Problem creating Network ACL for a ROLE in Oracle 11gR2
According to Oracle Documentation when you create a new Network ACL you can add privileges to a user or role. I need to create a new ACL for the UTL_SMTP package for a specific role, but when I granted it the users who have that role are still getting the "ORA-24247: network access denied by access control list (ACL)" error when they try to send an email. If I grant the ACL privilege to the same users directly it works fine. Is there any step I'm missing? This is the test I have made on my Solaris 10 - Oracle 11gR2 (11.2.0.3) Standard Edition server:
SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 21 09:31:52 2013
Copyright (c) 1982, 2010, Oracle. All rights reserved.
SQL> CONNECT system/******@testdb
Connected.
SQL> SET LINES 1000
SQL> SELECT * FROM v$version;
BANNER
Oracle Database 11g Release 11.2.0.3.0 - 64bit Production
PL/SQL Release 11.2.0.3.0 - Production
CORE 11.2.0.3.0 Production
TNS for Solaris: Version 11.2.0.3.0 - Production
NLSRTL Version 11.2.0.3.0 - Production
SQL> COLUMN host FORMAT A20
SQL> COLUMN lower_port FORMAT 99999
SQL> COLUMN upper_port FORMAT 99999
SQL> COLUMN acl FORMAT A40
SQL> COLUMN acl FORMAT A40
SQL> COLUMN principal FORMAT A15
SQL> COLUMN privilege FORMAT A10
SQL> COLUMN is_grant FORMAT A8
SQL> COLUMN status FORMAT A10
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
no rows selected
SQL> CREATE USER testacl IDENTIFIED BY testacl;
User created.
SQL> GRANT CONNECT TO testacl;
Grant succeeded.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL connect true
After creating this ACL I test it like this:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
HOST LOWER_PORT UPPER_PORT PRIVILEGE STATUS
localhost 25 25 connect GRANTED
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
PL/SQL procedure successfully completed.
SQL>
This works fine and I receive the email correctly. Now if I try to do the same thing for a role:
SQL> CONNECT system/******@testdb
Connected.
SQL> BEGIN
2 dbms_network_acl_admin.drop_acl('test_smtp.xml');
3 commit;
4 END;
5 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
no rows selected
SQL> CREATE ROLE testacl_role;
Role created.
SQL> GRANT testacl_role TO testacl;
Grant succeeded.
SQL> ALTER USER testacl DEFAULT ROLE ALL;
User altered.
SQL>
SQL> BEGIN
2 dbms_network_acl_admin.create_acl('test_smtp.xml','TEST SMTP ACL','TESTACL_ROLE',true,'connect');
3 dbms_network_acl_admin.assign_acl('test_smtp.xml','localhost',25);
4 commit;
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
localhost 25 25 /sys/acls/test_smtp.xml
SQL> SELECT acl,principal,privilege,is_grant FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT
/sys/acls/test_smtp.xml TESTACL_ROLE connect true
SQL>
And now I test it again with the same user:
SQL> CONNECT testacl/testacl@testdb
Connected.
SQL>
SQL> SELECT host, lower_port, upper_port, privilege, status FROM user_network_acl_privileges;
no rows selected
SQL> DECLARE
2 c utl_smtp.connection;
3 BEGIN
4 c := utl_smtp.open_connection('localhost', 25); -- SMTP on port 25
5 utl_smtp.helo(c, 'localhost');
6 utl_smtp.mail(c, 'Oracle11.2');
7 utl_smtp.rcpt(c, '[email protected]');
8 utl_smtp.data(c,'From: Oracle'||utl_tcp.crlf||'To: [email protected]'||utl_tcp.crlf||'Subject: UTL_SMTP TEST'||utl_tcp.crlf||'');
9 utl_smtp.quit(c);
10 END;
11 /
DECLARE
ERROR at line 1:
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at "SYS.UTL_TCP", line 17
ORA-06512: at "SYS.UTL_TCP", line 267
ORA-06512: at "SYS.UTL_SMTP", line 161
ORA-06512: at "SYS.UTL_SMTP", line 197
ORA-06512: at line 4
SQL>
I'm aware that role privileges doesn't apply inside procedures, functions or packages by default, but this is an anonymous block so it should use the active roles for the user. I also tried adding a "dbms_session.set_role('TESTACL_ROLE');" at the beggining of the anonymous PL/SQL block but I got the same access error.
Thanks in advance for any help you can give to me on this question, it would be very hard to grant the ACL to all the individual users as they are more than 1000, and we create more regularly.
