Howto allow all inbound traffic on 678?
I have a 501 behind a 678 (CBOS 2.4.6) The 678 does not allow inbound connection by default. How can I config the 678 to simply terminate the ADSL and allow all traffic both in and out, so that I can let the 501 do all the access control?
Try:
http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/products_user_guide_book09186a008007ce34.html
http://www.cisco.com/en/US/products/sw/netmgtsw/ps528/prod_release_note09186a00800eac45.html
Similar Messages
-
RV110W Blocks all inbound traffic
I have a RV110W that's been in service since Dec 2012. All Everything is working fine except every month or so the firewall starts blocking all inbound traffic. It does not respond to remote management access. If I reboot the firewall (pwr off/on) everything works correctly for the next month or so and then it begins blocking all inbound traffic again. Local access to the Internet and VPN tunneling are not affected. When it's working, all my rules and port forwarding work correctly. Anybody seen this before?
Hi David,
Please call the Small Business Support Center and speak with an engineer. The phone numbers for the support center is located here: https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport -
Pix501: allow all incoming smtp to one host and all smtp out from one host only
I have a pix501 and I have a mail server. What I would like to do is ensure that smtp traffic from the web only goes to my mail server and that my mail server is the only machine on my local network that can send to the internet on port 25. This is to secure the possibility of bots on my childrens PCs spamming other users. The mail server has been relay secured for selected PCs only.
To the pix501; I think the following is what I need, but would like somebody to confirm or correct me:
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list inbound permit tcp any host x.x.x.x eq smtp
access-list outbound permit tcp host x.x.x.x ant eq smtp
access-group inbound in interface outside
access-group outbound in interface inside
Most important:
1. Have I got the access-lists right? Does pix501 support host x.x.x.x (ip of local webserver 192.168.x.x)
2. Are the access lists the right way around?
3. Is the access-group setup right?
4. Is there anything else that needs doing/
Any help appreciated.
Note: I am a Cisco newbie and trying to learn,Thanks for that information.
I thought about this some more, after seeing your response, and I was wondering; if I only want to restrict smtp outbound traffic, but allow all other traffic, would the following work, as I dont have to allow each specific port/ip address:
access-list outbound permit tcp host 192.168.1.3 any eq smtp
access-list outbound permit tcp host 192.168.1.36 any eq smtp
access-list outbound deny tcp any any eq smtp
access-list outbound permit udp any any
access-list outbound permit tcp any any
I realise that this would open all sorts of other security risks, but at least trojans/worms will not be able to spam from PCs other than those listed as per the first 2 lines ( which is my major concern at the moment). As I learn more about the traffic on my network I can block more undesirable ports.
Sorry to be a pain, but this could be useful to other and the more complete the setup, the easier it will be for them. -
NAC Server still in "Fallback: Allow All" state
Hi Guys,
i have a strange behaviour under my NAC Server.
Today I saw that my NAC Server is in Fallback: Allow All state and the CAM is in Manager: DEAD but
in the CAM web administration i can access that CAS.
The CAS can ping the CAM too.
there are two things that were changed in the last month.
The CAM was moved to other city and they are using a 2MB link connection between them.
The IP Address of the CAM was changed.
I've checked my link connection between them because my CAM is in a different city of the CAS but my link is in 50% load.
Does anyone know any possibilitie to solve this?Hi,
Are you using ip based certs or domain name? Also make sure when you do an nslookup that the CAS is able to resolve the ip address of the CAM. Also check your firewall and make sure that you are allowing all ip traffic between the CAS and the CAM.
Also check yoru certs on the CAM and make sure that they havent expired. Are you using a standalone CAM and CAS setup are are they in failover configuration?
Thanks,
Tarik -
RV016 Router Allow All Traffic For Outside IP
Hi,
I need to configure the firewall to allow all traffice for an IP address of a sever. What steps in the router do i need to configure this? This is a cloud based voip server and we have IP phones and we need to add an IP address of the phone server to allow all traffic for that IP.
thanks.Hi Jonathan,
I have a similar problem with VOIP traffic being dropped by my new RV016 v3 router.
I have created one Firewall Rule, to allow ALL traffic from the external VOIP PBX provider (single IP) to connect to the internal VOIP phones, which have assigned addresses in a small IP Address range (eg. 10.1.2.50 - 10.1.2.59)
The Aastra VOIP phones continually loose their registration wtih the cloud-based PBX. If you make an outgoing call, it will work, but the PBX will lose connection with the phone, 3 or 4 minutes after you hang up, and will mark it as offline. Incoming calls made within the 3 or 4 minutes will get through, but after that they go right to voicemail on the PBX system.
