MARS: Tweaking rules on subnets internal to firewall to be less sensitive

The MARS alerts are firing as rapidly on the internal networks as they do for external networks. Is there a global command to make the MARS less sensitive to hits from the internal subnets, or does a rule have to be customized? Thanks again.

You could create a MARS drop rule to ignore messages where the src = internal network(s). That is certainly not how I would recommend tuning your environment, but it will cut down on the number of incidents;-) It sounds to me like the devices reporting into MARS could use some tuning.

Similar Messages

  • 500 Internal Server Error  : Servlet error: Security sensitive exception..

    Hi
    Thank you for reading my post.
    i Faced a problem when i tried to run my ADF + BC application on standAlone OC4J version 10.1.3.1.0 .
    I have validation like what i saw before in demos for username length ,etc
    I developed the application in Jdeveloper 10.1.3.1.0 , i deploy it to server from Jdeveloper and now i tried to run it in browser and it return :
    500 Internal Server Error
    Servlet error: Security sensitive exception occured. Please consult application log for details.
    in the browser and
    the cmd console which i used to start the server shows something like :
    F:\oc4j\bin>oc4j -start
    Starting OC4J from F:\oc4j\j2ee\home ...
    2006-09-02 01:11:52.437 ERROR J2EE HTTP-00004 Internal error raised tyring to in
    stantiate web-application: webapp defined in web site OC4J 10g (10.1.3) Default
    Web Site. Application: bc4j does not exist. Error creating Web application: weba
    pp
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Short,null)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Short)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Byte,null)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Byte)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Integer,null)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Integer)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Long,null)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Long)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Float,null)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Float)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Double,null)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(null,java.lang.Double)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ValidatorRule end
    WARNING: [ValidatorRule]{faces-config/validator} Merge(javax.faces.LongRange)
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.DateTime,null
    Sep 2, 2006 1:11:53 AM com.sun.faces.config.rules.ConverterRule end
    WARNING: [ConverterRule]{faces-config/converter} Merge(javax.faces.Number,null)
    06/09/02 01:11:56 Oracle Containers for J2EE 10g (10.1.3.1.0)  initialized
    2006-09-02 01:12:41.093 NOTIFICATION ---- JAZNSecurityContext.getUserPrincipal()
    : NULLthe log file (from j2ee/home/log/oc4j/log.xml ) shows the following :
    <MESSAGE>
      <HEADER>
        <TSTZ_ORIGINATING>2006-09-02T01:11:52.437+03:30</TSTZ_ORIGINATING>
        <COMPONENT_ID>j2ee</COMPONENT_ID>
        <MSG_ID>J2EE HTTP-00004</MSG_ID>
        <MSG_TYPE TYPE="ERROR"></MSG_TYPE>
        <MSG_LEVEL>1</MSG_LEVEL>
        <HOST_ID>sal10000</HOST_ID>
        <HOST_NWADDR>85.9.120.221</HOST_NWADDR>
        <MODULE_ID>http</MODULE_ID>
        <THREAD_ID>10</THREAD_ID>
        <USER_ID>legolas w</USER_ID>
      </HEADER>
      <CORRELATION_DATA>
        <EXEC_CONTEXT_ID><UNIQUE_ID>85.9.120.221:44575:1157146912453:0</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
      </CORRELATION_DATA>
      <PAYLOAD>
        <MSG_TEXT>Internal error raised tyring to instantiate web-application: webapp defined in web site OC4J 10g (10.1.3) Default Web Site. Application: bc4j does not exist. Error creating Web application: webapp</MSG_TEXT>
      </PAYLOAD>
    </MESSAGE>
    <MESSAGE>
      <HEADER>
        <TSTZ_ORIGINATING>2006-09-02T01:12:41.031+03:30</TSTZ_ORIGINATING>
        <COMPONENT_ID>adf</COMPONENT_ID>
        <MSG_TYPE TYPE="TRACE"></MSG_TYPE>
        <MSG_LEVEL>1</MSG_LEVEL>
        <HOST_ID>sal10000</HOST_ID>
        <HOST_NWADDR>85.9.120.221</HOST_NWADDR>
        <MODULE_ID>share.security</MODULE_ID>
        <THREAD_ID>11</THREAD_ID>
        <USER_ID>legolas w</USER_ID>
      </HEADER>
      <CORRELATION_DATA>
        <EXEC_CONTEXT_ID><UNIQUE_ID>85.9.120.221:44575:1157146960593:1</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
      </CORRELATION_DATA>
      <PAYLOAD>
        <MSG_TEXT>Setting JAZN Config property ...</MSG_TEXT>
      </PAYLOAD>
    </MESSAGE>
    <MESSAGE>
      <HEADER>
        <TSTZ_ORIGINATING>2006-09-02T01:12:41.093+03:30</TSTZ_ORIGINATING>
        <COMPONENT_ID>adf</COMPONENT_ID>
        <MSG_TYPE TYPE="NOTIFICATION"></MSG_TYPE>
        <MSG_LEVEL>1</MSG_LEVEL>
        <HOST_ID>sal10000</HOST_ID>
        <HOST_NWADDR>85.9.120.221</HOST_NWADDR>
        <MODULE_ID>share.security</MODULE_ID>
        <THREAD_ID>11</THREAD_ID>
        <USER_ID>legolas w</USER_ID>
      </HEADER>
      <CORRELATION_DATA>
        <EXEC_CONTEXT_ID><UNIQUE_ID>85.9.120.221:44575:1157146960593:1</UNIQUE_ID><SEQ>0</SEQ></EXEC_CONTEXT_ID>
      </CORRELATION_DATA>
      <PAYLOAD>
        <MSG_TEXT>---- JAZNSecurityContext.getUserPrincipal(): NULL</MSG_TEXT>
      </PAYLOAD>
    </MESSAGE>

    please , can any one tell me where is the problem ?
    if i do not use BC in the jsf page it works fine , but when i use drag and drop feature to put a BC form in the page it shows that horribel error.

  • RV220W Access Rules Failing - Requests Answered By Firewall

    I have setup my RV220W with NAT rules and access policies to accept HTTPS and SSH requests on a web server. When I set the policies up the site works fine for a while and then the firewall itself begins to answer the requests instead of forwarding them onto the web server.
    Firewall WAN IP: xxx.xxx.xxx.218
    Subnet Mask: 255.255.255.248
    I have a one to one NAT policy set up this way:
    Private Range Begin: xxx.xxx.xxx.32
    Public Range Begin: xxx.xxx.xxx.219
    Range Length: 1 Service: ANY
    ACL:
    Connection Type: Inbound > LAN
    Action: Always Allow
    Service: HTTPS
    Source IP: Any
    DNAT IP: xxx.xxx.xxx.32
    WAN IP Address: xxx.xxx.xxx.219
    When I make a request to the site the Firewall WAN IP(xxx.xxx.xxx.218) will respond to the request instead of the web server IP (xxx.xxx.xxx.219).
    I need help with this, please.

