves          2
    Thank you
    Any help appreciated.

    This message indicates that Oracle wants to reuse a redo log file, but
    the
    corresponding checkpoint associated is not terminated. In this case,
    Oracle
    must wait until the checkpoint is completely realized. This situation
    may be encountered particularly when the transactional activity is
    important.
    check for:
    - Background checkpoint started.
    - Background checkpoint completed.
    These two statistics must not be different more than once. If this is
    not true, your database hangs on checkpoints. LGWR is unable to
    continue
    writing the next transactions until the checkpoints complete.
    Three reasons may explain this difference:
    - A frequency of checkpoints which is too high.
    - A checkpoints are starting but not completing
    - A DBWR which writes too slowly.
    The way to resolve incomplete checkpoints is through tuning
    checkpoints and
    logs:
    1) Give the checkpoint process more time to cycle through the logs
    - add more redo log groups
    - increase the size of the redo logs
    2) Reduce the frequency of checkpoints
    - increase LOG_CHECKPOINT_INTERVAL
    - increase size of online redo logs
    3) Improve the efficiency of checkpoints enabling the CKPT process
    with CHECKPOINT_PROCESS=TRUE
    4) Set LOG_CHECKPOINT_TIMEOUT = 0. This disables the checkpointing
    based on
    time interval.
    5) Another means of solving this error is for DBWR to quickly write
    the dirty
    buffers on disk. The parameter linked to this task is:
    DB_BLOCK_CHECKPOINT_BATCH.
    DB_BLOCK_CHECKPOINT_BATCH specifies the number of blocks which are
    dedicated
    inside the batch size for writing checkpoints. When you want to
    accelerate
    the checkpoints, it is necessary to increase this value.

  • 2 Gateways Sharing One Subnet - How to route traffic in and see each other?

    Hello,
    First, thanks for your feedback in advance.
    I am rolling over from CheckPoint Security Gateways to Fortinet Gateways so I have set up one of each within my datacenter subnet as I wanted to keep the same subnet 192.168.10.0/24 and just roll over from CheckPoint to Fortinet. 
    My current production datacenter gateway (checkpoint) resides on 192.168.10.1/24 with it's own External IP. 100+ ip-sec vpn tunnels communicate through this gateway and happily talk to several servers on the datacenter side (ex. 192.168.10.20, 192.168.10.22,
    etc)
    Since I am preparing to roll over from CheckPoint to Fortinet, I've placed the new gateway in the same datacenter at 192.168.10.2/24, with its own external IP. I've also dropped in a test server at 192.168.10.121 with the gateway pointing to the new Checkpoint.
    It happily gets out to the internet via the new gateway, 192.168.10.2.
    I can get out to the world via each gateway when I am behind my datacenter and I configure the gateways on each server.  And, they can all see each other and communicate within the 192.168.10.X network.
    However, I cannot go from the a Checkpoint tunnel network (ex: 192.168.50.X) go through the CheckPoint datacenter gateway, 192.168.10.1 (via its tunnel) and hit my Fortinet Test server at 192.168.10.121 (fortinet test server gateway set to 192.168.10.2).
     I have the IP statically set in the CheckPoint's DNS server at 192.168.10.20 to 192.168.10.121, but from the 192.168.50.X or any CheckPoint subnet, I can't ping or connect to it.
    Vice-versa, I can go from a fortinet subnet (192.168.195.X) and hit my test server 192.168.10.121.  However, I cannot go from a Fortinet tunnel network 192.168.195.X, go through my new Fortinet datacenter gateway, 192.168.10.2 (via its tunnel), and
    hit any of my CheckPoint-side servers, 192.168.10.20, 192.168.10.22, etc.
    Specifically, all of my scanners at the 100+ sites scan and send via an smtp server within my datacenter (192.168.10.56).  When I deploy the new gateway, the scanner at the office cannot access this IP address to send the email.
    Is there a way to sync two AD/DNS servers within my Datacenter but with different gateways?   In theory, I'd like the request to come in from the outside (whether a checkpoint network or the new fortinet) it will look into its respective AD/DNS and
    point it to the 192.168.10.56 smtp server.
    It does not have to be AD/DNS, but that was the first idea that popped in my head.  I am definitely open to the most efficient and stable method as I have to roll over 100 sites.
    Thank you again!