We used to have an RV016 v2 router and VOIP traffic worked OK, with a similar Firewall Rule. We replaced the v2 router because its CPU crashed.
I tested the VOIP traffic with a WRT160 router with minimal Firewall Rules, and it works OK, as long as SIP-ALG is turned Off. We want to use the RV016 because it provides a larger number of ports for our LAN.
Any suggestions ?
Kirk -
Firewall Allow all traffic on lan
Is there a way to make a firewall rule to allow all traffic on en1? I have my ip ranges set to allow all traffic, but I still have to turn the firewall off for DHCP to give IP addresses to new devices on the network.
dtich wrote:
thx dean, yes, i had certainly looked at the log, which shows these entries:
Nov 11 21:49:25 north-knoll-server ipfw[8789]: 65534 Deny UDP 169.254.14.242:138 169.254.255.255:138 in via en0
but i have no idea where 169xxx is, nothing on my lan... if the port is 65534, that's an ftp passive port, tried opening that, doesn't solve the problem. if the port is 138, that's netbios, which would be odd, but i tried opening that too. nothing doing. can't figure it out. and the log really isn't helping too much.
traceroute gives me:
traceroute to 169.254.14.242 (169.254.14.242), 64 hops max, 40 byte packets
1 169.254.14.242 (169.254.14.242) 0.593 ms 0.504 ms 0.195 ms
so, i guess that's some internal address that my router uses or something..?? wacky. i'm out of my depth here.
if i allow 169.254.x.x, i still get no joy.
mean anything else to you?
yeah, 169.254.x.x is part of the zeroconf net address range. (See http://en.wikipedia.org/wiki/Zeroconf for more details)
Not sure why the device in particular is trying port 138 unless it's Windows box maybe? Is en0 on your local network or external? -
Firewall blocks Airplay (even under 'allow all traffic')
Hi every body,
I am somewhat at the end of my knowledge. I have a mac mini server running Lion 10.7.2 server. Interestingly, my the server's firewall blocks
a) all airplay traffic and
b) 'reading Airport confirguration' requests
even when the firewall is set to 'allow all traffic'. However, when I completely switch it off, everything works just fine.
Any help would really be appreciated.
Thanks a lot.
Nonresidentalien
P.S. I have also tried to open ports 80 (t), 443(t), 554 (t/u), 3689(t), 5297(t), 5289(t/u), 5353(u), 49159(u) and 49163(u) with no successPointing to the IPv6 thread was a good idea. After reading it, I found out that the firewall preferences in Server Admin only show you IPv4 related firewall rules.
There is a terminal command that allows you to play with IPv6 rules. And by doing so, I was actually able to get AirPlay working again.
First, you want to show you the current IPv6 firewall rules. In my case they looked like this (10.7.2):
reptilehouse:~ sascha$ sudo ip6fw show
01000 285 96163 allow ipv6 from any to any via lo0
01100 66 5750 allow ipv6 from any to ff02::/16
65000 0 0 deny ipv6 from any to any
65535 6 306 allow ipv6 from any to any
As you can see, rule number 01100 only allows traffic to the local subnet, while the next rule (65000) blocks anything else. So you want to get rid of 65000:
reptilehouse:~ sascha$ sudo ip6fw delete 65000
To confirm, show the rule table again and you should see 65000 is gone:
reptilehouse:~ sascha$ sudo ip6fw show
01000 285 96163 allow ipv6 from any to any via lo0
01100 66 5750 allow ipv6 from any to ff02::/16
65535 6 306 allow ipv6 from any to any
Mind you, the rule numbers could be different on your system and you could see more or less rules. But you get the idea.
What I don't know if whether this is sticky, e.g. survives a reboot. -
Block all incoming traffic and Active FTP
Will setting the firewall to Block all incoming traffic break Active FTP Connections?
The firewall will normally dynamically create exceptions for the Connection using the Application Layer Gateway, but will the profile override these?Hi TribleTrouble,
Do you have any issue about FTP active mode?
