Inbound vs outbound traffic

I have a 4240 running IPS 6.0. I have an interface in promiscuous mode that is connected to a port that has SPAN enabled on the uplink from a switch to my router. I'm doing some testing and noticed that when using nmap from a host on the same network as the IPS sensor to a host on a remote subnet that requires me to send my traffic through the uplink port in an outbound direction no signatures are triggered. However, if I do the same scan reversing the location of the attacker and victim the sensor immediately picks up the scan and triggers the appropriate signatures. Why would this behaviour occurr and is there a way to change it?
thank you,
Bill

You can define one default gateway for outbound traffic and a list of static routes to the other gateway. Although this won't load balance across the gateways but will definitely work in a gateway failure case. Also this setting will be applicable to all traffic that matches the static routes.

Similar Messages

  • CSS11503 - Inbound and outbound traffic on same virtual interface

    Setup two CSS11503's running 8.10. Running and active/passive config.
    Two groups of servers each with a VIP. Both groups of servers on the same VLAN.
    The VIP's reside on VLAN1 and the servers are on VLAN2
    Problem:
    Servers from one group cannot access the other via it's VIP. Servers cannot access themselves via their VIP as well.
    Can ping the vip's with out a problem.
    I assume that this is because that traffic generated by a client is going in and out of the same interface.
    I have come across similar problems on various firewalls.
    Is there anyway of getting around this.
    Thanks
    Julian

    Julian,
    this is not the same issue as firewall preventing traffic to go in and out the same interface.
    The problem here is that the CSS will receive traffic from Server1, it will nat the vip into Server2 and forward traffic keeping the src ip unchanged.
    So, when Server2 replies, it sends the response to Server1. Since they are on the same subnet, the response bypass the CSS and Server1 receives a response from Server2 which is unknown to Server1 since it expects a response from the Vip.
    The solution is to implement source nat on the CSS for traffic originating from the servers.
    This can be done with a group and an ACL.
    This was discussed many times, so I think you should be able to find a sample config somewhere.
    If you can't let me know.
    Gilles.

  • Logging inbound and outbound connections through my Linksys router

    Hi There,
    I have a  Linksys wireless router (WRT54G series) that I use to connect to the internet with my cable modem. I would like to be able to configure my home network to log inbound and outbound connections through my router. 
    My router, which I bought brand new a couple of years ago, provides some very basic logging through its administration interface.  I can view a current log of very recent (within the past couple of minutes) inbound and outbound connections/traffic.  However, I would like to be able to configure my network to log all inbound and outbound traffic for at least 1 or 2 days and have this log saved somewhere so I can retrieve and review it at a more convenient time.  I haven't been able to figure out how to do this with my current Linksys router and would like some help in configuring my system.
    Is it possible for me to configure (perhaps with a firmware upgrade or even by replacing my older Linksys router with a newer one) my router to continuously log a day or more's worth of inbound and outbound connections?  If this is possible, what changes do I need to implement?  Does Linksys offer a wireless router that has more sophisticated logging capabilities?  What is the longest log period that I can create with a Linksys router?
    If it's not possible to create such a log with my router, then what other components would I need to log this information?  I've thought about setting up a Linux server with two network cards installed to act as a gateway between my router and cable modem which will log traffic.  Would this be a good strategy to implement logging?
    Thanks in advance.
    Tom
    Message Edited by   on 07-28-2007 07:44 AM
    Message Edited by   on 07-28-2007 07:50 AM

    well...the router's in-built log will only provide basic information about the incoming/outgoing log . So, it will be a good idea to install a separate log viewer .....