    Update - I managed to get the firewall to pass the HTTPS requests by changing the remote management port to 60443 and changing the NAT rule from ANY to HTTP and adding access policies for the other ports. The problem now is that the firewall is not always passing SSH traffic.
    Intermittently the firewall accepts the SSH traffic intended to go to the xxx.xxx.xxx.219 on xxx.xxx.xxx.218.
    NAT:
    Private Range Begin: xxx.xxx.xxx.32
    Public Range Begin: xxx.xxx.xxx.219
    Range Length: 1 Service: HTTP
    ACL:
    Connection Type: Inbound > LAN
    Action: Always Allow
    Service: HTTPS
    Source IP: Any
    DNAT IP: xxx.xxx.xxx.32
    WAN IP Address: xxx.xxx.xxx.219
    Connection Type: Inbound > LAN
    Action: Always Allow
    Service: SSH
    Source IP: Any
    DNAT IP: xxx.xxx.xxx.32
    WAN IP Address: xxx.xxx.xxx.219
    I know that it is a bad idea to have SSH open on a public IP, but until I can get IPSEC VPN set up this is necessary. I'm not willing to start with the IPSEC setup until I can get the other rules to be stable.
    One nightmare at a time, please.

  • Select on MARA resulting into # values in internal table for one field

    Hi Team,
    I have written a SELECT statement on MARA table as below.
    TRY.
            SELECT matnr zzwftag FROM mara CLIENT SPECIFIED
              INTO CORRESPONDING FIELDS OF TABLE gt_mara WHERE
              mandt = sy-mandt AND
              zzwftag NE space
              AND zzwftag IS NOT NULL
              AND zzwftag NE '#'
              AND zzwftag NE '%#%'
              AND zzwftag NE '  '
              AND zzwftag NOT LIKE '%/%'(012).
          CATCH cx_sy_dynamic_osql_error.
            MESSAGE 'Error While Fetching Data from MARA'(044) TYPE 'S'(040)  DISPLAY LIKE 'W'(041).
        ENDTRY.
        IF NOT gt_mara[] IS INITIAL.
          DELETE gt_mara[] WHERE zzwftag EQ '#'
          OR zzwftag IS INITIAL
          OR zzwftag EQ space
          OR zzwftag EQ ' '.
        ENDIF.
    Observations: 1. In
    the resulting internal table I am seeing '#' values for fields zzwftag which are actually empty when I see the record in SE11 in MARA(ALV display). It shows '#' in it in SE16 display(We can choose User parameters and hence mode of display in SE11)
    The requirement is to avoid those records where zzwftag is initial i.e. blank. I tried to delete invalid records but to no avail.
    Please suggest any way where I can get the Select correct.
    Regards,
    Amit

    Please do not use so many not conditions in one query....
    Using so many negative conditions results in bad data.
    Instead use delete statements later this would not confuse the system.
    Also if you are using sy-mandt then i think you should not use client specified system will take care of it.
    TRY.
    SELECT matnr zzwftag FROM mara CLIENT SPECIFIED
    INTO CORRESPONDING FIELDS OF TABLE gt_mara WHERE
    mandt = sy-mandt AND
    zzwftag NE space.
    CATCH cx_sy_dynamic_osql_error.
    MESSAGE 'Error While Fetching Data from MARA'(044) TYPE 'S'(040) DISPLAY LIKE 'W'(041).
    ENDTRY.
    IF NOT gt_mara[] IS INITIAL.
    DELETE gt_mara[] WHERE zzwftag EQ '#'
    OR zzwftag IS INITIAL
    OR zzwftag EQ space
    OR zzwftag EQ ' '.
    delete gt_mara[] where zzwflag eq '%#%'.
    ENDIF.

  • Remote app on a different subnet with a firewall?

    Hi
    I am trying to figure out if the Remote app will work across a subnet.  I have a 10.x.x.x subnet where the Remote app client (iPhone) sits and the iTunes server lives on 192.x.x.x.  A firewall sits in between.  I've opened up itunes-server:3689(tcp) and itunes-server:9(udp) from the 10.x subnet because I saw those packets being dropped on the firewall.  After I opened up those ports, I then saw broadcasts to 255.255.255.255:9(udp) being dropped which led me to believe this *would not* work as broadcasts typically are subnet-only.  Has anyone tried something like this?  The Remote app works fine when its on the same 192.x network as the itunes-server, so there's no issues there.  I have a captive portal/guest WiFi network (the 10.x) that I also need to use (the iphone), so that's why the setup.
    Thx.

    Thanks - I obviously missed that in my attempts to RTFM.  This is from the link:
    >>>> To use Remote, make sure your devices are on the same network,
    Guess I need to figure something else out.

  • How to reload firewall rules from command line on firewall ?

    Hi all,
    I am trying to create script that controls firewall on server. OS version is OS X Server 10.5.6.
    Part of firewall rules is created using firewall admin tools, part of Server Admin Tools. My first question is where are those rules stored permanently ? As far as I understood it should be set of ipfw rules but they are not stored in /etc/ipfilter/ipfw.conf.
    Idea of script is this:
    I have set of rules that should be controlled by Server Admin Tools.
    Also, I have some dynamic rules.
    Whenever some change occurs, I created script that does following:
    /sbin/ipfw -f flush - to flush all existing rules
    /sbin/serveradmin stop ipfilter - to stop existing firewall
    /sbin/serveradmin start ipfilter - to restart firewall and reload permanent rules
    Add my set of rules...
    After flushing all rules and issuing stop and start ipfilter none of rules set through Server Admin Tools are not reloaded. So how should I reload them ? How to save them permanently in the first place ?
    Please note that I do not have access to server (for security reasons). I am developing script on my Mac, sending to client and he tests it. So I cannot do a lot of testing.
    Thank you in advance.
    Best regards,
    Dusan

    Unix and Terminal queries are best posted to the Unix forum under OS X Technologies where those mavens frolic.

  • MARS - drop rules

    I have a MARS20 configured to a IPS4240 placed between internet & LAN, and i want to stop my internal network to stop triggering the incidents and stop producing false positive; based on the assumption that my LAN is secure.
    So I have created a drop rule to log to DB, source-192.168.0.0 255.255.0.0, remaining parameters as Any.
    The rule is active, but i still get incidents w source from LAN.
    am i missing something?
    Cash

    did you click "activate"?

  • MARS DROP RULE QUESTION

    When you configure a drop rule, lets say you configure several.  If something happens to the software, is there a way to backup the drop rules that you have created?

    Hi,
    you can configure archiving and if the Mars fails you can restore OS,configurations,events,reports and rules from the archive.
    check archiving configuration for the mars:
    http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/initial/configuration/bckRstrSby.html
    regards
    Gabor
    /vote if it helps/

  • CS-MARS - Drop rule keyword based

    Hi all,
    I need to create a new rule based on a keyword. I'm able to add an inspection rule but not a drop rule. The problem is Cisco MARS is showing up lots of events from a reporting IPS who is blocking that events. In this manner, the IPS is tagging all traffic blocked and when it gets the MARS, I have to open the event to see if it's a real threat or it's just a event blocked by IPS.
    Now, all tagged traffic is matching with my inspection rule but I don't want to see more events from that rule, just log into the database, I mean, the alternate action to "drop" in a drop rule.
    Any idea?
    Thanks a lot.

    Hi Beth,
    Excuse me but I don't understand what you mean with that string. What I'm saying is there's no way to create a drop rule using a keyword. P.e. I want to drop all events from the matching rule called "Password scan" where the keyword "Administrator" is used. You can only apply an action in drop rules, and using a keyword in inspection rules.
    Sorry again if I don't understand what you mean or where apply the regex string you're talking about.
    Thanks a lot.

  • MARS drop rules problem

    Hi All,
    we were receiving lots of false positive, so I've created drop rules in MARS. still it is generating incident, but I am sure drop rule should cover based on source/dest and port number. I've activated, rebooted, but still the same issue.
    any suggestion would be very appreciated.
    Alex

    did you click "activate"?