If the clients are part of your domain, push the FTP firewall rules via GPO to your clients allowing FTP inbound sockets
netsh advfirewall firewall add rule name="File Transfer Program" protocol=TCP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
netsh advfirewall firewall add rule name="File Transfer Program" protocol=UDP profile=domain Program=C:\Windows\System32\ftp.exe dir=in action=allow
For Windows 7, the entire networking stack was rewritten and several security measures were taken to further secure Windows.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Performance issue after allowed ICMP in traffic rule
Hi All,
Today I am facing new problem in NAC environment. as per the cisco documents, I allowed all mentioned ports, fragments and ICMP to the DCs. but after enable the ICMP desktop pc is hanging on "applying computer settings" stage. If I disable ICMP rule we don't have this issue.
if anyone have any idea regarding this issue pleas share me.
here is the config
Priority
8
Action
Allow Block
State
Enabled Disabled
Category
ALL TRAFFIC IP IP FRAGMENT
Protocol
CUSTOM.. TCP UDP ICMP ESP AH
Type
ALL dst_unreachable echo echo_reply info_request info_request_reply parameter_problem redirect source_quench time_exceeded time_stamp time_stamp_reply
Untrusted (IP/Mask:Port)
/ : (ex: "*", "21,1024-1100", "1024-65535")
Trusted (IP/Mask:Port)
/ : (ex: "*", "21,1024-1100", "1024-65535")
Bandwidth
Description
Thank you
LaxmanFaisal,
sorry for wrong snap-shot, here is the exact snapshot of my config.
Thank you
Laxman -
Inbound traffic alert (ESET) - Application: System
I have a MacBook Pro (Retina, 15-inch, Mid 2014) running OS X Yosemite 10.10.2
I have installed ESET Cyber Security Pro a while ago, and an inbound traffic alert just popped up. "A remote computer is attempting to communicate with an application running on this computer. Do you wish to allow this communication?"
The application involved is "System", local port is TCP 8770. The remote computer is fe80::4c8d:97ff:feb4:5d8d, remote port is 56398.
I am still new to Mac, and therefore I'm not sure if I should allow or block. I thought that it might be system updates, but not too sure about that so I'd rather wait for an answer before proceeding.Port 8770 is used for the Digital Photo Access Protocol, which in the case of a Mac means sharing of photos. I'm not sure exactly how this port is used in Yosemite, but you can bet this is just another Mac or iOS device on your local network querying your Mac to see if it is sharing any photos. It is very unlikely that you have a network configuration that would even allow a truly "remote" computer to connect to yours over the internet.
ESET is wasting your time here. Uninstall it, and see my Mac Malware Guide for more information about protecting yourself from malware.
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.) -
Nexus1000v local SPAN can't capture inbound traffic
hi all,
I just configured local SPAN on nexus1000v (version 1.3d).
local SPAN source and destination is on same VEM.
my config is like below:
monitor session 3
source interface Vethernet13 both
destination interface Vethernet170
destination interface Vethernet36
no shut
SPAN session is up.
But we can't see any inbound traffic to the source VM.
(10.16.185.4,5,6 is the IPs of SPAN source)
[root@davidzhangRHEL ~]# tcpdump -i eth1
tcpdump: WARNING: eth1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
11:46:07.644551 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta ndby group=1 addr=10.16.185.1
11:46:07.654771 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act ive group=1 addr=10.16.185.1
11:46:07.961735 IP 10.16.185.6.https > 10.16.184.196.50254: S 3897896960:3897896 960(0) ack 1838046824 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329579 2654766205>
11:46:07.962955 IP 10.16.185.6.https > 10.16.184.196.50254: R 1:1(0) ack 2 win 0
11:46:10.644950 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta ndby group=1 addr=10.16.185.1
11:46:10.657615 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act ive group=1 addr=10.16.185.1
11:46:11.081231 IP 10.16.185.5.https > 10.16.184.197.58538: S 1850399261:1850399 261(0) ack 3055844595 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329891 2654662655>
11:46:11.081970 IP 10.16.185.5.https > 10.16.184.197.58538: R 1:1(0) ack 2 win 0
11:46:11.957381 IP 10.16.185.5.https > 10.16.184.196.42161: S 1862096740:1862096 740(0) ack 970410175 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329978 2 654770202>
11:46:11.958705 IP 10.16.185.5.https > 10.16.184.196.42161: R 1:1(0) ack 2 win 0
11:46:12.089401 IP 10.16.185.6.https > 10.16.184.197.45604: S 2733719434:2733719 434(0) ack 3290215780 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74329992 2654663683>
11:46:12.090735 IP 10.16.185.6.https > 10.16.184.197.45604: R 1:1(0) ack 2 win 0
11:46:12.956018 IP 10.16.185.6.https > 10.16.184.196.50302: S 2275642708:2275642 708(0) ack 3286673454 win 8192 <mss 1460,nop,wscale 8,sackOK,timestamp 74330078 2654771200>
11:46:12.956838 IP 10.16.185.6.https > 10.16.184.196.50302: R 1:1(0) ack 2 win 0
11:46:13.552716 IP 10.16.185.4.61913 > 10.2.222.111.5723: P 3867141198:386714222 3(1025) ack 4146771556 win 508
11:46:13.645770 IP 10.16.185.3.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=sta ndby group=1 addr=10.16.185.1
11:46:13.654427 IP 10.16.185.2.hsrp > 224.0.0.2.hsrp: HSRPv0-hello 20: state=act ive group=1 addr=10.16.185.1
11:46:13.817143 IP 10.16.185.4.61913 > 10.2.222.111.5723: . ack 180 win 508
1000v# module vem 12 execute vemcmd show span
VEM SOURCE IP NOT CONFIGURED.