    Hi Strike First,
     One issue is that we have over 100 remote sites that we are converting from CheckPoint to Fortinet.  And, we do not have the man power to do a single night cutover as these are offices in remote locations.
    I am a little confused on the layout you are proposing:
    Set up fortinet as the backend firewall, point all internal gateways to this backend firewall, then have this firewall NAT through the current CheckPoint firewall?
    Thank you very much for your guidance.

  • ICloud not syncing IE bookmarks from PC

    iCloud not syncing IE bookmarks from PC
    I don't even use IE but since the Firefox app won't open the bookmarks in Safari, I thought I'd just copy my Firefox bookmarks to IE, then use the cloud sync.  (I am syncing and backing up to iCloud, and not my PC)
    I did this all last night: backed up and then synced to iCloud  Another thread  suggested that you shut down IE so I did that. Someone else had suggested on a different thread that un-checking and re-checking the Bookmark check box in the iCloud Control panel would trigger a re-sync...did that all last night in hopes it would sync and it didn't.
    I manually deleted everything in the Safari bookmarks in the Phone that it would allow, but now strangely enough in addition to the "Reading List" and "history" folders, I have TWO "Bookmarks Bar" folders with identical contents.
    So I'm trying to be patient and thought maybe it takes some time for it to re-sync so I left iTunes up and running on the PC overnight...as usual....so I tried again this evening. I still have my old bookmarks on the iPhone (4S), and they've never pulled in.
    Thoughts?

    Gee, I don't know what to tell you....I can open IE, add a folder, resync my iPhone to the iCloud, and the new folder appears. I even tried it while leaving IE open (I had read on another thread that closing it might help, but it had no adverse impact on my ability to sync).
    Well, all I can suggest is to give Safari a try, or use the Firefox app (unfortunately it's a multi-step process to open a link through Safari, but that might not bother you)
    Or, just run through these checkpoints one more time to make sure nothing is missed.
    Are you running Windows 7 or later, and have you downloaded the iCloud Control panel for Windows?
    http://support.apple.com/kb/DL1455
    Do you have Bookmarks turned on in iCloud settings on your iOS device?
    You may have done exactly this, but if not, give this a try (and may help others in the future)
    Deselect Bookmark syncing in the iCloud control panel     on your PC.
    Deselect iCloud Bookmarks on your iOS device. It should     then prompt you to take action with the previously synced bookmarks on     your device. Choose "Delete from my iPhone (or whatever delete option     it gives you).
    Sync manually to the cloud through your iOS device. You should have no bookmarks on your device.
    Now turn everything back on...
    In the iCloud control panel, re-select     Bookmarks/Internet Explorer
    on your iOS device, re-enable iCloud Bookmark Syncing
    Now manually back up your iOS device to iCloud

  • Icloud  not woking

    i cloud notworking

    Gee, I don't know what to tell you....I can open IE, add a folder, resync my iPhone to the iCloud, and the new folder appears. I even tried it while leaving IE open (I had read on another thread that closing it might help, but it had no adverse impact on my ability to sync).
    Well, all I can suggest is to give Safari a try, or use the Firefox app (unfortunately it's a multi-step process to open a link through Safari, but that might not bother you)
    Or, just run through these checkpoints one more time to make sure nothing is missed.
    Are you running Windows 7 or later, and have you downloaded the iCloud Control panel for Windows?
    http://support.apple.com/kb/DL1455
    Do you have Bookmarks turned on in iCloud settings on your iOS device?
    You may have done exactly this, but if not, give this a try (and may help others in the future)
    Deselect Bookmark syncing in the iCloud control panel     on your PC.
    Deselect iCloud Bookmarks on your iOS device. It should     then prompt you to take action with the previously synced bookmarks on     your device. Choose "Delete from my iPhone (or whatever delete option     it gives you).
    Sync manually to the cloud through your iOS device. You should have no bookmarks on your device.
    Now turn everything back on...
    In the iCloud control panel, re-select     Bookmarks/Internet Explorer
    on your iOS device, re-enable iCloud Bookmark Syncing
    Now manually back up your iOS device to iCloud