  • Editing firewall rules: adding ip addresses into firewall rule

    I foud a out to use "netsh advfirewall firewall set rule name = "name" new remoteip=1.1.1.1" for setting an ip address into a rule.
    But how can I add an ip to the rule? In this case I would replace the IP adresses and not add one.
    Background is that I have a firewall rule on my FTP Server to block several ip ranges due normal brute force attacks. This works but I plan to write a program for this to do this automaticly. So I need to append the list.
    Any hints?

    Thank you for the reply.
    Meanwhile I found a way which is ok for me.
    Background:
    I have a public FTP which I want to limit the access to my country only because this would be enough. The advantage of doeing this is that I can avoid bruteforce attacks from other countries (mostly from Asia).
    I wrote a text file with the information which is needed for the netsh. Here I can modify the text.
    In this script I looked for the provider addresses from ripe.net.
    pushd advfirewall
    set store gpo=<policy>
    popd
    pushd advfirewall firewall
    set rule name="FTP (eingehend)" new remoteip=194.25.0.0/16,193.158.0.0/16,193.159.0.0/16,195.145.0.0/16,62.156.0.0/16,195.243.0.0/16,62.157.0.0/16,212.184.0.0/16,212.185.0.0/16,62.158.0.0/16,62.159.0.0/16,62.155.0.0/16,62.154.0.0/16,62.153.0.0/16,62.224.0.0/16,62.225.0.0/16,62.226.0.0/15,217.0.0.0/13,217.80.0.0/12,217.224.0.0/11,80.128.0.0/11,81.28.64.0/20,84.128.0.0/10,87.128.0.0/11,87.160.0.0/11,91.0.0.0/10,79.192.0.0/10,93.192.0.0/10,160.44.0.0/16,164.16.0.0/12,164.32.0.0/15,164.34.0.0/16,195.50.128.0/19,195.50.160.0/19,212.144.0.0/16,145.253.0.0/16,145.254.0.0/16,213.23.0.0/17,213.23.128.0/17,82.82.0.0/15,84.56.0.0/13,88.64.0.0/12,92.72.0.0/13,94.216.0.0/13,188.96.0.0/12,212.59.32.0/19,81.14.128.0/17,89.182.0.0/15,89.182.0.0/15,89.14.0.0/15,77.176.0.0/12,93.128.0.0/13,95.112.0.0/12,151.189.128.0/17,151.189.64.0/18,151.189.0.0/18,80.226.0.0/16,90.186.0.0/15,77.24.0.0/15,193.254.128.0/19,193.254.160.0/20,80.187.0.0/16,88.128.0.0/16,212.23.96.0/19,92.116.0.0/15,188.46.0.0/16,193.100.0.0/15,193.96.0.0/14,193.102.0.0/16,193.103.0.0/16,194.115.0.0/16,194.139.0.0/16,194.172.0.0-194.175.255.255,193.155.0.0/16,195.124.0.0-195.127.255.255,213.68.0.0/16,213.69.0.0/16,213.70.0.0/15,195.90.0.0/19,195.158.160.0/19,212.202.0.0/16,213.160.0.0/19,213.148.128.0/19,217.146.0.0/16,212.60.192.0/18,83.236.0.0/16,84.245.128.0/18,87.193.0.0/16,87.234.0.0/16,92.192.0.0/11,83.169.128.0/18,88.134.0.0/16,91.64.0.0/14,77.20.0.0/14,95.88.0.0/14,188.192.0.0/14,195.80.192.0/19,195.32.128.0/17,212.63.32.0/19,212.5.0.0/19,212.4.160.0/19,212.84.192.0/18,212.110.192.0/19,212.105.192.0/19,194.140.96.0/19,62.145.0.0/19,212.99.128.0/18,212.99.192.0/19,62.206.0.0/16,62.8.128.0/17,217.78.160.0/20,213.217.64.0/18,82.113.96.0/19,89.204.128.0/19,194.97.0.0/16,62.104.0.0/16,195.20.224.0/19,212.227.0.0/16,213.165.64.0/19,217.72.192.0/20,217.160.0.0/16,2.165.0.0/16,87.106.0.0/16,93.122.0.0/17,193.254.128.0/19,193.254.160.0/20,80.187.0.0/16,88.128.0.0/16,172.16.0.0/16

  • MARS - Understanding Rules and Incidents

    I've been doing some testing, trying to develop a detailed understanding of how rules work in CSMARS. I'm getting inconsistent results. Let's assume I have the ability to create the EXACT same event 5 times in CSMARS at 10 second intervals. The only difference in the events is when they are received by CSMARS. The inspection rule is quite simple; look for this event type, count = 1 and time range = 5 minutes.
    The events in CSMARS are always part of the same session. However, sometimes I get just 1 incident that fires right way. Other times I get 2 incidents, one that fires right away and another that fires after the 5 minute time range has elapsed. When there are 2 incidents, the time range for each incident is always from a subset of the events in the session. So for example, the first incident's time range might have a time range from the first 3 events and the second incident would have a time range from the last 2 events.
    The end result though is that I have a single session that triggered the same rule twice. How is this possible?

    V.K. wrote:
    Entire message - contains - pizza
    and
    Entire message - does not contain - burger
    And now I get only the burger stuff
    that's how it should be. I don't understand the problem.
    Then I think you didn't accurately read the description of the problem. If one criterion is "Entire message - does not contain - burger", and the criteria are joined with an "and", then he should not be seeing only messages with "burger" in them.
    evilme, my question for you is, you said "and"... but when editing a Mail rule, it does not use that same language. Where it says "If any/all of the following conditions are met:", does the pop-up menu say "any" or "all"? Can you post a screen shot of the rule settings?

  • Download to excel on grid generates url with Cross Site Scripting Attack

    When we try to download to exell on a grid (8.50.18). The webserver comes back with an automaticly generated url. This url now contains the characters "%0d%0a" (CR/LF
    Our firewall/ proyserver detects this string in the url as a Cross Site Scripting Attack (XSS) and fails to shows the excell.
    This happens in all our environments (so not dependend on the domain name).
    Does anyone know a solution for this problem?

    it seems a known bug, starting from 8.50.14 and solved with 8.50.19 (also in 8.51xx)
    Unfortunately we are on 8.50.18. Its now a bad timing to update our environment.
    It seems that psppr.dll is doing the job but replacing ours with the 8.50.19 one leaves our domains unstartable.
    I guess we have to ask our network techies to make a exception rule in our internal network/ firewall to allow it.......
    Detlev