HW SSN ID DST LTL/IP ERSPAN ID HDR VER
0 68 local
1000v# show monitor internal errors
1) Event:E_DEBUG, length:96, at 163774 usecs after Thu Sep 22 15:12:17 2011
[102] eth_span_phy_if_init_runtime_info(1051): im_get_ifindex_span_mode_list returned 0x40e30005
2) Event:E_DEBUG, length:96, at 684704 usecs after Thu Sep 22 15:12:04 2011
[102] eth_span_phy_if_init_runtime_info(1051): im_get_ifindex_span_mode_list returned 0x40e30005
anybody any suggestion. Your help is highly appreciated.Hi Michael,
Thanks. You are correct. We are able to see outbound traffic from SPAN source but not inbound traffic to SPAN source.
Note: I have done vmotion for the SPAN source and SPAN destination virtual machines.
Please see the below output which you requested.
1000v# show monitor session 1
session 1
type : local
state : up
source intf :
rx : Veth13
tx : Veth13
both : Veth13
source VLANs :
rx :
tx :
both :
filter VLANs : filter not specified
destination ports : Veth170 Veth36
1000v#
show monitor internal info session 1
Session 1 info:
FSM state: SESSION_STATE_OPER_ACTIVE
State reason: 0
*** ADMIN DATA ***
Session state: NO SHUT
Ingress sources
phy if: Veth13
port ch:
vlans:
Egress sources
phy if: Veth13
port ch:
vlans:
Destinations:
Veth170, Veth36
PSS source list:
Veth13
PSS destination list:
Veth170, Veth36
*** RUNTIME DATA ***
hw_ssn_id: 0
destination index: 0x4fa3 (multicast di)
oper rx: Veth13
oper tx: Veth13
oper dest: Veth170, Veth36
oper dest for di: Veth170, Veth36
programmed rx: Veth13
programmed tx: Veth13
programmed dest: Veth170, Veth36
programmed dest for di: Veth170, Veth36
programmed filter rx:1500
programmed filter tx:
Lock Info: resource [Session ID(0x1)]
type[0] p_gwrap[(nil)]
FREE @ 97236 usecs after Sun Sep 25 12:14:25 2011
type[1] p_gwrap[(nil)]
FREE @ 580143 usecs after Tue Sep 27 01:53:06 2011
type[2] p_gwrap[(nil)]
FREE @ 520203 usecs after Sun Sep 25 12:48:23 2011
0x1
Use lock event history for more details
1000v# terminal length 0
1000v# show monitor internal info interface vethernet 13
Interface info:
if_index: 1c0000c0
source for ssn 1, src_dir 3
state: up
layer: 2
mode: access
Access vlan: 1500
Interface is not in switchport monitor mode
No Entries in SDB for if_index 0x1c0000c0
1000v# show monitor internal info interface vethernet 36
Interface info:
if_index: 1c000230
destination for ssn 1
state: up
layer: 2
mode: access
Access vlan: 1500
Interface is not in switchport monitor mode
The port is MISCONFIGURED, being not span destination but used as such
No Entries in SDB for if_index 0x1c000230
1000v# show monitor internal info interface vethernet 170
Interface info:
if_index: 1c000a90
destination for ssn 1
state: up
layer: 2
mode: access
Access vlan: 1500
Interface is not in switchport monitor mode
