Layer 2 connection to a firewall

We have a firewall downstream from our Layer3 switch. If I were to define a port on the switch as a layer 2 port (switchport) and connect one of the fw int to that port, would the IP address of the int on the fw and the IP address of the vlan that the port belongs to have to be on the same subnet?
Thanks...

Hi Greg,
If you were to connect the fw interface to a layer 2 port whether is a L2 or L3 switch you must create a vlan in the switch and place that port in that new vlan for the switchport to reference the fw layer 3 interface-subnet, this is only if that port is currently in a vlan-subnet different from the fw interface subnet.
Remember, access ports operate at layer 2, once you make a switch port a member of a particular vlan is when you have layer 3 interfaces-subnets with their respective vlans defined.
HTH
Jorge

Similar Messages

  • Firefox won't open/connect tp the internet. Explorer opens and connects. Windows firewall turned off. No other antivirus program running. Happened when I downloaded new Firefox update.

    Firefox won't open/connect tp the internet. Explorer opens and connects. Windows firewall turned off. No other antivirus program running. Happened when I downloaded new Firefox update.

    I had the same problem when i dl-ed a new anti-virus softward, but what I did help me reconnect Firefox again!
    Here is what I did,
    Go to open firefox browser-->option-->advanced-->network-->settings-->and change it to auto-detect proxy settings for this network!
    It worked for you, hope it will work for you too =)!
    Cheers

  • HSRP:Layer 2 connectivity is required but in which way?

    HSRP
    We have two multilayer switches and we are gonna make them work HSRP.
    To my knowledge, Layer 2 connectivity between active router and standby router is required for HSRP. (For hello messages, etc)
    Question: Does HSRP work properly if we supply this L2 connectivity by connecting two multilayer switches directly each other using their L2 ports?
    Or do we have to use a third switch for this L2 connectivity?
    PS: please do not concern about end users they have dual ethernet ports to connect to both L3 switches.
    Thanks a lot for answering.

    Hello,
    as you already stated, L2 connectivity is needed for HSRP to operate properly. How you achieve this is not so important - you can use a direct connection or a LAN switch between them.
    From another point of view: your PCs need to be able to send to the active gateway with the same virtual MAC/IP regardless of which L3 sitch is the active one. So your PCs and both, active and standby router need to be in the same VLAN. This VLAN could still span many L2 switches.
    In your case you would most likely setup a trunk between the L3 switches and attach the end users to the same VLAN in each switch. The trunk gives L2 connectivity mainly for proper HSRP operation.
    Just make sure there are no SPT loops across your workstations and that they are setup properly.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • I'm trying to update my ipod touch but every time it downloads its fine until it processes it and it says it has a problem with my connection but my firewall is off?? Please help.

    but every time i try to its fine until it processes it and then it says it has a problem with my connection but my firewall is off?? Please help.

    I'm having the same problem trying to update my iphone 4(Just got a replacement), I also have firewall off...Hopefully someone can help. Mine says error -3259

  • Data Center to Data Center Layer 2 connectivity

    What would be the best way
    to provide layer 2 connectivity between 2 data centers? Sample router configs?
    Thanks!!
    Gary

    What would be the best way
    to provide layer 2 connectivity between 2 data centers? Sample router configs?
    Thanks!!
    Gary
    Hi Gary,
    Data Center to Data Center can be conencted in diffterent ways like point to point link,over the MPLS or some other means and cofniguration all depend on the connectivity what exactly is with your current network setup.
    Check out the below link on Data Center interconnect consideration.
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_493718.html
    Hope to Help !!
    Remember to rate the helpful post
    Ganesh.H

  • Connection of a FireWall

    I have this problem: An application connected to my database (8) normally, but then a FireWall was Installed. Now the application can not insert records into the database.
    What can i do?
    Somebody told to share a port for the connection of the FireWall, the port # 1526, how do i do this?
    Thanx.
    null

    <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by gerson Villatoro ([email protected]):
    I have this problem: An application connected to my database (8) normally, but then a FireWall was Installed. Now the application can not insert records into the database.
    What can i do?
    Somebody told to share a port for the connection of the FireWall, the port # 1526, how do i do this?
    Thanx.<HR></BLOCKQUOTE>
    Sorry, that's not enought, i didn't find a good answer for troblues if firewall when i used sqlnet.
    null