  • Hard cover flightcase for my Powerbook G4

    can anyone recommend a hardcase for my G4 15" Powerbook? I'm going on holiday soon and if I have to check it because of security issues I want to make sure it is properly protected. Most say I am more than a little worried about putting it through baggage handling
    Many thanks in advance

    Another analogy. This second one is more extreme, but actually seems less caricatured than my first analogy. This is because its premise seems quite likely to happen at some point in time.
    Suppose some individual or some group is caught attempting to circumvent security in the following way: they smuggle explosives through the checkpoints by hiding them in their most notorious of body cavities. Drug smugglers used to pursue this strategy all the time, and probably still do. It's a pretty low-tech strategy, and not so far-fetched that a terror group might try the same thing.
    If this were to happen, does it automatically follow that we should all submit to full-on body cavity searches before boarding the plane? Shouldn't we all be more than willing to allow Homeland Security's TSA to probe our colons? After all, lives are at stake here!
    If this argument doesn't seem ridiculous, then I don't know what does. Yet it follows exactly the same logic as arguments supporting that we should ban fingernail clippers, laptops, or water from airplane cabins. It's just that in this case, it's quite obvious that the cost of anal-probing every passenger is not worth the security benefits thereby garnered. In other cases, the cost/benefit tradeoff deserves some serious thought, and shouldn't be taken lightly.

  • I can call from Branch through Gatekeeper to CUCM. But cannot call from CUCM through Gatekeeper to any Branche.

    Hello All,
    I can Call from any Branch office to CUCM through Gatekeeper. But I cannot call from CUCM through Gatekeeper to any Branch.
    My CUCM version is 9.1.2
    Regards
    Bahlul

    Do you see anything shw up on the debugs on the branch router?
    Check debug h225 asn1 to see if there is a setup coming from the CUCM. If not, that means the CUCM is not receiving the IP address of the branch gateway from the GK. This could mean a config issue on the GK with respect to the branch gateways, or on the UCM.
    Take debug gatekeeper main 10 from the gatekeeper. These debugs will show what's happening on the GK while processing the incoming ARQ from CUCM.
    Also please upload the config of the GK, branch gateway here.
    Hantale
    Sree

  • Gatekeeper unknown destination routing through CUBE

    Hello,
    I'm trying to join two H.323 networks together and I am after some help / advice.
    One of the networks is managed and the other not and therefore external.
    Both networks have an IP-IP Gateway running Gatekeeper and CUBE. The Video devices in each network are registered with the Gatekeeper running the Gatekeeper configuration in their respective networks.
    The problem area is that the two Gatekeepers aren't and can't be peered with each other.
    So for all intents and purposes have two identical video networks that need to talk to each other.
    I have configured the CUBE on both routers.
    So right now if I de-register video device A in Network A from Gatekeeper A. I can then dial the IP address of the CUBE B in Network B followed by the E.164 of video device B using IP+extension dialling and it works.
    Its the same the other way around.
    However what I want to achieve is the same thing but without de-registering video device A.
    What I am trying to achieve is to have Video Device A dial <CUBE-B-IP-Address>##<Device-B-E.164>.
    The signalling goes to Gatekeeper A which doesn't have an entry for it so chooses to send it out to the CUBE gateway. I don't mind if it does this as a video type forward or if it just says I don't know about it so fall back to your routing table so signalling goes point to point.
    I have used the Polycom SE200 before and on them they have a feature whereby if it nor its peers knows about an E.164 it will revert to the routing table. Its basically a way to be able to route the calls to the Internet. I'm after similiar functionality on the IOS Gatekeeper.
    Am I explaining the situation well enough? If anyone can help it would be appreciated!
    Thanks and regards