The port is MISCONFIGURED, being not span destination but used as such
No Entries in SDB for if_index 0x1c000a90
1000v# show interface virtual | egrep "(13|36|170)"
Veth13 Net Adapter 1 VM451 11 esx905
Veth36 Net Adapter 4 VM510 11 esx905
Veth113 Net Adapter 2 VM808 12 esx902
Veth130 Net Adapter 1 VMSDE449 12 esx902
Veth131 Net Adapter 3 VM809 10 esx904
Veth132 Net Adapter 2 VMSDE449 12 esx902
Veth134 Net Adapter 2 VM510 11 esx905
Veth135 Net Adapter 2 VM511 8 esx901
Veth136 Net Adapter 2 VM465 9 esx903
Veth137 Net Adapter 1 VM472 11 esx905
Veth138 Net Adapter 3 VM470 10 esx904
Veth139 Net Adapter 3 VM472 11 esx905
Veth151 Net Adapter 1 VMSDE436 11 esx905
Veth152 Net Adapter 2 VMSDE436 11 esx905
Veth170 Net Adapter 2 RHEL5 11 esx905
1000v# module vem 11 execute vemcmd show port
LTL IfIndex Vlan Bndl SG_ID Pinned_SGID Type Admin State CBL Mode Name
8 0 3969 0 32 32 VIRT UP UP 4 Access
9 0 3969 0 32 32 VIRT UP UP 4 Access
10 0 1513 0 32 7 VIRT UP UP 4 Access
11 0 3968 0 32 32 VIRT UP UP 4 Access
12 0 1514 0 32 8 VIRT UP UP 4 Access
13 0 1 0 32 32 VIRT UP UP 0 Access
14 0 3971 0 32 32 VIRT UP UP 4 Access
15 0 3971 0 32 32 VIRT UP UP 4 Access
16 1a0a0000 1600 T 307 0 32 PHYS UP UP 4 Trunk vmnic0
18 1a0a0200 616 T 306 2 32 PHYS UP UP 4 Trunk vmnic2
19 1a0a0300 1 T 305 3 32 PHYS UP UP 1 Trunk vmnic3
20 1a0a0400 1 T 305 4 32 PHYS UP UP 1 Trunk vmnic4
21 1a0a0500 1600 T 307 5 32 PHYS UP UP 4 Trunk vmnic5
23 1a0a0700 1 T 304 7 32 PHYS UP UP 1 Trunk vmnic7
24 1a0a0800 1 T 304 8 32 PHYS UP UP 1 Trunk vmnic8
25 1a0a0900 616 T 306 9 32 PHYS UP UP 4 Trunk vmnic9
48 1b0a0000 1500 0 32 3 VIRT UP UP 4 Access VM510 ethernet3
49 1b0a0010 620 0 32 9 VIRT UP UP 4 Access VM510 ethernet2
pvlan isolated 616 620
50 1b0a0020 1500 0 32 4 VIRT UP UP 4 Access VM510 ethernet1
51 1b0a0030 1620 0 32 0 VIRT UP UP 4 Access VM480 ethernet2
pvlan isolated 1600 1620
52 1b0a0040 620 0 32 2 VIRT UP UP 4 Access VM480 ethernet1
pvlan isolated 616 620
53 1b0a0050 1502 0 32 3 VIRT UP UP 4 Access VM480 ethernet0
54 1b0a0060 1509 0 32 4 VIRT UP UP 4 Access fiserv-f5 ethernet2
55 1b0a0070 620 0 32 9 VIRT UP UP 4 Access fiserv-f5 ethernet1
pvlan isolated 616 620
56 1b0a0080 1512 0 32 7 VIRT UP UP 4 Access fiserv-f5.eth0
57 1b0a0090 1620 0 32 5 VIRT UP UP 4 Access VM459 ethernet2
pvlan isolated 1600 1620
58 1b0a00a0 620 0 32 2 VIRT UP UP 4 Access VM459 ethernet1
pvlan isolated 616 620
59 1b0a00b0 1501 0 32 3 VIRT UP UP 4 Access VM459 ethernet0
60 1b0a00c0 620 0 32 2 VIRT UP UP 4 Access VM476 ethernet2
pvlan isolated 616 620
61 1b0a00d0 1501 0 32 4 VIRT UP UP 4 Access VM476 ethernet1
62 1b0a00e0 1620 0 32 0 VIRT UP UP 4 Access VM476 ethernet0
pvlan isolated 1600 1620
63 1b0a00f0 620 0 32 2 VIRT UP UP 4 Access VM451 ethernet3
pvlan isolated 616 620
64 1b0a0100 1620 0 32 5 VIRT UP UP 4 Access VM451 ethernet2