  • Open firewall Ports despite DENY- ALL access rule

    Hi,
    See below my firewall rules.
    Despite the deny all, runnning nmap from outside still reveals open ports.
    name 202.1.53.41 fw1.outside.irc.com
    interface GigabitEthernet0/0
     nameif inside
     security-level 0
     ip address fw1.inside.irc.com 255.255.252.0 standby 172.16.86.219
    interface GigabitEthernet0/1
     nameif SSN-DMZ
     security-level 0
     ip address 10.20.2.1 255.255.255.0 standby 10.20.2.2
    interface GigabitEthernet0/2
     nameif Outside
     security-level 0
     ip address fw1.outside.irc.com 255.255.255.248 standby NAT-202.1.53.45
    interface GigabitEthernet0/3
     description Internet Access for Wireless clients on the guest network
     nameif GuestInternet
     security-level 0
     ip address 192.168.154.2 255.255.254.0
    interface Management0/0
     nameif management
     security-level 10
     ip address 10.10.200.14 255.255.255.0 standby 10.10.200.15
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 any host WWW.IRC.COM-PRIV
    access-list inside_access_in remark Deny POP3, SSH, TELNET to Deny-Host-Group 172.16.86.246/249
    access-list inside_access_in extended deny object-group DENY-HOST-GROUP object-group DENY-HOST-GROUP-1 any
    access-list inside_access_in remark Allow SMTP external access to Mail Servers group
    access-list inside_access_in extended permit tcp object-group MAIL-GW-GROUP any eq smtp
    access-list inside_access_in remark Deny Any other Users from sending mails via smtp
    access-list inside_access_in extended deny tcp any any eq smtp
    access-list inside_access_in extended deny ip object-group Botnet_Blacklist any
    access-list inside_access_in extended deny ip any SPAM_MACHINE 255.255.255.0
    access-list inside_access_in extended deny ip any host SPAMIP
    access-list inside_access_in extended permit ip object-group Socialsites_Allowed object-group Facebook
    access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_8 any object-group Facebook
    access-list inside_access_in remark Rule to block Internal users from accessing youtube
    access-list inside_access_in extended deny object-group DM_INLINE_SERVICE_9 any object-group YoutubeIPs
    access-list inside_access_in remark Suspected Virus Ports
    access-list inside_access_in extended deny tcp any any object-group DM_INLINE_TCP_17
    access-list inside_access_in remark Ports Commonly used by Botnet and Malwares
    access-list inside_access_in extended deny tcp any any object-group IRC
    access-list inside_access_in remark Allow Access to External DNS to ALL
    access-list inside_access_in extended permit object-group DNS-GROUP object-group DNS-SERVERS object-group External_DNS_Servers
    access-list inside_access_in remark Allow Any to Any on Custom TCP/UDP services
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_12
    access-list inside_access_in remark Allow Any to Any VPN Protocols group
    access-list inside_access_in extended permit object-group VPN-GROUP any any
    access-list inside_access_in extended permit ip any host pomttdbsvr
    access-list inside_access_in remark Allow Access to DMZ from Inside
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_10
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_5 any 10.20.2.0 255.255.255.0
    access-list inside_access_in extended permit tcp any any eq pop3
    access-list inside_access_in extended permit object-group Web-Access-Group any any
    access-list inside_access_in remark DNS RATING SERVICE FOR BLUECOAT SG510 PROXY
    access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_11 object-group DM_INLINE_NETWORK_4 eq www inactive
    access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group DM_INLINE_TCP_3
    access-list inside_access_in remark Yahoo Messenger Test
    access-list inside_access_in extended permit tcp any any object-group YahooMessenger
    access-list inside_access_in extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
    access-list inside_access_in extended permit tcp any any object-group smile
    access-list inside_access_in extended permit udp any host smile.telinet.com.pg object-group smile-udp
    access-list inside_access_in remark testing access for mobile phones behind wireless router
    access-list inside_access_in extended permit ip host Wireless-Router any inactive
    access-list inside_access_in extended permit tcp any any object-group FTP-Service-Group inactive
    access-list inside_access_in extended permit ip host mailgate.irc.com any
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_2 any object-group NTP
    access-list inside_access_in extended permit tcp any any object-group web-email-services
    access-list inside_access_in remark Murray PC
    access-list inside_access_in extended permit ip host 10.100.20.36 any
    access-list inside_access_in extended permit tcp any any object-group Itec-Citrix
    access-list inside_access_in extended permit ip host EP200 any
    access-list inside_access_in extended permit tcp any any object-group TCP-SMTP
    access-list inside_access_in extended permit tcp any host 202.165.193.134 eq 3391
    access-list inside_access_in extended permit ip object-group IT-Servers any
    access-list inside_access_in extended permit tcp any any object-group DM_INLINE_TCP_1
    access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_14 any inactive
    access-list inside_access_in extended permit ip host 10.100.20.23 any
    access-list inside_access_in extended permit tcp host NOC-NMS-CDMA host 202.165.193.134 object-group DM_INLINE_TCP_4
    access-list inside_access_in extended permit tcp object-group DM_INLINE_NETWORK_12 object-group Bluecoat-DNS-Rating eq www
    access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_13 any
    access-list inside_access_in extended permit udp host solarwinds-server any eq snmp
    access-list inside_access_in extended permit tcp host kaikai any object-group test-u inactive
    access-list inside_access_in extended permit tcp any host fw1.outside.irc.com object-group TCP-88
    access-list inside_access_in extended permit udp host solarwinds-server any object-group DM_INLINE_UDP_1
    access-list inside_access_in extended permit ip host IN-WEB-APP-SERVER any
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host KMS-Server any object-group KMS
    access-list inside_access_in extended permit tcp any any object-group TeamVIewer-TCP
    access-list inside_access_in extended permit icmp any any traceroute
    access-list inside_access_in extended permit ip host KMS-Server any
    access-list inside_access_in extended deny ip any host 87.255.51.229
    access-list inside_access_in extended deny ip any host 82.165.47.44
    access-list inside_access_in extended permit ip host InterConnect-BillingBox any
    access-list inside_access_in extended permit icmp any host fw1.outside.irc.com
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in remark For ACCESS MPLS team
    access-list inside_access_in extended permit tcp any host 202.165.193.134 object-group RDP-MPLS-Huawei
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 host mailgate.irc.com any eq domain
    access-list inside_access_in extended permit tcp any host 66.147.244.58 object-group SMTP-26
    access-list inside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 any any object-group Airfiji-SW
    access-list inside_access_in extended permit tcp host chief.bula.irc.com any
    access-list inside_access_in extended permit ip host Avabill86.181 any
    access-list inside_access_in extended permit ip any object-group AVG
    access-list inside_access_in extended permit ip host solarwinds-server any
    access-list inside_access_in extended permit tcp host 172.16.87.219 any object-group TCP-4948
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_10 any host Avabill_Consultant_IP_Sri-Lanka
    access-list inside_access_in extended permit tcp any host 69.164.201.123 eq smtp inactive
    access-list inside_access_in extended permit tcp any any object-group GMAIL inactive
    access-list inside_access_in extended permit tcp any any object-group NOC1
    access-list inside_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list inside_access_in extended permit tcp any host smile.telinet.com.fj object-group tcp-20080-30080
    access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group SIP-5060-5062
    access-list inside_access_in extended permit ip host LYNC-2013-SERVER any
    access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 object-group Lync_Servers any
    access-list inside_access_in extended permit object-group VPN-GROUP host 10.100.20.94 any inactive
    access-list inside_access_in remark Pocket Solutions -TEMP
    access-list inside_access_in extended permit ip host 10.100.20.121 any
    access-list inside_access_in extended permit tcp host John_sibunakau any object-group JohnTESTPort inactive
    access-list inside_access_in extended permit ip host CiscoRadiusTestPC any
    access-list inside_access_in extended permit ip any host HungaryServer inactive
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq ssh
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group itec-support-tcp-udp
    access-list Outside_access_in remark Allow All to NAT Address on SSL/SSH/SFTP(2222)
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_9
    access-list Outside_access_in remark Allow All to Outside On Fujitsu and 777-7778 ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_8
    access-list Outside_access_in remark Allow all to Outside on Custom ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_7
    access-list Outside_access_in remark Allow Inbound HTTP to WWW.IRC.COM
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com eq www
    access-list Outside_access_in extended permit icmp any host fw1.outside.irc.com
    access-list Outside_access_in extended permit object-group TCPUDP any host fw1.outside.irc.com object-group BrouardsGroup