  • Messages stuck in QRFC inbound and outbound queues by system error

    Hi Experts,
    We faced a big problem in our PI server which stopped all the traffic in the iDoc to File interface. Both the QRFC queues (inbound - SMQ1 as outbound - SMQ2) where stuck by a system error.
    In IDX5 of PI we saw two inbound iDocs on exact the same date/time of creation. Both iDocs are displayed in SXMB_MONI with the status "Canceled - Since Already Processed". The output files of both iDocs are generetad on the outbound side.
    The output files are genereted with a date/time stamp in filename exactly as: "pi_20101106-221812-437.dat" and "pi_20101106-221812-438.dat". So it seems that both processes where running on exact the same time.
    When looking into the system error we see the following details:
    com.sap.engine.interfaces.messaging.api.exception.DuplicateMessageException: Message Id 00505697-181b-1ddf-babd-68f1ac208528(INBOUND) already exists in duplicate check table: com.sap.sql.DuplicateKeyException: [200]: Duplicate key
    This caused that the QRFC queues where both stuck in inbound as outbound with a SYSERROR, so PI stopped and the queues should be reactivated manually.
    Does anybody have some idea of the real cause of this error. We really want to prevent such situation in the future.
    Thanks in advance!
    Best regards,
    Joost

    Hi Joost,
    Are you using an adpater module to avoid the same file name processed by the receiver channel ???
    If this is the case change the filename and retest flow otherwise remove the module (ex: localejbs/AF_Modules/MessageTransformBean - Local Enterprise Bean) from the channel check it whether the file getting processed or not...
    OR...you have an incorrect module configuration in the receiver channel.
    Do not remove the standard SAP module and make sure that you add additional modules before it.
    cheers,
    Ram.

  • How to access a domain server which is targeted by Group Policy set to block Inbound and Outbound connections

    Hi,
    I have a practice lab with two physical servers 2012 R2, one of them is Hyper-V host and one of VMs is a domain controller. I was doeing some exercises with firewall rule deployment through Group Policy, so I created an outbound rule to block port 80 which
    was targeted to Domain Computers. Now my other physical server has inbound and outbound connections set to block and domain controller cannot be contacted to update policy ( with rule removed ). At least that is my understanding. Maybe I messed up something
    with the profiles too, because port 80 would not have block all outband traffic, or?
    I am new to IT so my understanding is still poor.
    Best
    Robert

    Hi Robert,
    If we block inbound connections, all connections that do not have firewall rules that explicitly allow the connection will be blocked.
    If we block outbound connections, all connections that do not have firewall rules that explicitly allow the connection will be blocked.
    If we block outbound TCP port 80, it will mean all websites will be unreachable, for TCP port 80 is for HTTP.
    Regarding Windows firewall security settings, the following article can be referred to for more information.
    Windows Firewall with Advanced Security Properties Page
    http://technet.microsoft.com/en-us/library/cc753002.aspx
    Best regards,
    Frank Shen

  • Redundancy Design Inbound and Outbound

    Please have a look to attached diagram.
    I have 2 parts A & B. Part A already exist and running. We are planning to add Part B as show in the diagram.
    Part A consists of ASA 5540 and 2921 as Edge Router and Microsoft TMG as Web Proxy for internal users
    All other traffic routed to ASA. ASA handles NAT and ACL's
    Objective of adding Part B is to have Redundancy Inbound and Outbound. However, firstly I  want to focus on outbound redundancy then I will move to Inbound Part.
    After adding Part B, TMG will have 3 NIC's. 2 NIC will be connected to ASA's and 1 to internal
    For Web proxy fail over I will configure TMG ISP-R feature. But my concern is for other traffic
    Therefore, please can someone help me what are best possible ways I can use for outbound failover.
    Thanking in advance. I appreciate the help

    Any help, please ?

  • ACE: as firewall and NAT. inbound and outbound originals

    Hi Team,
    This time no load balancing is required.
    Two servers inside (with private IP) need to communicate with clients and servers on the internet. ie, internet client originate inbound traffic to our servers, and also our servers originate connections to some internet servers.
    Both of our servers will work indipendently for this purpose.
    I have a few ideas to mix and match configs in the ACE. (This was originally working with FWSM setup). I would like to hear some sound ideas to acheive this using ACE only as firewall/router. No plan to load balance at present.
    Regards to all
    SS