  • RMI Connection Refused through Firewall

    Hi,
    I am having problems making an RMI connection through a firewall. On the server outside the firewall I have my servlet application running in an OC4J container and inside the firewall I have an EJB listening on port 6666. I have setup the firewall to allow connections through on port 6666. If I telnet from the machine outside the firewall on port 6666 I am able to make a connection to the EJB. So I know the firewall has been setup to handle the connection.
    I run the servlet application and when it tries to make the connection it gives an error:
    javax.naming.NamingException: Lookup error: java.net.ConnectException: Connection refused; nested exception is:
    java.net.ConnectException: Connection refused
    When I do a snoop on the external machine to see what data is trying to be sent to the internal machine there is no data. When doing the telnet test there was data.
    I have the same servlet application deployed on a machine internally and it is able to make a connection to the EJB. The only problem is either the configuration of the application server on the external machine or the firewall configuration.
    Anyone able to help me see what I am missing?
    Thanks
    Shawn Clark

    not sure what you mean by having a 'EJB listening' on port 6666. Do you mean actually having a socket listening within the EJB code? If so then that is a suspicious EJB activity.
    If not then i guess you mean the ORMI listening port of the OC4J application. This is normally set on port 23791 to allow the RMI communication to flow.
    -lp

  • Whenever I try to open Firefox it says cannot establish connection, maybe your firewall is preventing us from accessing the web.

    Whenever I try to open Firefox it says cannot establish connection, maybe your firewall is preventing us from accessing the web. Even though I've let Firefox through my firewall, this message still appears. And whenever I try to redownload it, it just says installation failed. It does this with all installations... Is there something wrong with my computer? How do I fix it?

    Sometimes you only disable the user interface of security software, but the firewall or anti-virus services are still running in the background.
    It is possible that your security software (firewall, anti-virus) blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
    Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
    See:
    *https://support.mozilla.org/kb/Server+not+found
    *https://support.mozilla.org/kb/Firewalls
    *https://support.mozilla.org/kb/fix-problems-connecting-websites-after-updating

  • Not able to update row count in Physical Layer..connection failed in OBIEE 11g

    Hi Guys,
    I am not able to do Update Row count in the Physical Layer, i am getting an error The Connection has failed. This is in OBIEE 11g Linux env.
    I have put the tnsnames.ora file in the below path:
    /*****/pkgs/linux/intel/OBIEE_DIT/MW_HOME/Oracle_BI1/network/admin/
    I do not have admin under
    /****/pkgs/linux/intel/OBIEE_DIT/MW_HOME/oracle_common/network/
    But if i put the whole TNS entry in the Data Source Name i am able to connect:
    (DESCRIPTION =(ADDRESS = (PROTOCOL= TCP) (HOST= xxx.xxx.com) (PORT= 1671))(CONNECT_DATA = (SERVICE_NAME = US1OBIEE)))
    I am not able to understand the issue..
    Thanks,
    Amit

    Looks like rpd is looking for local tns config... try to use as hostname:port/ServiceName
    This should work, just in case not working! stop doing so since it is know issue.
    If helps mark

  • Loos connection trougth a firewall between oracle server an client after 10 minutes

    hello,
    i do loos the connection between oracle server an client, because the firewall is between. The firewall will close non active connections an ports after 10 minutes. Only port of one site is clost after 10 minutes then, other site let the port open.
    Shares to the the server do in not loos. Only connection to oracle. What can i do !!!!
    Oracleversion ist 8.0.6
    OS: Windows NT 4.0 and SP5
    Thanks Frank

    I had the same problem and I guess you are also hitting the firewall timeout problem... you can enable Oracle DCD (dead connection detection) by setting sqlnet.expire_time in $ORACLE_HOME/network/admin/sqlnet.ora appropriately. This solution I got from http://asktom.oracle.com.
    I tried setting the expire_time to 50 minutes less than firewall time-out (which is 60 minutes) but it didn't worked, right now i am trying to figure out what else can cause the problem (I am using Oracle connection pool).... but I think above solution may solve your problem
    hello,
    i do loos the connection between oracle server an client, because the firewall is between. The firewall will close non active connections an ports after 10 minutes. Only port of one site is clost after 10 minutes then, other site let the port open.
    Shares to the the server do in not loos. Only connection to oracle. What can i do !!!!
    Oracleversion ist 8.0.6
    OS: Windows NT 4.0 and SP5
    Thanks Frank