Thanks for your quick reply... I don't have a problem creating the basic ACL with the privileges granted for a user. The problem appears when I try to create an ACL with privileges for a ROLE. You can see here http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_networkacl_adm.htm#BABIGEGG than the official Oracle documentation states that you can assign the ACL principal to be a user or role:
Parameter
Description
acl
Name of the ACL. Relative path will be relative to "/sys/acls".
description
Description attribute in the ACL
principal
Principal (database user or role) to whom the privilege is granted or denied. Case sensitive.
My issue is that when I try to create the ACL for a role it doesn't work.
Have you ever created an ACL for a role? if so please send me an example or let me know which step I might be missing. Cheers.
Similar Messages
-
Creating Network homes for Users in AD
I am trying to create some Network Homes to use for our Macs on campus. I have created the share and everything, but when I go to "Create Home Now" inside of Workgroup Manager it always gives me an error. The error is very generic so I am not sure what it means. All of our Users are stored in AD and OD just authenticates through AD. Is this a problem? Can you not create network homes for AD users?
Here is the error I get in Console when I try:
3/8/11 8:44:37 AM Workgroup Manager[49785] void -[UserVolumesPluginView(PrivateMethods) gotServerError:forTransaction:](UserVolumesPluginView*, objc_selector*, objc_object*, XSAdminTransaction*): got error kGotAuthenticationFailure from request (null) -
Network ACL for two specific ports
As far as I can tell there is no way to set Network ACLs such that only two specific ports are available. I'm using Oracle 11gR2.
I'd like a HTTP port and an SMTP port open for the local loopback address. These are ports 7777 and 25. It's my understanding that you can have only one ACL per host. While it seems you can create more, any additional ACL's for the same host don't always work as expected. So does anyone have any advice as how I can do this? I'd rather not have every port between 7777 and 25 available but this is what I currently have...
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(
acl => 'local_loopback.xml'
, host => '127.0.0.1'
, lower_port => 25
, upper_port => 7777
);Billy Verreynne wrote:
As far as I can tell there is no way to set Network ACLs such that only two specific ports are available. I'm using Oracle 11gR2.>Not so in my experience. An ACL can be for a specific target, but contain multiple ports for that target.
E.g. I assign ports 80, 7777, 8080, and a few others, in a single web-acl.xml, to a network target (host or domain).
Read the usage notes in Oracle® Database PL/SQL Packages and Types Reference.>Thanks I'll try that. I think we had problems in the past with separate ACL's containing rules for the same host, the response we got back from support was not to do that. This way didn't occur to me. -
Is there an easy way of creating an ACL for denying users?
Hi All,
I like to create an ACL that would prevent about 50 users from accessing a particular network in our MPLS network. I do not want to create another vlan for this.
Let's say I want to deny this range 10.12.16.20 - 50 from accessing 10.3.0.0 network but allow then access to everthing else. Is this how to do it?
Access-list 101 deny 10.12.16.20 0.0.0.0 10.3.0.0 0.0.255.255
Access-list 101 deny 10.12.16.21 0.0.0.0 10.3.0.0 0.0.255.255
Access-list 101 deny 10.12.16.22 0.0.0.0 10.3.0.0 0.0.255.255
-- this will go continue down to .50
Access-list 101 permit ip any any
Can I do something like this?
Access-list 101 deny 10.12.16.20 - 50 0.0.0.0 10.3.0.0 0.0.255.255
Access-list 101 permit any any
ThanksDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
What Karsten has suggested, would be the "cleanest" approach, but if the IOS doesn't support it, what Rick suggested would be the way to do it using the fewest ACEs.
If using Rick's approach, as he mentioned you can set ACEs on binary boundaries, variations on the "theme" might be to include a bigger block than needed, if the overage isn't harmful. For example, when trying to exclude hosts 20 .. 50 one ACE could block 0 .. 63.
Also remember you can mix permits and denies. So say you wanted to block just 8 .. 63, you could permit 0..7, block 0..63 and then permit any. Depending on your requirement, mixing permits and denies might require the fewest ACEs in your ACL.
Of course the disadvange of a complicated ACL, it's harder to understand. However, on a sofware based router, the shorter ACL might perform better. -
Problem creating transactional iview for BW system
Hi gurus
We are facing one problem creating a transactional iview for a BW 3.5 system . We wanto to call transaction SU01 in our BW system using an iview. When we use SAP for html, we have all the menu on the iview , I mean the same result as if we use smen, not SU01.