    Gilles,
    Inbound traffic and the related reply traffic can be handled with normal class-map by defining a VIP with public IP.
    The above real server with private IP is now going to make a different connection to the internet. ie,
    outbound traffic and related reply traffic need handling. (no load balancing planned).
    Detination NAT, Static NAT sounds interesting
    Source NAT, Static NAT sounds interesting. Mixing these sound very interesting!! I'm looking for sample configs please.
    SS

  • JCA for JDE-XE - Looking for more inbound and outbound service examples

    Where can I find more examples using JCA for JDE-XE inbound and outbound service / events.
    Edited by: Channu on Sep 23, 2011 1:37 AM
    Edited by: Channu on Sep 23, 2011 1:37 AM

    Hi Ralf,
    Yes, if you put a deny http, it would drop all packets for destination as http port, but be mindful that when you apply an access-list on your inside interface, it automatically activates the deny ip any any right at the bottom, you would be able to see that in the ASDM. So for the users that need be allowed access to the http, needs to be explicitly allowed http access, so your correct configuration would be:
    access-list inside_access_in deny tcp host 192.168.1.1 255.255.255.255 any eq http
    access-list inside_access_in permit tcp any any
    access-group inside_access_in interface inside
    This would block 192.168.1.1 to go to internet, but allow all others.
    Second question, i haven't chceked the ASDM, but just remember out of memory, that this service option should be the protocol, whether ip,tcp,udp,esp or gre etc.
    Moreover always try to block connections as closed to the source as possible, this would mean, if you want to filter traffic going from inside to outside, that should be done on the inside interface not outside.
    Thanks,
    Varun Rao
    Security Team,
    Cisco TAC

  • Maill.app constant outbound traffic problem

    Hi Guys
    strange issue where mail.app is just sending lots of outbound traffic and saturating my upload bandwidth...
    I can also see its the top ranker in littlesnitch for outbound traffic....
    My desktop appears unaffected...its only my MBP showing this problem. Could this be some sort of syncing issue? It has now been doing it for a while.
    TIA
    Neil

    hmm now its stopped and now i have constant inbound traffic? It obviously a sync of some kind but it took ages and i'm not really sure why it even needed such a large sync?
    Ill see how long it takes to download whatever its downloading and then post the graph for future ref....
    As a note I did do a quick packet capture and it seems to be only communicating with IP addresses registered to apple and it appears to be encrypted using SSL....so im not expecting anything too fishy....such as a virus or spyware

  • How to do debugging for sending inbound or outbound email via ERMS?

    Hi Colleagues,
    I send an email to '[email protected]' with email titile 'CIM: 318238 2013', and want to display inbound email in email assignment block within CIM Service Request 10001503 in ICX. But it fails to be displayed on Web UI. And there is no problem to browse inbound and outbound emails via t-code SCOT as below.
    If I send an email to '[email protected]', there is no problem to display inbound email within one CIM Service Request in ICP as below.
    One related class ZSCL_CRM_ERMS_AH_CIM_CSS=>IF_CRM_ERMS_SERVICE~EXECUTE is used to implement this function, I don't know how to do debugging when sending inbound or outbound email? Could please tell me more detailed steps?
    Kind Regards
    Andie

    Hi Fabian,
    Thanks for your reply.
    How can I add this method ZSCL_CRM_ERMS_AH_CIM_CSS=>IF_CRM_ERMS_SERVICE~EXECUTE to the list in t-code SM50 for doing debugging?
    And another question is that I cannot attach inbound email to CIM Request via ICX email address '[email protected]', but no problem to send inbound email using ICP email address [email protected] as below. Is there any authorization issue for this case?
    Kind Regards
    Andie

  • How to add Total Quantity in Inbound and Outbound Delivery screen

    Hi,
    I want to add Total quantity field in Inbound and Outbound Delivery screens.
    In document flow i can see the line item quantities in ALV Format, but if i select Display the totals above the entry check box
    in Change Layout--> Display, i didn't see any totals displayed.
    Please help me on this?
    Regards
    Bhuvana

    Hi
    If the field is a customer field, see BADI 'LE_SHP_TAB_CUST_HEAD'
    Regards
    Eduardo

  • Sharing Handling Units between Inbound and Outbound Delveries?