  • Ace module dropping assymetric layer 2 connections

    Hi we had a situation in where the ACE would randomly drop certain tcp connections, and all ICMP packets from a certain windows server.  The server in question was using Transmit Load Balancing with Fault Tolerance.
    The server has one Nic connected to Access switch1, and the other nic connected to Access switch2. Each access switch connects up to a pair of 6509's, which is active on Core1 on both switches.
    I am guessing If the server sends on Nic 2, core1 knows it came in on the downstream trunk port to Switch2, it must reply to these packets based on the teamed mac of the layer 3 address(no idea who is arping for the destination - the ace?), and send them back out the downstream trunk port to switch1.  The ace module is in transparent mode.  When contacting a server on the other side of the ace, the ace drop packets that came from the second nic - and I am wondering how it "knows" that the return path is out of different downstream port.  Does it share some kind of layer 2 RPF check with the 6500 ?
    Please note there is no routing involved here.  The destination server is just on another vlan on the same subnet, on the other side of the ace.

    Bryan,
    As long as the server replies back to the ACE the client should only be commmunicating with the VIP address in either of your two examples.
    In your first example the flow will look like this.
    client > VIP after the ACE  client > rserver
    the reply would be
    rserver > client after the ACE VIP > rserver
    In your second example using client nat it will look like this
    Client > VIP   After ACE  Natpool > rserver.
    the reply would be
    rserver > Nat-pool  after ACE VIP > client.
    The ACE by default will always nat the vip to the server ip unless you use the command "transparent" under the serverfarm. When using this command we send the packet to the MAC address of the server leaving the destination IP of the VIP. The server would need to have the VIP address configured under the loopback interface.
    Regards
    Jim

  • Layer 2 connect - data center web hosting

    hi, i need your help!!
    i have data center with the nexus 7000 , i have servers connecting to the cisco 7000 with web servers. my company do hosting for customers.
    the poing that we have shared resources like vmwares on blades and so on.. mean that the ports of the blade are connecting physically to the nexus 7000 with trunk and vlans for every customers.
    my nexus connecting to FW than to WAN stiches than to Routers connecting to the internet so if i asked to to hosting from the internet its easy.
    the problem is now i have cusomer that wants to connect his switch over the wan directly to his area at my datacenter....  we make for him servers that are the same like his servers with the same subnet and he makes replications...
    he dont have router, he connect his switch over wan provider at layer 2 to me..
    should i connect him direcly to my nexus??? with his vlan?? should i need other solution like eompls??? what is the safest way to connect him with layer 2.. and i repeat the problem that our servers are shared between many customers - the same nexus ports, please help!!

    Hello,
    1.PIX is the precursor to the ASA so at this point the ASA is probably a better choice since it'll be around longer plus I'm sure they have beefed up the base hardware compared to the pix.
    2.Your external router is dependant on how much traffic your going to be dropping into your hosting site. A 7200 series router is a fairly beefy router and should be able to handle what you need if your looking.
    3.One of the nice things about the 6500 is you can put a FWSM and segment all your different hosting servers to provide a more granular network control.
    I don't have any case studys but will look around and post them if I find some.
    Patrick

  • Latest version of Firefox can't make a secure connection without disabling firewall, why?

    ''dupe of https://support.mozilla.org/en-US/questions/920138''
    After upgrading to latest Firefox, can't made a secure connection. It spins and either times out or says connection refused. Running PC Tools Firewall and when I disable it, secure connections work. Tried one tip of removing Firefox from firewall list and then re-adding it, but it didn't help.