    RE: the original question, you should be able to dial (from Terminal A) the standard format of [extensionof Terminal B]@[IP of remote CUBE-B] to connect the call.  So long as your firewall is configured for h.323 inspection and re-writing, you should be able to connect and pin up the call.  Note that the call will not egress through CUBE-A -- it will go directly to the firewall and presumably NAT must be setup.  The call also won't resolve using the GK according to my knowledge.  This config will definitely work.
    I believe that ## dialing is a Polycom proprietary method that Tandberg has also implemented in some products for compatability, but Polycom has also backed off from (they now support @ dialing).  You may need to re-educate your users.
    If you want to use the GK and the CUBE, I believe you can setup a service prefix on the CUBE-A registered to the GK-A.  Calls using the prefix will be routed to the CUBE-A, and the CUBE-A can strip the prefix on egress dial-peer, and perform RAS with the CUBE-B to route the call.  This is more a "I think this will work" than a known config.  Your users would need to know the extension of the remote terminal, and you'd need some a priori setup on your CUBE/GK.  I'd be interested in your results if you have the capacity to test.
    RE: joshuamarsh, you can configure the CUBE with a default address if the call arrives with the format [IP address of CUBE external interface].  See this article:
    http://www.cisco.com/en/US/products/sw/voicesw/ps5640/products_configuration_example09186a0080b091e2.shtml
    In the article I believe they suggest forwarding to an IVR, and I would second that recommendation.
    However, users can also dial with the format [endpoint extension]@[external IP of CUBE] like above and make their way directly to an endpoint.  This can be made even easier with ENUM/e.164 detailed here:
    http://www.ciscosystems.com/en/US/products/sw/voicesw/ps5640/products_configuration_example09186a0080ad7b94.shtml