    Hello-
    I could use some guidance with how to best setup a handling unit scenario for a Third Party Purchasing process.
    1.) Sales Order for Third Party Purchased Material (Vended Finished Good) is created in ECC.
    2.) Purchase Order is sent to supplier.
    3.) Shipping Label is generated in SAP and is assigned a Handling Unit.  Label is sent to supplier.
    4.) Supplier affixes this label to product and ships it to our warehouse.
    5.) Goods Receipt is performed via Purchase Order (MIGO). 
    6.) Warehousing activities and Post Goods Issue of Outbound Delivery are performed via this label and Handling Unit.
    We would like to do a few new things with this process.
    A.) We would like to have the supplier provide us with the HU on their ASNs and generate a Packed Inbound Delivery from it. 
    B.) We would like the same HU to eventually be associated with the Outbound Delivery to the end customer. 
    Is their a best practice to share a Handling Unit across an Inbound and Outbound Delivery? 
    Is EWM Cross Docking the best way to accomplish this? 
    Are there other proven approaches?
    Thanks for your time and help.
    -Ron

    hi friend
    Handling unit number for identity of packing materail , pallet material carrying the carton ,carton the carrying the  material
    like FG  material and tray
    identification number controlling the handling unit numbers.
    with regards
    dinesh

  • Need IDOC inbound and outbound programs

    hi,
    i am new to xi.
    i want IDOCs , inbound and outbound / function module  programs for    PURCHASE ORDER
    and GOODS RECEIPT.
    ex:  BD10 for material master (matmas01).
    thanks and regards
    v ijender

    for purchase order.
    ORDERS / ORDERS04
    ORDCHG / ORDERS04
    ORDRSP / ORDERS04
    Programs
    RBDMIDOC – Creating IDoc Type from Change Pointers
    RSEOUT00 – Process all selected IDocs (EDI)
    RBDAPP01 - Inbound Processing of IDocs Ready for Transfer
    RSARFCEX - Execute Calls Not Yet Executed
    RBDMOIND - Status Conversion with Successful tRFC Execution
    RBDMANIN - Start error handling for non-posted IDocs
    RBDSTATE - Send Audit Confirmations
    FOr testing you can use WE19.
    and also check the below link
    http://www.erpgenie.com/sapedi/message_types_masterdata.htm
    regards
    kummari

  • SAP inbound and outbound delivey in single shipment document

    Hi
    We are doing outbound and inbound delivery creation in SAP. These are dropped to OTM(oracle transport management system). OTM will create orders for deliveries and groups multiple deliveries into one shipment. This is sent back to SAP for shipment creation. Problem we have is SAP can have either inbound deliveries Or outbound deliveires in a shipment. Based on inbound shipment or outbound shipment in shipment document type. OTM does not has this restriction and can bundle both outbound and inound in single shipment.
    Business scenario we have is multi pick and multi drop, where there is possibility that 1) inbound del from vendor for PO            2) Outbound del to customer for SO and 3) outbound/inbound del for STO from RDC to DC in a single sipment.
    Please advice ow this can be achieved in SAP.
    Best Regards
    Edited by: M.N. Phani Sai on Oct 28, 2010 10:34 AM

    It is not possible to involve both inbound and outbound deliveries in the same shipment. SAP has its deficiencies...
    http://sap.ittoolbox.com/groups/technical-functional/sap-log-wm/inbound-and-outbound-delivery-in-the-same-shipment-3512217
    http://help.sap.com/saphelp_erp60/helpdata/en/f5/04898047bd11d2bf750000e8a7386f/frameset.htm
    You cannot place outbound deliveries and inbound deliveries together in the same shipment document. Nor is it possible to assign Items from a delivery or an inbound delivery to different shipment documents. You must decide at the delivery stage whether order items can be shipped together in one delivery and therefore require only one shipment.
    Edited by: Csaba Szommer on Oct 28, 2010 11:05 AM