pvlan isolated 1600 1620
65 1b0a0110 1500 0 32 3 VIRT UP UP 4 Access VM451 ethernet0
66 1b0a0120 1620 0 32 0 VIRT UP UP 4 Access VMSDE440 ethernet1
pvlan isolated 1600 1620
67 1b0a0130 1508 0 32 4 VIRT UP UP 4 Access VMSDE440 ethernet0
68 1b0a0140 1509 0 32 3 VIRT UP UP 4 Access VM501 ethernet0
72 1b0a0180 1620 0 32 0 VIRT UP UP 4 Access VMSDE436 ethernet1
pvlan isolated 1600 1620
73 1b0a0190 1508 0 32 3 VIRT UP UP 4 Access VMSDE436 ethernet0
74 1b0a01a0 620 0 32 2 VIRT UP UP 4 Access VM477 ethernet3
pvlan isolated 616 620
75 1b0a01b0 1620 0 32 5 VIRT UP UP 4 Access VM477 ethernet1
pvlan isolated 1600 1620
76 1b0a01c0 1501 0 32 3 VIRT UP UP 4 Access VM477 ethernet0
77 1b0a01d0 1620 0 32 0 VIRT UP UP 4 Access VMSDE434 ethernet1
pvlan isolated 1600 1620
78 1b0a01e0 1508 0 32 4 VIRT UP UP 4 Access VMSDE434 ethernet0
79 1b0a01f0 1620 0 32 5 VIRT UP UP 4 Access VM454 ethernet3
pvlan isolated 1600 1620
80 1b0a0200 620 0 32 9 VIRT UP UP 4 Access VM454 ethernet2
pvlan isolated 616 620
81 1b0a0210 1501 0 32 4 VIRT UP UP 4 Access VM454 ethernet0
82 1b0a0220 1620 0 32 0 VIRT UP UP 4 Access VM815 ethernet1
pvlan isolated 1600 1620
83 1b0a0230 1507 0 32 3 VIRT UP UP 4 Access VM815 ethernet0
87 1b0a0270 1620 0 32 0 VIRT UP UP 4 Access VMSDE405 ethernet1
pvlan isolated 1600 1620
88 1b0a0280 1509 0 32 3 VIRT UP UP 4 Access VMSDE405 ethernet0
89 1b0a0290 1620 0 32 5 VIRT UP UP 4 Access VMSDE424 ethernet1
pvlan isolated 1600 1620
90 1b0a02a0 1509 0 32 3 VIRT UP UP 4 Access VMSDE424 ethernet0
91 1b0a02b0 620 0 32 9 VIRT UP UP 4 Access VM472 ethernet2
pvlan isolated 616 620
92 1b0a02c0 1620 0 32 0 VIRT UP UP 4 Access VM472 ethernet1
pvlan isolated 1600 1620
93 1b0a02d0 1500 0 32 4 VIRT UP UP 4 Access VM472 ethernet0
94 1b0a02e0 1508 0 32 4 VIRT UP UP 4 Access VMSDE431 ethernet1
95 1b0a02f0 1620 0 32 5 VIRT UP UP 4 Access VMSDE431 ethernet0
pvlan isolated 1600 1620
96 1b0a0300 1620 0 32 0 VIRT UP UP 4 Access VM496 ethernet2
pvlan isolated 1600 1620
97 1b0a0310 1501 0 32 3 VIRT UP UP 4 Access VM496 ethernet1
98 1b0a0320 1500 0 32 4 VIRT UP UP 4 Access VM496 ethernet0
99 1b0a0330 1620 0 32 5 VIRT UP UP 4 Access VM510 ethernet0
pvlan isolated 1600 1620
100 1b0a0340 1500 0 32 4 VIRT UP UP 4 Access RHEL5 ethernet1
101 1b0a0350 1512 0 32 8 VIRT UP UP 4 Access RHEL5.eth0
102 1b0a0360 1620 0 32 0 VIRT UP UP 4 Access VM452 ethernet3
pvlan isolated 1600 1620
103 1b0a0370 620 0 32 2 VIRT UP UP 4 Access VM452 ethernet2
pvlan isolated 616 620
104 1b0a0380 1500 0 32 3 VIRT UP UP 4 Access VM452 ethernet0
304 16000028 1 T 0 32 32 VIRT UP UP 1 Trunk
305 16000029 1 T 0 32 32 VIRT UP UP 1 Trunk
306 1600002a 616 T 0 32 32 VIRT UP UP 4 Trunk
307 1600002b 1600 T 0 32 32 VIRT UP UP 4 Trunk
1000v# module vem 11 execute vemcmd show span
VEM SOURCE IP NOT CONFIGURED.