    access-list Outside_access_in remark Allow ALL to RealVNC ports
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group RealVNC-TCP5900
    access-list Outside_access_in remark Allow ALL access to 202.1.53.43 on RealVNC ports
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group RealVNC-TCP5900
    access-list Outside_access_in remark Allow DNS queries from Internet to DNS server
    access-list Outside_access_in extended permit object-group TCPUDP object-group ITEC-Group-Inbound host fw1.outside.irc.com object-group itec-sftp
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group DM_INLINE_TCP_14
    access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_1 host SkyTel host fw1.outside.irc.com
    access-list Outside_access_in remark Telinet/Inomial temp access to test machine M.Orshansky
    access-list Outside_access_in extended permit tcp host 203.92.29.151 host fw1.outside.irc.com eq 3390
    access-list Outside_access_in extended permit tcp any host NAT-202.58.130.43 object-group RDP
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group ITEC-Group-Inbound host fw1.outside.telikompng.com.pg object-group INTEC-Service
    access-list Outside_access_in extended permit tcp host 220.233.157.98 host fw1.outside.irc.com eq ssh inactive
    access-list Outside_access_in extended permit ip any host fw1.outside.telikompng.com.pg
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group CRM
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8010-CRM
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group HTTP-8005-CRM
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any any object-group NTP
    access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 any host fw1.outside.irc.com object-group DNS
    access-list Outside_access_in remark Ultra VNC connection to 172.16.84.34@nadi Exchange
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group UVNC-HTTP
    access-list Outside_access_in extended permit tcp any host fw1.outside.irc.com object-group POP3-SSL
    access-list Outside_access_in extended permit object-group EMAIL-SMARTPHONES any host fw1.outside.irc.com
    access-list Outside_access_in extended permit tcp any host fw1.outside.telikompng.com.pg object-group exchange-RPC
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group exchange-RPC
    access-list Outside_access_in extended permit icmp any host NAT-202.1.53.43
    access-list Outside_access_in remark Access to Solarwinds Management box
    access-list Outside_access_in extended permit tcp any host NAT-202.1.53.43 object-group Solarwinds
    access-list SSN-DMZ_access_in remark Permit DNS Quiries out of DMZ
    access-list SSN-DMZ_access_in extended permit object-group TCPUDP any any eq domain
    access-list SSN-DMZ_access_in remark Allow SQL ports out of DMZ to Host 172.16.86.70
    access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.70 object-group SQL-Group
    access-list SSN-DMZ_access_in remark Allow Custom protocols out of DMZ to host 172.16.86.27
    access-list SSN-DMZ_access_in extended permit tcp any host HOST-172.16.86.27 object-group DM_INLINE_TCP_2
    access-list SSN-DMZ_access_in extended permit tcp host suva-vdc-int2.suva.irc.com host WWW.IRC.COM=PRIV eq 3389
    access-list SSN-DMZ_access_in extended permit object-group Web-Access-Group host WWW.IRC.COM-PRIV any
    access-list SSN-DMZ_access_in extended permit tcp any host WWW.IRC.COM.-PRIV object-group DMZ-WebAccess
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_access any
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_webcon any
    access-list SSN-DMZ_access_in extended permit ip host pomlynedsvr01_AV any
    access-list inside_nat0_outbound extended permit ip any 192.168.254.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWORK_6 host 10.10.200.1
    access-list inside_nat0_outbound extended permit ip any host WWW.IRC.COM-PRIV
    access-list inside_nat0_outbound extended permit ip host ns.irc.com any
    access-list inside_nat0_outbound extended permit ip any 10.200.200.0 255.255.255.0
    access-list Outside_nat0_outbound extended permit ip 192.168.254.0 255.255.255.0 any
    access-list Outside_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
    access-list alcatel-my remark Allow Alcatel-my access to TIRC(1)
    access-list alcatel-my standard permit 172.16.24.0 255.255.252.0
    access-list alcatel-my remark Allow Alcatel-my access to TIRC(2)
    access-list alcatel-my standard permit 172.16.84.0 255.255.252.0
    access-list 131 extended permit ip host MICHAEL any
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 mcr_Management 255.255.255.0
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_5
    access-list management_access_in extended permit object-group Web-Access-Group host 10.10.200.1 any
    access-list management_access_in extended permit ip host 10.10.200.1 host 172.16.87.47
    access-list management_access_in extended permit ip host 10.10.200.1 host IN-WSC
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_8
    access-list management_access_in extended permit tcp host 10.10.200.1 object-group DM_INLINE_NETWORK_3 eq 3389
    access-list management_access_in remark To BlueCaot Appliances
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_1
    access-list management_access_in extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_7
    access-list management_access_in extended permit tcp 10.10.200.0 255.255.255.0 object-group Management_Hosts object-group RDP
    access-list management_access_in extended permit icmp host 10.10.200.1 any traceroute
    access-list management_access_in extended permit ip host 10.10.200.1 host NOC-NMS-CDMA
    access-list management_access_in extended permit object-group DM_INLINE_SERVICE_3 host 10.10.200.1 any
    access-list management_access_in extended permit tcp host 10.10.200.1 any eq ftp
    access-list management_access_in extended permit tcp host bula host 10.10.200.1 object-group RDP inactive
    access-list management_access_in extended permit tcp host 10.100.20.23 host 10.10.200.1 object-group RDP
    access-list management_access_in extended permit ip host 10.10.200.1 any
    access-list management_access_in extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
    access-list management_access_in extended permit ip any any
    access-list management_access_in extended permit ip host 10.10.200.1 host bula inactive
    access-list management_access_in extended permit ip any host solarwinds-server
    access-list management_access_in extended permit ip host solarwinds-server any
    access-list management_access_in extended permit ip object-group PacketFence-Servers 10.10.200.0 255.255.255.0
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 object-group PacketFence-Servers
    access-list management_access_in extended permit ip object-group 3750-Switches host solarwinds-server
    access-list management_access_in extended permit ip 10.10.200.0 255.255.255.0 host 10.10.200.1
    access-list management_access_in extended permit ip host 10.10.200.1 10.10.200.0 255.255.255.0
    access-list Outside_access_in_1 extended permit ip any any
    access-list management_access_in_1 extended permit ip mcr_Management 255.255.255.0 any
    access-list inside-networks remark internal tpng corporate subnetwork
    access-list inside-networks standard permit 172.16.84.0 255.255.252.0
    access-list inside-networks remark dms10
    access-list inside-networks standard permit host 10.10.0.0
    access-list 84-subnet remark 84 subnet
    access-list 84-subnet standard permit 172.16.84.0 255.255.252.0
    access-list 84-subnet remark 4 subnet
    access-list 84-subnet standard permit inside-network-extra-subnet 255.255.252.0
    access-list split-tunnel remark 84 subnet
    access-list split-tunnel standard permit 172.16.84.0 255.255.252.0
    access-list split-tunnel remark 4 subnet
    access-list split-tunnel standard permit inside-network-extra-subnet 255.255.252.0
    access-list split-tunnel remark Access to internal POP3 server
    access-list split-tunnel standard permit host neptune.waigani.telikompng.com.pg
    access-list split-tunnel remark Access to internal SMTP server
    access-list split-tunnel standard permit host minerva.suva.irc.com
    access-list split-tunnel remark Allow access to the 24 subnet
    access-list split-tunnel standard permit 172.16.24.0 255.255.252.0
    access-list split-tunnel standard permit Cisco-VLans 255.255.0.0
    access-list inside_authentication extended permit tcp any object-group DM_INLINE_TCP_11 any object-group DM_INLINE_TCP_13 time-range WorkingHours inactive
    access-list itsupport standard permit NOC 255.255.252.0
    access-list itsupport standard permit 172.16.96.0 255.255.252.0
    access-list itsupport standard permit 10.20.2.0 255.255.255.0
    access-list itsupport standard permit 10.10.200.0 255.255.255.0
    access-list itsupport standard permit 172.16.84.0 255.255.252.0
    access-list itsupport standard permit inside-network-extra-subnet 255.255.252.0
    access-list itsupport standard permit 10.2.1.0 255.255.255.0
    access-list itsupport standard permit 172.16.88.0 255.255.252.0
    access-list itsupport standard permit Cisco-VLans 255.255.0.0
    access-list itsupport remark Access to IT-LAN-UPGRADE Network
    access-list itsupport standard permit IT-NETWORK-NEW 255.255.0.0
    access-list itsupport remark KWU Exchange subnet
    access-list itsupport standard permit 172.16.188.0 255.255.252.0
    access-list itsupport standard permit ATM-Network 255.255.0.0
    access-list global_mpc extended permit ip any any
    access-list management_nat0_outbound extended permit ip any inside-network-extra-subnet 255.255.252.0 inactive
    access-list management_nat0_outbound extended permit ip mcr_Management 255.255.255.0 any
    access-list management_nat0_outbound extended permit ip any object-group DM_INLINE_NETWORK_9
    access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group Management_Hosts