  • Seeking recommendations for handling large binary documents with security(preferable) for inbound and outbound scenarios from OSB- SOA and SOA- OSB

    Hi,
    I am currently working on a project with the following requirements
    1. Client transfers binary document (between 1-20MB in size) from OSB proxy to SOA composite to Content Management system
    2. Client retrieves binary document (between 1-20MB in size) from Content Management system to SOA composite to OSB proxy
    In otherwords, a inbound and outbound integration.
    What I have tried so far and my results:
    Scenario A
    1. Enabled MTOM on SOA composite by attaching wsmtom policy
    2. Created an OSB business service and consumed the SOA composite application
    3. Enabled MTOM on OSB proxy and business service and configured it to pass by reference
    Scenario B
    1. Enabled MTOM and security on SOA composite by attaching wsmtom policy and SAML policy
    2. Created an OSB business service and consumed the SOA composite application
    3. Enabled MTOM on OSB proxy and business service and configured it to pass by reference
    I have a demo integration setup that writes a binary document to a file using the above steps. My SOA composite has a file adapter that writes the binary data to an external file and it is exposed as a web service with a simple WSDL definition that has an inline XSD schema with an single element of base64binary type. I have added a mediator that maps this base64binary element node to the file adapter's input node.
    Result for Scenario A with file size less than 1 MB:
    Flawless execution with sub-second response times
    Result for Scenario A with file size of 8MB
    First attempt: SOA composite faults with database transaction related error, solved by increasing JTA timeout
    Second attempt: Flawless execution, but file transfer took over 100 seconds to complete. This is very poor performance and my suspicions are that this cannot be the expected behaviour, but I dont know the internal workings of the SOA composite and why its taking this long.
    Result for Scenario B:
    The OSB business service does not accept/recognize the SAML policy in the WSDL and suggests to configure OWSM policies manually, but OWSM policy in OSB does not have the wsmtom policy. Regardless of this, any permutation of MTOM + WSS security in this integration scenario either did not work outright or MTOM optimization was not happening ie binary data was materalizing in the message body.
    I have only about 3 weeks left to implement a viable solution and the closest ive come to a solution is Scenario A but that +100 second response time for an 8MB file is really worrying.
    I would appreciate any level of guidance, recommendations or suggestions as to how I go about tackling this problem.
    Thanks
    regards,
    Johnny

    I think this is due to the underlying mechanism of weblogic classloading..
    You can contact oracle support @ https://support.oracle.com to report issues. Roughly this is the process .
    1- get the Oracle Customer Support Identifier (CSI) for the client you are working for.
    2- Create a user profile quoting the CSI. This will send an approval request to oracle support admins at your client.
    3- Get the oracle support admins at your client site to approve your request for support access.
    4-Once they approve , you can access the support site and raise service requests.

Maybe you are looking for

  • Iphone 3GS not recognised

    After 6 months without issue and although iPhone is recognised in itunes, each time I connect, the itunes screen states 'An iPhone has been previously synced with this computer'. The only iPhone ever to connect is the one I am trying to connect! Relu

  • My iTunes is not playing any of my music.

    When i click on a song to add it to the play list, my iTunes will jump to another song and then not play any of my music. It doesn't act like it going to play anthing at all.  I've had this issue for two updates.

  • List to release purchase orders

    Hi, In ME28, I am getting full list of pending purchase orders to release, but i am forced to release one by one only. How can i select all or more than one PO to release? Regards, Sattuj

  • Problem with TSNNAMES.ORA

    Hi all, I have a problem with tsnnames.ora file. After i installed obiee and when i careated dsn and when i test it the connection is failed. My OS is windows vista and i cant find the path for the TSNNAMES.ORA in my system. Any help is highly apprec

  • CD Ejects with Error Code 9 - Repair Disk Permissions Greyed Out

    History: Superdrive 815CA Ejects Blank CD's to be burned w/ Error Code 9 Exact Text: The Operation Could not be completed an unexpected error occured(error Code 9) The CD Ejects, but the Ghost Icon of the CD image would stay Plays previously burnt CD