HW SSN ID DST LTL/IP ERSPAN ID HDR VER
0 4408 local
1000v# -
FSE Marking ALL Inbound Email as Spam due to Content
New installation. All inbound mails are marked as Spam by Cloudmark for Content. From anyone: Yahoo, Gmail, Hotmail, O365... all mail(even when testing from the Edge server itself to itself by telnet 127.0.0.1 25).
New, greenfield installation:
Windows Server 2012 DC's, Windows Server 2012 functional level
Exchange 2013 All roles (CAS/Mailbox) on Windows Server 2012
Exchange 2010 Edge Server with Forefront Protection for Exchange 2010 on Windows 2008R2
Cloudmark engine is updating successfully and shows today's date as the version.
ALL emails inbound
Logs show:
When I set Forefront to stamp and continue processing (it goes into junk mail): "FSE Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,9"
When I reject: "FSE Content Filter Agent,OnEndOfData,RejectMessage,550 5.7.1 Message rejected due to content restrictions,SclAtOrAboveRejectThreshold,9,v=2.1 cv=M6V0dUAs c=0 sm=1 tr=0 p=PdbawN1DAAAA:8 a=mFs5E60Zd2Jof9JknIyuNg==:117 a=dOjwkhujJHM2b/QMFULrXQ==:17
a=nDghuxUhq_wA:10 a=UzMy6eNlxVsA:10 a=pGLkceISAAAA:8 a=1XWaLZrsAAAA:8"
When I quarantine: "FSE Content Filter Agent,OnEndOfData,QuarantineMessage,550 5.2.1 Content Filter agent quarantined this message,SclAtOrAboveQuarantineThreshold,9,v=2.1 cv=ep3mkOZX c=0 sm=1 tr=0 p=PdbawN1DAAAA:8 a=WkljmVdYkabdwxfqvArNOQ==:117 a=8rjiAUXplIkA:10
a=YaFYD9Hhv54A:10 a=uBmvdUkjAAAA:8"
Messages are simply "This is a test" messages.
Product appears to be activated.Hi
I think you have encountered a problem that all of incoming mails were treated as SPAM. The information that you provided indicates that these mails were marked as SCL rating 9 which will be deleted, rejected or
quarantine . However, normal mails should be mark as SCL-1 and these mails usually can be forwarded.
Please check the configuration with following steps:
What are the allow words or block words you defined before ?
How did you dispatch SCL rating for different mails ?
How were the mails treated in each SCL rating
You are able to get more information about “SPAM content filter” by the link below:
Understanding Anti-Spam and Antivirus Mail Flow
http://technet.microsoft.com/en-us/library/aa997242.aspx
Configuring spam filtering
http://technet.microsoft.com/en-us/library/dd441022.aspx#contentf
Microsoft Forefront Protection 2010 for Exchange Server
http://technet.microsoft.com/en-us/library/cc482977.aspx -
Good morning - I have an issue that has happened twice - and I need some advice. I have a 4506 running version 12.2(46)SG. We recently encountered an issue where I BELIEVE the issue to be IPV6 sending out a broadcast storm, and completely flooded the core switch - bad enough that I couldn't even console into the device. After removing all connections that were plugged in when the switch went down. After everything was back up, we found that it was a laptop with ipv6 enabled - exactly the same scenario as last time. What we found after the first incident was that a faulty NIC driver caused the ipv6 broadcast storm.
At any rate, as we do not use IPv6 for anything at all, I want to block all IPv6 traffic. I know there are different ways to do it, but I'm reaching out to see what ideas you may have also...
Thx in advance for any input!Joel,
If VACLs with IPv6 ACLs are supported on your platform then I would probably use VACLs, as they allow a filter to be applied flatly to the entire VLAN. Your other option would be to configure per-port ACLs which is cumbersome and bloats the configuration unnecessary.