    access-list management_nat0_outbound extended permit ip any 172.16.84.0 255.255.252.0
    access-list management_nat0_outbound extended permit ip any MCR_POM 255.255.255.0
    access-list management_nat0_outbound extended permit ip host 10.10.200.1 object-group DM_INLINE_NETWORK_10
    access-list management_nat0_outbound extended permit ip any Cisco-VLans 255.255.0.0
    access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 host solarwinds-server
    access-list management_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 object-group DM_INLINE_NETWORK_15
    access-list Capture extended permit ip any host 192.118.82.140
    access-list Capture extended permit ip host 192.118.82.140 any
    access-list Capture extended permit ip host 192.118.82.160 any
    access-list Capture extended permit ip any host 192.118.82.160
    a
    access-list inside-network-access-only remark Allow Maggie Talig access to the 84 subnet only
    access-list inside-network-access-only standard permit 172.16.84.0 255.255.252.0
    access-list inside-network-access-only remark Allow Maggie Talig access to the 4 subnet only
    access-list inside-network-access-only standard permit inside-network-extra-subnet 255.255.252.0
    access-list SSN-DMZ_nat0_outbound extended permit ip host WWW.IRC.COM-PRIV object-group Internal-Networks
    access-list inside_nat0_outbound_1 extended permit ip host AVIRUSMAN 192.168.254.0 255.255.255.0
    access-list NETFLOW extended permit tcp any any
    access-list NETFLOW extended permit object-group DNS-GROUP any host fw1.outside.irc.com
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_6 any host fw1.outside.irc.com
    access-list NETFLOW extended permit udp any host fw1.outside.irc.com
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com eq smtp
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group DM_INLINE_TCP_5
    access-list NETFLOW extended permit tcp any host fw1.outside.irc.com object-group TCP-8080
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_4 any host NAT-202.58.130.43
    access-list NETFLOW remark Reverse Proxy Inbound Rules from Internet- Lync 2013 Project - Lync Simple URLs
    access-list NETFLOW extended permit tcp any host 202.58.130.69 object-group DM_INLINE_TCP_6
    access-list NETFLOW remark Lync Edge Access Inbound Rule - Restricting Inbound
    access-list NETFLOW extended permit object-group pomlynedsvr01_access_Outside_to_DMZ any host 202.58.130.66
    access-list NETFLOW remark Lync Edge Outside to Inside for AV Interface
    access-list NETFLOW extended permit object-group pomlynedsvr01_webcon_outside_to_DMZ any host 202.58.130.67
    access-list NETFLOW extended permit object-group pomlynedsvr01_AV_Outside_to_DMZ any host 202.58.130.68
    access-list NETFLOW extended permit object-group DM_INLINE_SERVICE_11 any host NAT-fijiircdata
    access-list NETFLOW extended deny ip host SPAMIP any
    access-list NETFLOW extended deny ip SPAM_MACHINE 255.255.255.0 any
    access-list NETFLOW extended deny ip host 220.233.157.99 any log debugging
    access-list Huawei-Access-Networks remark HUawei-Network-Elements
    access-list Huawei-Access-Networks standard permit 192.168.200.0 255.255.255.0
    access-list Huawei-Access-Networks remark Access to Ela Beach MPLS network
    access-list Huawei-Access-Networks standard permit 10.100.70.0 255.255.255.0
    access-list Huawei-Access-Networks remark Huawei Network elements
    access-list Huawei-Access-Networks standard permit 192.168.210.0 255.255.255.0
    access-list Huawei-Access-Networks remark Huawei network elements
    access-list Huawei-Access-Networks standard permit 192.168.213.0 255.255.255.0
    access-list management_nat0_outbound_1 extended permit ip host solarwinds-server 10.10.200.0 255.255.255.0
    access-list Alcatel-NMS-ACL remark Access allowed to Alcatel NMS devices in NOC
    access-list Alcatel-NMS-ACL standard permit 10.2.1.0 255.255.255.0
    access-list Business-Systems-Access remark Mail Server 1
    access-list Business-Systems-Access standard permit host neptune.waigani.telikompng.com.pg
    access-list Business-Systems-Access remark Mail Server 2
    access-list Business-Systems-Access standard permit host minerva.waigani.telikompng.com.pg
    access-list Business-Systems-Access remark SAP PROD
    access-list Business-Systems-Access standard permit host SAP-SAPPROD
    access-list Business-Systems-Access remark Avabill Application Server
    access-list Business-Systems-Access standard permit host Avabill86.177
    access-list Business-Systems-Access remark Backup Avabill Application Server
    access-list Business-Systems-Access standard permit host Avabill84.170
    access-list Business-Systems-Access remark HRSelfcare
    access-list Business-Systems-Access standard permit host HOST-172.16.86.248
    access-list Business-Systems-Access remark Intranet Server
    access-list Business-Systems-Access standard permit host 172.16.85.32
    access-list IT-Systems-Support remark Access to inside network
    access-list IT-Systems-Support standard permit 172.16.84.0 255.255.252.0
    access-list IT-Systems-Support remark Access to IN netwwork
    access-list IT-Systems-Support standard permit 172.16.88.0 255.255.252.0
    access-list IT-Systems-Support standard permit Cisco-VLans 255.255.0.0
    access-list Systems-XS remark Access to 84 subnet
    access-list Systems-XS standard permit 172.16.84.0 255.255.252.0
    access-list Systems-XS remark Access to .4 subnet
    access-list Systems-XS standard permit inside-network-extra-subnet 255.255.252.0
    access-list Systems-XS remark Access to 10.100.x.x/24
    access-list Systems-XS standard permit Cisco-VLans 255.255.0.0
    access-list Huawei-NOC standard permit 172.16.84.0 255.255.252.0
    access-list Huawei-NOC standard permit Cisco-VLans 255.255.0.0
    access-list Huawei-NOC standard permit HASUT 255.255.255.0
    access-list Huawei-NOC standard permit IT-NETWORK-NEW 255.255.0.0
    access-list efdata remark Allow efdata access to above device as per request by chris mkao
    access-list efdata standard permit 172.16.92.0 255.255.252.0
    access-list test standard permit 172.16.92.0 255.255.252.0
    access-list Ghu_ES_LAN remark Allow efdata access to fij ES LAN
    access-list Ghu_ES_LAN extended permit ip any 172.16.92.0 255.255.252.0
    access-list GuestInternet_access_in extended permit ip any any
    global (inside) 1 interface
    global (SSN-DMZ) 1 interface
    global (Outside) 1 interface
    global (management) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 0 access-list inside_nat0_outbound_1 outside
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (SSN-DMZ) 0 access-list SSN-DMZ_nat0_outbound
    nat (SSN-DMZ) 1 WWW.IRC.COM-PRIV 255.255.255.255
    nat (Outside) 0 access-list Outside_nat0_outbound
    nat (GuestInternet) 1 0.0.0.0 0.0.0.0
    nat (management) 0 access-list management_nat0_outbound
    nat (management) 0 access-list management_nat0_outbound_1 outside
    nat (management) 1 10.10.200.1 255.255.255.255
    static (inside,Outside) tcp interface 10103 mailgate.irc.com 10103 netmask 255.255.255.255
    static (SSN-DMZ,Outside) tcp interface www WWW.IRC.COM-PRIV www netmask 255.255.255.255
    static (inside,Outside) tcp interface smtp mailgate.irc.com smtp netmask 255.255.255.255
    static (inside,Outside) tcp interface telnet HOST-172.16.84.144 telnet netmask 255.255.255.255
    static (inside,Outside) tcp interface pcanywhere-data HOST-192.168.1.14 pcanywhere-data netmask 255.255.255.255
    static (inside,Outside) udp interface pcanywhere-status HOST-192.168.1.14 pcanywhere-status netmask 255.255.255.255
    static (inside,Outside) tcp interface ssh InterConnect-BillingBox ssh netmask 255.255.255.255
    static (inside,Outside) udp interface ntp confusious.suva.irc.com ntp netmask 255.255.255.255
    static (inside,Outside) tcp interface 10002 HOST-172.16.200.121 10002 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10003 HOST-172.16.200.122 10003 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10004 HOST-172.16.41.26 10004 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10005 HOST-172.16.41.27 10005 netmask 255.255.255.255
    static (inside,Outside) tcp interface https Avabill86.181 https netmask 255.255.255.255
    static (inside,Outside) tcp interface 7778 Avabill86.181 7778 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8080 Avabill86.181 8080 netmask 255.255.255.255
    static (inside,Outside) tcp interface 7777 Avabill86.181 7777 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.45 https Avabill86.177 https netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 2222 daywalker.suva.irc.com 2222 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 ftp waigani-pdc-int2.suva.irc.com ftp netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 www neptune.suva.irc.com www netmask 255.255.255.255
    static (inside,Outside) tcp interface 5900 Primary1352CM 5900 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 5900 Backup1352CM 5900 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 https neptune.suva.irc.com https netmask 255.255.255.255
    static (inside,Outside) tcp interface 24 HOST-172.16.86.87 24 netmask 255.255.255.255
    static (inside,Outside) udp interface domain ns.irc.com domain netmask 255.255.255.255
    static (inside,Outside) tcp interface pop3 neptune.suva.irc.com pop3 netmask 255.255.255.255
    static (inside,Outside) tcp interface 7780 Apache-WebServer 7780 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8000 CRM-SERVER2 8000 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8010 CRM-SERVER4 8010 netmask 255.255.255.255
    static (inside,Outside) tcp interface 8005 CRM-SERVER3 8005 netmask 255.255.255.255
    static (inside,Outside) tcp interface 123 confusious.suva.irc.com 123 netmask 255.255.255.255
    static (inside,Outside) tcp interface imap4 neptune.suva.irc.com imap4 netmask 255.255.255.255
    static (inside,Outside) tcp interface domain ns.irc.com domain netmask 255.255.255.255