    A possible cause is security software (firewall) that blocks or restricts Firefox or the plugin-container process without informing you, possibly after detecting changes (update) to the Firefox program.
    Remove all rules for Firefox and the plugin-container from the permissions list in the firewall and let your firewall ask again for permission to get full unrestricted access to internet for Firefox and the plugin-container process and the updater process.
    See:
    *https://support.mozilla.org/kb/Server+not+found
    *https://support.mozilla.org/kb/Firewalls

  • PDM losing connection to PIX firewall

    I'm having this problem if I login to my PIX either a PIX 501 or 506E, the PDM will lose it connection with the PIX after so many minutes. If i go to apply a change or save a config, PDM will tell me it can't communicate with the PIX. I would then have to close my web browser and open a new connection.
    I'm running PIX OS 6.3(5) and PDM 3.0(4) with IE 6, Java 1.6.0 on Windows XP
    Is there anyway to prevent this from happening??

    Hi jghiller,
    Question: should I share the 7520 on al pcs or none at all?
    The printer should not be shared from one computer to another.  Each computer can directly access the printer.
    Question: If I disable my security software firewall, should the printer be found and installed on wireless network OK?
    The firewall can cause problems, but not like they used to.  With this being a current printer, most firewalls should work fine with the printer.
    Dropping from the network:
    There are multiple possibilities.
    1. Try turning off UPnP in the printer embedded web server.  Type the IP of the printer into a web browser to access the EWS.  On the network tab, selecting Networking on the left side and then UPnP.
    2. If your router supports double width data channels, try changing the router to use single width channel.  You will need to access the EWS of the router.  Most routers will say either default or double.  There might be a number listed instead.  Try setting the router to 20Mhz channel width.
    3. Also, setting a static IP for the printer could be a good idea.  That way the printer IP won't change and possibly get lost by the computers.  This setting also appears in the printer EWS.
    Try the HP Wireless Printing Center for tips:
    http://www8.hp.com/us/en/campaigns/wireless-printing-center/overview.html
    I was an HP employee.
    Please mark the post that solves your problem as "Accepted Solution"

  • How do you allow SQL Server 2014 Express for remote connection and in firewall?

    I'm sorry if this was answered here before.
    I installed SQL Server 2014 Express and it is working perfectly. I want my server to be accessed through LAN. It is a named instance.
    I searched the internet and here's what i did:
    1. Through the SQL Configuration manager, I enabled all the Protocols of my Instance (TCP/IP, Named Pipes and Shared Memory). I changed in the IP Addresses the "IP ALL" TCP Dynamic Ports to 1434.
    2. In the Firewall I made an Inbound Rule to allow the Program (%ProgramFiles% (x86)\Microsoft SQL Server\MSSQL12.MyInstance\MSSQL\Binn\sqlservr.exe)
    3. I also made 2 Inbound Rules to allow (TCP/IP Port 1433) and (UDP Port 1434).
    4. Restarted my instance. SQL Server Browser and  SQL Server Reporting Services are also running.
    5. No Luck I cant still access the server using a different computer in the network.
    Please help.

    Hello,
    In Express Edition by default remote connections are disabled, you have to enable it first:
    Configure the remote access Server Configuration Option
    It's always a two way communication, so you have to create also outbound rules, not only inbound, and this on server as well as on client side; see
    Configure a Windows Firewall for Database Engine Access
    Olaf Helper
    [ Blog] [ Xing] [ MVP]

Maybe you are looking for

  • How to apply multiple automator workflows to one file

    Hi everyone, I've set up a few workflow applications to automate the process of making packshots from PDF files. The way those roughly work is they create a temporary copy in a folder, open a Photoshop droplet that executes all the actions on the fil

  • Re-Formatting iPod

    When I first got my iPod, I was using a PC, but now I have switched to a Mac, and would like to re-format my iPod so I can get updates and such. How do I re-format it?

  • Update Manager Setup Wizard

    Dear all, we have installed the Update Manager Client S/W 1.0.10 (ie Patch 121119-16) on our x86 system running Solaris 10 5/08. From the Sun Java Desktop System Launch menu, we choose Applications/ Utilities/Update Manager to start the tool. But aft

  • Checking session data

    I want to require a visitor to visit certain pages on a site in sequence, and thought the easiest way to do this would be to set a session attribute and then check it on any of the following pages. Something like <%session.setAttribute("module", 1);%

  • WHAT ARE EVENTS IN INTERACTIVE LIST ?

    WHAT ARE EVENTS IN INTERACTIVE LIST ? IS THERE A DIFFERENCE BETWEEN INTERACTIVE LIST AND INTERACTIVE REPORT ? BEST REGARDS, RYAN