With IPv6 ACLs, be sure to block ICMPv6 explicitly. As far as I remember, some ICMPv6 messages are allowed even if they are not explicitly permitted in the ACL (usually the RD and ND messaging).
If your platform allowed filtering all incoming packets by MAC ACLs, yet another way would be to use VACLs with MAC ACLs, blocking all traffic with the EtherType of 0x86DD. However, newer platforms apply MAC ACLs only to non-IP traffic so they would have no effect on frames carrying IPv6 packets. You need to consult the documentation to your device.
In any way, VACLs would be my personal preferred choice at this point.
Best regards,
Peter -
My school has a web filter that prevents me from accessing any website I want to at school, and I want to get past it.
I know, from experience, that I can use a program called Ultrasurf to get around this, though it requires me to use IE, and is inconvenient.
I want to know if it's possible to configure the proxy settings on Firefox (and some on my modem/router, and/or computer at home), in order to direct all my traffic through my router at home, similarly to how one would use a proxy.
If so, how is this possible?
(I'm relatively experienced with computers, but have very little programming, and other complex knowledge of the workings of these things)
At home, my computer is running 64 bit Windows 7, has 4 GB of RAM, a 2.1GHz Intel Core 2 Duo processor, and can be turned on and online 24/7, such that if necessary, it can direct traffic sent to it.
My router/modem at home is (I believe) a Westell 327W, I can get more information by looking at it later if necessary.
At school, as of last year (and probably the same this year), the computers run Windows XP, and I am able to run programs installed on a flash drive on them, though cannot actually install programs on the computers themselves.
I'll be using whatever the latest (not beta) version of Firefox Portable exists when I return to school in a week.My school has a web filter that prevents me from accessing any website I want to at school, and I want to get past it.
I know, from experience, that I can use a program called Ultrasurf to get around this, though it requires me to use IE, and is inconvenient.
I want to know if it's possible to configure the proxy settings on Firefox (and some on my modem/router, and/or computer at home), in order to direct all my traffic through my router at home, similarly to how one would use a proxy.
If so, how is this possible?
(I'm relatively experienced with computers, but have very little programming, and other complex knowledge of the workings of these things)
At home, my computer is running 64 bit Windows 7, has 4 GB of RAM, a 2.1GHz Intel Core 2 Duo processor, and can be turned on and online 24/7, such that if necessary, it can direct traffic sent to it.
My router/modem at home is (I believe) a Westell 327W, I can get more information by looking at it later if necessary.
At school, as of last year (and probably the same this year), the computers run Windows XP, and I am able to run programs installed on a flash drive on them, though cannot actually install programs on the computers themselves.
I'll be using whatever the latest (not beta) version of Firefox Portable exists when I return to school in a week. -
Question
WHEN I GO TO PRIVACY SETTINGS AND CLICK ON EXCEPTIONS AND TYPE IN A WEB ADDRESS TO ALLOW ALL THE TIME IT DOES NOT SAVE IT THE NEXT TIME I SIGN ON TO FIRE FOX IT IS LOST. IT WORKS FINE ON MY DESKTOP BUT NOT ON MY LAPTOP THAT I JUST BOUGHT in English.I just updated my whatsapp...clicked on whatsapp in appstore and now can access my whatsapp
Maybe you are looking for
-
Mi I Pod shows me that I need to plug it in to I Tunes. When I do I get a pop up stating that I need to enter my passcode in order to do so. Unfornuately my I pod Touch won't give the option to do so. Any suggestions anyone?
-
How can I delete preinstalled apps in iOS 8?
The iOS 8 terms and conditions state: "If you do not wish to use a Preinstalled App, you can delete it from your iOS Device at any time." [1] However, I am unable to delete the Newsstand app or other preinstalled apps from my iOS device. Why? [1] las
-
Wired switch not recognized by Airport Extreme
I recently found that my wired Linksys 4 port switch quit sending data to my Airport Extreme. The lights that referenced the connections in the back were on steady (all the lights). I tried rebooting the APE and depowering the switch to no avail. I f
-
Does the DVI connection carry sound as well as vision when connected to an external monitor with speakers
-
Can we change datatype without deleting records ?
Hi all ; Without deleting records in a table , can we change datatype in oracle 10g and 11g ? SQL> desc emp Name Null? Type NO NUMBER NAME