  • Gatekeeper

    Gatekeeper ruined my dashboard development completely. No security certificate for Dashboard Widgets. Here are some tips to fix this:
    “App can’t be opened because it is from an unidentified developer”
    Since OS X Mountain Lion, the Mac defaults to preventing applications from unidentified developers or sources from being launched. You’ll discover the message in OS X 10.8 when you try to launch a Mac app that didn’t come from a verified source or from the Mac App Store, and you’ll get an alert dialog that says “[App name] can’t be opened because it is from an unidentified developer”.
    This new security feature is called GateKeeper, and it doesn’t mean you can’t run those unverified apps on the Mac, you just have to either temporarily skirt the security blanket of GateKeeper, or turn off the app limitations entirely.
    Temporarily Get Around “App Can’t Be Opened” Gatekeeper Alert Message
    This is probably the best option for most users, since it maintains some security:
    Right-click (or control-click) the application in question and choose “Open”
    Click the “Open” button at the next dialog warning to launch the app anyway
    You can do this with any third party app that gives you this warning dialog and open it anyway.
    If you get tired of constantly right-clicking apps to open them, return to pre-Mountain Lion levels of app security by turning off Gatekeepers app verification completely.
    Disable GateKeeper’s Unidentified App Developer Prevention Completely
    This is generally best for advanced users who know what apps to trust and not to trust:
    Launch System Preferences from the Apple  menu
    Choose “Security & Privacy” and then click the “General” tab, followed by clicking the lock icon in the corner to unlock the settings
    Look for “Allow applications downloaded from:” and choose “Anywhere”
    Accept the security warning and allow
    You can now launch any app from any location or developer
    Bypass Gatekeeper in OS X Mavericks with Security Preferences
    Gatekeeper is an application level security feature on the Mac that aims to prevent unauthorized and unidentified apps from being launched in OS X, thereby preventing potential security problems like exploits or trojans from running on a Mac. The feature is most often encountered when an app has been downloaded from the web, and upon attempting to launch the app a warning dialog will prompt the user with a message saying something along the lines of “This app can’t be opened because it is from an unidentified developer“. We’ve covered how you can get bypass that error message on a case-by-case basis by using the right-click “Open” trick, but the latest version of OS X brings another option which may be easier for some users to selectively launch apps and bypass Gatekeeper. This is advantageous because users can continue to retain the strict security preference of leaving Gatekeeper enabled and intact, which is generally recommended.
    Bypass Gatekeeper App Launch Warnings from System Preferences
    This solution is temporary, providing a per-application launch bypass. It does not disable Gatekeeper in OS X.
    Attempt to launch the application inquestion, encountering the normal “can’t be opened” message, then click “OK”
    Launch System Preferences by choosing it from the  Apple menu
    Select the “Security & Privacy” control panel, and go to the “General” tab
    Under the “Allow apps downloaded from:” look for the following message: “appname.app was blocked from opening because it is not from an identified developer.”
    If you trust the application and want to launch it bypassing Gatekeeper, click “Open Anwyay”
    If the “Open Anyway” option is not visible then you likely must unlock the security preferences by clicking the little padlock icon in the corner and entering an administrative password.
    Choosing “Open Anyway” will launch the application in question directly from Security System Preferences, and you’ll be able to use it as normal. This approach is obviously slightly more time consuming than using the right-click Open trick, but it may be advantageous for certain users in select situations.
    Gatekeeper is really aimed at protecting novice and average Mac users, while advanced OS X users who are more comfortable with things may find the warnings to be intrusive or annoying. If you don’t want to receive the warnings at all, you can simply disable Gatekeeper completely through the Security System Preferences by choosing “Anywhere” from the allow apps list.
    This feature was first introduced to the Mac with OS X Mountain Lion, but the “Open Anyway” option inside the Security preferences is new with OS X Mavericks.