    static (inside,Outside) tcp interface ftp telitgate.irc.com ftp netmask 255.255.255.255
    static (inside,Outside) tcp interface 5901 uvnc-server 5901 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5801 uvnc-server 5801 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5902 172.16.84.200 5902 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5802 172.16.84.200 5802 netmask 255.255.255.255
    static (inside,Outside) tcp interface 995 neptune.suva.irc.com 995 netmask 255.255.255.255
    static (inside,Outside) tcp interface 993 neptune.suva.irc.com 993 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6001 neptune.suva.irc.com 6001 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6002 neptune.suva.irc.com 6002 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 6004 neptune.suva.irc.com 6004 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6001 minerva.suva.irc.com 6001 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6002 minerva.suva.irc.com 6002 netmask 255.255.255.255
    static (inside,Outside) tcp interface 6004 minerva.suva.irc.com 6004 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 8720 solarwinds-server 8720 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 9000 solarwinds-server 9000 netmask 255.255.255.255
    static (inside,Outside) tcp interface 2055 solarwinds-server 2055 netmask 255.255.255.255
    static (inside,Outside) tcp interface 88 A-10.100.20.250 88 netmask 255.255.255.255
    static (inside,Outside) tcp interface 10000 ns.irc.com 10000 netmask 255.255.255.255
    static (inside,Outside) udp Ext-R2-Outside-Interface 2055 solarwinds-server 2055 netmask 255.255.255.255
    static (inside,Outside) udp Ext-R2-Outside-Interface snmp solarwinds-server snmp netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 135 neptune.suva.irc.com 135 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 3389 BT-DesktopPC 3389 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.65 www IN-WSC www netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.65 https IN-WSC https netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 ssh Avabill86.176 ssh netmask 255.255.255.255
    static (Outside,inside) tcp 10.100.20.36 5432 smile.telinet.com.pg 5432 netmask 255.255.255.255
    static (inside,Outside) tcp interface 222 chief.suva.irc.com ssh netmask 255.255.255.255
    static (inside,Outside) tcp interface 5061 LYNC-2013-SERVER 5061 netmask 255.255.255.255
    static (inside,Outside) tcp interface 5432 10.100.20.36 5432 netmask 255.255.255.255
    static (inside,Outside) tcp NAT-202.58.130.43 182 dadbsvr www netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.69 pomlynrprx01 netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.66 pomlynedsvr01_access netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.67 pomlynedsvr01_webcon netmask 255.255.255.255
    static (SSN-DMZ,Outside) 202.58.130.68 pomlynedsvr01_AV netmask 255.255.255.255
    access-group inside_access_in in interface inside
    access-group SSN-DMZ_access_in in interface SSN-DMZ
    access-group Outside_access_in_1 in interface Outside control-plane
    access-group NETFLOW in interface Outside
    access-group GuestInternet_access_in in interface GuestInternet
    access-group management_access_in_1 in interface management control-plane
    access-group management_access_in in interface management
    route Outside 0.0.0.0 0.0.0.0 Ext-R1-Inside-Interface 1
    route inside 10.2.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.8.0.0 255.255.255.0 VPNGATE 1
    route inside 10.9.254.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.2.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.3.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.4.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.5.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.10.10.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 10.15.100.0 255.255.255.0 fw1.outside.irc.com 1
    route inside Cisco-VLans 255.255.0.0 Cisco7200 1
    route inside VLan20-2F 255.255.255.0 Cisco7200 1
    route inside 10.100.67.0 255.255.255.0 IPVPN-Router 1
    route inside 10.100.74.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.75.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.76.0 255.255.255.0 172.16.86.0 1
    route inside LAE 255.255.255.0 172.16.86.0 1
    route inside 10.100.91.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.110.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.111.0 255.255.255.0 172.16.86.0 1
    route inside 10.100.114.0 255.255.255.0 172.16.86.0 1
    route inside 10.200.200.0 255.255.255.0 Cisco7200 1
    route inside A-10.250.0.0 255.255.0.0 Cisco7200 1
    route inside 10.254.2.0 255.255.255.252 IPVPN-Router 1
    route inside 11.11.3.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.4.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.8.0 255.255.255.0 172.16.86.0 1
    route inside 11.11.9.0 255.255.255.0 172.16.86.0 1
    route inside 20.200.200.0 255.255.255.0 172.16.86.17 1
    route inside inside-network-extra-subnet 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.8.0 255.255.252.0 Cisco7200 1
    route inside 172.16.12.0 255.255.252.0 172.16.86.197 1
    route inside 172.16.24.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside NOC 255.255.252.0 172.16.87.187 1
    route inside 172.16.48.0 255.255.252.0 172.16.84.41 1
    route inside 172.16.52.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.56.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.60.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.64.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.68.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.72.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.76.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.80.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.84.185 255.255.255.255 172.16.86.217 1
    route inside CRM-SERVER1 255.255.255.255 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.88.0 255.255.252.0 Cisco7200 1
    route inside 172.16.92.0 255.255.252.0 Cisco7200 1
    route inside 172.16.96.0 255.255.252.0 172.16.87.172 1
    route inside 172.16.104.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.108.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.112.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.120.0 255.255.252.0 TFIJIG-CORE-INT-ROUTER 1
    route inside 172.16.124.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.128.0 255.255.252.0 172.16.86.185 1
    route inside 172.16.132.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.136.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.140.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.144.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.148.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.152.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.156.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.160.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.164.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.168.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.172.0 255.255.252.0 172.16.87.172 1
    route inside 172.16.180.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.184.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.188.0 255.255.252.0 172.16.86.85 1
    route inside 172.16.188.0 255.255.252.0 Cisco7200 1
    route inside 172.16.192.0 255.255.252.0 172.16.86.194 1
    route inside 172.16.200.0 255.255.252.0 172.16.87.11 1
    route inside 172.16.204.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.208.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.212.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.220.0 255.255.252.0 IPVPN-Router 1
    route inside 172.16.224.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.236.0 255.255.252.0 172.16.87.254 1
    route inside 172.16.240.0 255.255.252.0 TFIJI-CORE-INT-ROUTER 1
    route inside 172.16.248.0 255.255.252.0 IPVPN-Router 1
    route inside 172.17.84.0 255.255.255.224 IPVPN-Router 1
    route inside 172.18.252.0 255.255.252.0 172.16.84.15 1
    route inside 172.20.0.0 255.255.252.0 172.16.87.11 1
    route management 172.20.1.32 255.255.255.240 10.10.200.18 1
    route inside 192.167.5.0 255.255.255.0 172.16.86.42 1
    route inside 192.168.1.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.1.0 255.255.255.0 HOST-172.16.84.144 1
    route inside 192.168.1.96 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.1.128 255.255.255.224 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.2.0 255.255.255.0 172.16.87.192 1
    route inside 192.168.5.0 255.255.255.0 HOST-172.16.84.144 1
    route inside 192.168.11.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.150.0 255.255.255.0 IPVPN-Router 1
    route inside 192.168.200.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.201.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.202.0 255.255.255.0 TFIJI-CORE-INT-ROUTER 1
    route inside 192.168.210.0 255.255.255.0 Cisco7200 1
    route inside 192.168.213.0 255.255.255.0 Cisco7200 1
    route inside 192.168.254.0 255.255.255.0 fw1.outside.irc.com 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    class-map inspection_default
     match default-inspection-traffic
    class-map flow_export_class
     match access-list global_mpc
    policy-map global_policy
     class inspection_default
      inspect dns
      inspect esmtp
      inspect h323 h225
      inspect h323 ras
      inspect icmp error
      inspect ipsec-pass-thru
      inspect mgcp
      inspect rsh
      inspect sip  
      inspect skinny  
      inspect snmp
      inspect tftp
      inspect ftp strict
      inspect icmp
     class flow_export_class
      flow-export event-type all destination solarwinds-server
    policy-map type inspect dns migrated_dns_map_1
     parameters
      message-length maximum 512
    service-policy global_policy global
    smtp-server 172.16.86.16
    prompt hostname context
    Cryptochecksum:24270eebd6c941fb7b302b034e32bba1
    : end