And if we use SAP GUI , we are always having the same GUI Error
Sapgui 640 [Build 8986] Wed Apr 01 12:25:05 2009
: 'service '' unknown
Time Wed Apr 01 12:25:03 2009
Component NI (network interface)
Release 640
Version 37
Module ninti.c
Line 505
Method NiPGetServByName2: service '' not found
Return Code -3
System Call getservbyname_r
Counter 1
Please, can you help us?
Thanks in advance and best regards.Thanks Bala for your quick reply. I´ve tried with function module RSBB_URL_PREFIX_GET and all the settings were OK. Still the same result.
Adding more information. We have another WAS 6.40 server with different Module(we have RM and XRPM , not BW) and we are having the same problems. I am wondering if its related with some special config or activation
Maybe I´ve forgot some service activation in SICF? I´m able to reach the SMEN, but not the SU01
or I´m missing some config elsewhere?
Thanks in advance.
Best regards.
Edited by: Jose Ignacio Arlandis on Apr 2, 2009 8:41 AM -
Problem creating T-Code for report(type Form-report)
Hi all,
Can T-Code be created for reports which are of type'form report '.
Here is the problem in detail :-
I have to use transaction 'CJE3' where four reports got created.These reports are of type 'form report'.Currently I am not able to create the transaction for the reports in se93 transaction.
Please advice on how I can create T-Code for these reports.
Regards,
AnirbanHi Dutta ,
this report is created by Report painter for this Reports if u want to create tcode please follow the steps.
se93 ---> take option parameter transaction .
1.default valuse for transcation is START_REPORT
2.skip initial Scree = kich this one
3.screen = 0.
4.kich all GUI check boxes
5.last one , u have to entry values like this
D_SREPOVARI-REPORTTYPE = report Type
D_SREPOVARI-REPORT = name of the report in the bottom scree.
Regards
Prabhu -
PFCG, derived roles, create inheritance relation for existing roles
Dear reader,
We have many roles that differ only in the organisational levels, but were not created using the Transaction Inheritance functionality.
Because of the sheer number of these similar roles, making a change in a non-organisational field in these roles is quite laborious.
Such a change is much easier when there is an inheritance relation between a template and all dependent roles.
Is there a way to set up the inheritance relation between a template and it's dependent roles after their creation ?
Kind Regards,
John HermansMy own thinking what will happen if we combine so and so roles....
I have a other basic question regarding the field values of a A.object.As we know the one particular A.object is related to so many T.codes.Eg:assigning just 1 tcode to a role which contains 5 A.objects(those 5.A.objects are related to so many different T.codes).If we generate the profile for the role it will bring up all the mandatory field values for that specific T.code which is added.Suppose if we assign some values in the fields which are blank(maintain) or even changing the standard values(01,02 standard but deleting those values and assigning 03,04).Will the user gets accesss for the maintained/changed field values ? The reason for asking is ,as we are deleting the mandatory field values of the tcode and assigning some other values which are standard values for some other Tcodes (which are not added in the menu)
Pls excuse me if it confuses .... -
"Create" Datasource Privilege for Deployer Role
Hi,
We want to enable the "create" datasource privilege for the Deployer Role, after reading some information for this role looks like they are only allow to modify or delete datasources, but not create them. Admin privilege is not a good option for this group.
Any ideas or suggestions...BoopathyVasagam wrote:
Thank you for your answer. So should I issue the below statement? (Since I dont have dba privs i couldn't test this)
GRANT CREATE VIEW to P_ETL_TEST_VIEW;
I doubt that above will prevent the error from being thrown.
prior to running anonymous block again; just do as below
SET ROLE NONE;
doing so should result in same error being thrown when invoking
BEGIN
p_etl_test_view;
END; -
Problem creating a swatch for rich black (c50 m50 y0 k100)
When I manually create a swatch for rich black (c50 m50 y0 k100) in Illustrator CC (17.1.0) and assign as a fill or stroke, it is getting changed back to ordinary black (c0 m0 y0 k100). That is, I create the swatch as above, select an object and click to assign the rich black swatch. The swatch appears to be assigned to objects stroke or fill as expected. However, if I then reselect that object, the rich black has been reset to the standard black – c0 m0 y0 k100. I'm sure I've done this before without a problem, but not since I upgraded to Illustrator CC. As a workaround, for the piece I'm working rigth now, I created a swatch for c50 m50 y0 k99 – as this holds. Any ideas?