    Gatekeeper ruined my dashboard development completely. No security certificate for Dashboard Widgets. Here are some tips to fix this:
    “App can’t be opened because it is from an unidentified developer”
    Since OS X Mountain Lion, the Mac defaults to preventing applications from unidentified developers or sources from being launched. You’ll discover the message in OS X 10.8 when you try to launch a Mac app that didn’t come from a verified source or from the Mac App Store, and you’ll get an alert dialog that says “[App name] can’t be opened because it is from an unidentified developer”.
    This new security feature is called GateKeeper, and it doesn’t mean you can’t run those unverified apps on the Mac, you just have to either temporarily skirt the security blanket of GateKeeper, or turn off the app limitations entirely.
    Temporarily Get Around “App Can’t Be Opened” Gatekeeper Alert Message
    This is probably the best option for most users, since it maintains some security:
    Right-click (or control-click) the application in question and choose “Open”
    Click the “Open” button at the next dialog warning to launch the app anyway
    You can do this with any third party app that gives you this warning dialog and open it anyway.
    If you get tired of constantly right-clicking apps to open them, return to pre-Mountain Lion levels of app security by turning off Gatekeepers app verification completely.
    Disable GateKeeper’s Unidentified App Developer Prevention Completely
    This is generally best for advanced users who know what apps to trust and not to trust:
    Launch System Preferences from the Apple  menu
    Choose “Security & Privacy” and then click the “General” tab, followed by clicking the lock icon in the corner to unlock the settings
    Look for “Allow applications downloaded from:” and choose “Anywhere”
    Accept the security warning and allow
    You can now launch any app from any location or developer
    Bypass Gatekeeper in OS X Mavericks with Security Preferences
    Gatekeeper is an application level security feature on the Mac that aims to prevent unauthorized and unidentified apps from being launched in OS X, thereby preventing potential security problems like exploits or trojans from running on a Mac. The feature is most often encountered when an app has been downloaded from the web, and upon attempting to launch the app a warning dialog will prompt the user with a message saying something along the lines of “This app can’t be opened because it is from an unidentified developer“. We’ve covered how you can get bypass that error message on a case-by-case basis by using the right-click “Open” trick, but the latest version of OS X brings another option which may be easier for some users to selectively launch apps and bypass Gatekeeper. This is advantageous because users can continue to retain the strict security preference of leaving Gatekeeper enabled and intact, which is generally recommended.
    Bypass Gatekeeper App Launch Warnings from System Preferences
    This solution is temporary, providing a per-application launch bypass. It does not disable Gatekeeper in OS X.
    Attempt to launch the application inquestion, encountering the normal “can’t be opened” message, then click “OK”
    Launch System Preferences by choosing it from the  Apple menu
    Select the “Security & Privacy” control panel, and go to the “General” tab
    Under the “Allow apps downloaded from:” look for the following message: “appname.app was blocked from opening because it is not from an identified developer.”
    If you trust the application and want to launch it bypassing Gatekeeper, click “Open Anwyay”
    If the “Open Anyway” option is not visible then you likely must unlock the security preferences by clicking the little padlock icon in the corner and entering an administrative password.
    Choosing “Open Anyway” will launch the application in question directly from Security System Preferences, and you’ll be able to use it as normal. This approach is obviously slightly more time consuming than using the right-click Open trick, but it may be advantageous for certain users in select situations.
    Gatekeeper is really aimed at protecting novice and average Mac users, while advanced OS X users who are more comfortable with things may find the warnings to be intrusive or annoying. If you don’t want to receive the warnings at all, you can simply disable Gatekeeper completely through the Security System Preferences by choosing “Anywhere” from the allow apps list.
    This feature was first introduced to the Mac with OS X Mountain Lion, but the “Open Anyway” option inside the Security preferences is new with OS X Mavericks.

  • Gatekeeper in proxy mode

    Hello,
    i have a gatekeeper configured with a single local Zone ( the remote customers Gateways and my local voip gateways are registered to a single local Zone ), basically my voip network is used for termination issues and most of the carriers sending traffic to my voip gateways don't use a gatekeeper in their implemantation , so i m obliged to have this single local zone on the gatekeeper.
    in order to have an accurate gatekeeper accounting i need to place or configure gatekeeper in proxy mode .
    i m asking if it is possible to use proxy mode for a gatekeeper having only a single Local zone(what i have understood about proxy mode is that it is based on remote zones usage which does not apply to my case because i have only a gatekeeper with one local zone ) , if it is possible how can i do this ? if not , is there any alternate solution (configuring the gatekeeper with more than one local zone and in this case how will be the routing process ..).
    Any Thoughts?
    Thanks for help ,
    Kindest regards,
    Jacob.

    Jacob,
    WIth a single local zone you cannot run the proxy mode, and in my experience proxy mode does not work well with multiple local zones. It is really designed to work with remote zones.
    However as for the billing, if you bill off the gatekeeper in non proxy mode, then you should be able to get the billing information from the gatekeeper. The signalling does not go through the gatekeeper, but at the time of the DRQ it will have sufficient information in there. What specific VSA's are you looking for that you do not get?

  • Gatekeeper Accounting: Logging the IP addresses

    Hi,
    I am using a Cisco 7200 as a gatekeeper and I have setup a RADIUS server to log the calls. The problem is that the gatekeeper is not logging the IP ADDRESSes of the gateways (even for gateways registered to its local zone). It just logs the H323-ID of the gateways belonging to the local zone. Although you can see the IP address of the gateways in the "show gatekeeper calls" command ouput.
    Is there anyway I could configure the gatekeeper to log the IP address of the gateways. Is this done through the GK API? If yes, could anyone explain or give me an example?
    Thanks,
    Hamid

    Since there has been no response to your post, it appears to be either too complex or too rare an issue for other forum members to assist you. If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center (http://www.cisco.com/tac) or speak with a TAC engineer. You can open a TAC case online at http://www.cisco.com/tac/caseopen
    If anyone else in the forum has some advice, please reply to this thread.
    Thank you for posting.