    Hi,
    NMAP gives the report for the first firewall interface it hits. In your case you have allowed tcp any any where it allows all the ports. I have mentioned only one example.... There are many in your case....
    Also NMAP results will be effective once when you directly connect to outside interface or directly on to the outside LAN.
    Regards
    Karthik

  • Settlement rule for several assets but one internal order number

    Hi,
    I have a question regarding the settlement rule for an internal order. I have issued an internal order number to capture costs for a construction project.  When the project is completed how do I update the settlement rule for the internal order to several assets all for different amounts?
    For example an internal order number has collected costs of 150,000.00 for the completion of a building.  When the building is complete and I want to do a final settlement of the internal order.  I have one asset for land improvements for 43,000, another asset for the HVAC system for 33,000 and building costs of 74,000.  When updating the settlement rule I know to create the assets and update the settlement rule with these asset numbers, but I am unclear on how to assign multiple assets with differnt amounts.

    Hi ,
    In the settlement rule , you need to select the Receiver as FXA and then enter the Asset number and then you will have to put the % that you want to settle to .
    Like if you have 100/- Rs. total cost and you want to settle it to 2 assets in 60/- Rs. and 40/- Rs.
    Then you will have to enter 2 line items in settlement rule with diffrent asset numbers and in proportion you will have to say 40 % and 60% , based on which the final settlement would happen .
    So make the proportion changes in the settlement rule accordingly .
    Regards ,
    Dewang T

Maybe you are looking for

  • Lightbox trigger cause crash "out of bound"

    Im trying to extend my portfolio using ligthbox and triggers and was successful until I created a trigger and tried to move it on top of a thumbnail. Whenever I grab this one trigger (the others still work fine) I get a message that says "Invalid loc

  • Problem in choice box

    i have a choice box whic display from 0 to 59. when i cselect the choice box it display from top to bottom of my screen . how will i make it look only 5 items when it displays. here is my code. pls help final ChoiceBox minitueChoice = new ChoiceBox()

  • Connman-ncurses - A simple way to configure connman

    Hi, I wanted to let you know that I made a ncurses front end for connman. If you already had to use connmanctl, well this is much simpler. This is currently in "beta" but basic use cases work (connection, disconnection and network configuration). I w

  • Adobe edge show page only after download all image....

    hi, i have a composition wiht 30 images....when i open page it loads in around 5-6 seconds because adobe edge download all the image and after show the page...i have set immediate preloader that must only download the code and show the page but only

  • User exits in CAT2

    Hello, In short: In CAT2, is there an exit to intervene on the default lines that the system reads from HR master data? My situation is the following: When a user fills in his timesheet in CAT2 and hits ENTER key, the system will match up that line w