  • Gatekeeper tech/zone match failed

    Hi
    Im a little rusty on gk's hence my post. Basically we have a few h323 endpoints registered to our gatekeeper, the registration is active and all is well for external pstn and IP calling...The problem is receiving external pstn calls to the endpoint. It doesnt connect to the device and forwards the call to our mcu unit. The endpoints do not have isdn connectivity directly, this happens through a dedicated video gateway with a range configured.
    I can see the fault, I ran the command gatekeeper main 10 (see below)
    Feb 14 13:55:10.114: gk_process: SOCKET_EVENT fd (1) event (1)
    Feb 14 13:55:10.114: gk_process_read_event: Recd event from altgk
    Feb 14 13:55:12.746: gk_process: QUEUE_EVENT (minor 0) wakeup
    Feb 14 13:55:12.746: gk_rassrv_arq: arqp=0x45E076F0, crv=0x5F8E, answerCall=0
    Feb 14 13:55:12.746: gk_rassrv_sep_arq: ARQ Didn't use GK_AAA_PROC
    Feb 14 13:55:12.746: gk_dns_query: No Name servers
    Feb 14 13:55:12.746: rassrv_get_addrinfo: (706) Tech-prefix match failed.
    Feb 14 13:55:12.746: rassrv_get_addrinfo: (706) unresolved zone prefix
    Feb 14 13:55:12.746: gk_rassrv_sep_arq: rassrv_get_addrinfo() failed (return code = 0x103)
    Feb 14 13:55:12.750: gk_process: QUEUE_EVENT (minor 0) wakeup
    Feb 14 13:55:12.750: gk_rassrv_arq: arqp=0x473ECF64, crv=0x14A5, answerCall=0
    Feb 14 13:55:12.750: gk_rassrv_sep_arq: ARQ Didn't use GK_AAA_PROC
    Feb 14 13:55:12.754: gk_dns_query: No Name servers
    Feb 14 13:55:12.754: rassrv_get_addrinfo: (706) Tech-prefix match failed.
    Feb 14 13:55:12.754: rassrv_get_addrinfo: (706) unresolved zone prefix
    Feb 14 13:55:12.754: gk_rassrv_sep_arq: rassrv_get_addrinfo() failed (return code = 0x103)
    Feb 14 13:55:16.658: gk_process: QUEUE_EVENT (minor 0) wakeup
    conf
    The get addrinfo does not match the tech-preifx and has a unresolved zone prefix. I changed the e164 to 706 number quickly to test incoming pstn calls and it connected ok, i cant keep the e164 at 706 ( it actually needs to be 3768) - what do i need to change so incoming calls can be handed off direct to the endpoint thus establishing a call?
    Summary with example...e1 with range 6357XX to 6357XX plugged directly into 3526 Cisco gateways which is registered to gatekeeper for call handling. incoming call made to endpoint is 635706 doesnt get matched in gk and hands off to MCU. how do i change this!!!!
    Thanks guys!!!

    Thanks for your Reply!
    I tried to enable the publisher. But i get the following error
    root@sol208:~# pkg set-publisher -e solaris
    pkg set-publisher: Could not refresh the catalog for solaris
    Unable to contact valid package repository
    Encountered the following error(s):
    Unable to contact any configured publishers.
    This is likely a network configuration problem.
    Framework error: code: 7 reason: Failed connect to 172.26.4.174:80; Connection refused
    URL: 'http://172.26.4.174:80'. (happened 4 times)
    root@sol208:~#
    Please help to resolve this.
    Thanks,
    Girish

Maybe you are looking for