Kind regards
TimAt the time I was getting the decribed behaviour, I was working on a project destined for an online print service called PrintCarrier, for which I had a particular profile based on the FOGRA39 profile: Eurostd (Coaed) 15% GCR Medium. The latter was causing Illustrator to not retain rich blacks. When I reverted to my usual profile (ISO Coated v2 300% (ECI)) rich blacks were retained – that is Illustrator behaved normally with regards honouring the rich black assignments.
Not sure why the different profile was causing that to happen in Illustrator. I know that under the same profile in InDesign, rich blacks assigned within that application behave correctly, and don't reset as in Illustrator.
Is this a bug getting triggered or am I missing something in the way profiles handle black/rich black?
Kind regards
Tim -
Problem creating cache group for a table with data type varchar2(1800 CHAR)
Hi,
I am using TimesTen 7.0 with Oracle 10.2.0.4 server. While creating Cache Group for one of my table I'm getting the following error.
5121: Non-standard type mapping for column TICKET.DESCRIPTION, cache operations are restricted
5168: Restricted cache groups are deprecated
5126: A system managed cache group cannot contain non-standard column type mapping
The command failed.
One of my filed type in oracle table is Varchar2(1800 CHAR). If I change the filed size to <=1000 it (E.g. Varchar2(1000 CHAR)) then the Create Cache command works fine.
MyDatabase Character Set is UTF8.
Is it possible to solve without changing the filed size in the Oracle Table?
Request your help on this.
Thanks,
SunilHi Chris.
The TimesTen server and the Oracle Client is installed on a 32-bit system.
1. ttVersion
TimesTen Release 7.0.5.0.0 (32 bit Linux/x86) (timesten122:17000) 2008-04-04T00:09:04Z
Instance admin: root
Instance home directory: /appl/TimesTen/timesten122
Daemon home directory: /var/TimesTen/timesten122
Access control enabled.
2. Oracle DB details
SQL> select * from v$version;
BANNER
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bi
PL/SQL Release 10.2.0.3.0 - Production
CORE 10.2.0.3.0 Production
TNS for Linux: Version 10.2.0.3.0 - Production
NLSRTL Version 10.2.0.3.0 - Production
Oracle Client - Oracle Client 10.2.0.4 running in a 32 bit Linux/x86
3. ODBC Details
Driver=/appl/TimesTen/timesten122/lib/libtten.so
DataStore=/var/TimesTen/data
PermSize=1700
TempSize=244
PassThrough=2
UID=testuser
OracleId=oraclenetservice
OraclePwd=testpwd
DatabaseCharacterSet=UTF8
Thanks,
Sunil -
NTP(Network Time Protocol) Error whil installing Oracle 11gR2 RAC
Dear Friends,
I have installed oracle 11gr2 clusterware software in two node RAC. While i run the CLUVFY.SH, It shows error in NTP configuration.
1)I add "-x" parameter in "/etc/sysconfig/ntp" configuration file. and start the ntpd service and run the cluvfy.sh . then i got the below error.
Check: CTSS state
Node Name State
rac2 Observer
rac1 Observer
CTSS is in Observer state. Switching over to clock synchronization checks using NTP
Starting Clock synchronization checks using Network Time Protocol(NTP)...
NTP Configuration file check started...
The NTP configuration file "/etc/ntp.conf" is available on all nodes
NTP Configuration file check passed
Checking daemon liveness...
Check: Liveness for "ntpd"
Node Name Running?
rac2 no
rac1 no
Result: Liveness check failed for "ntpd"
PRVF-5415 : Check to see if NTP daemon is running failed
Result: Clock synchronization check using Network Time Protocol(NTP) failed
PRVF-9652 : Cluster Time Synchronization Services check failed
Post-check for cluster services setup was unsuccessful on all the nodes.
=============================================================================================
2)Down the ntpd service in both nodes and run the CLUVFY.SH.
Check: CTSS state
Node Name State
rac2 Observer
rac1 Observer
CTSS is in Observer state. Switching over to clock synchronization checks using NTP
Starting Clock synchronization checks using Network Time Protocol(NTP)...
NTP Configuration file check started...
The NTP configuration file "/etc/ntp.conf" is available on all nodes
NTP Configuration file check passed
Checking daemon liveness...
Check: Liveness for "ntpd"
Node Name Running?
rac2 no
rac1 yes
Result: Liveness check failed for "ntpd"
PRVF-5415 : Check to see if NTP daemon is running failed
Result: Clock synchronization check using Network Time Protocol(NTP) failed
PRVF-9652 : Cluster Time Synchronization Services check failed
Post-check for cluster services setup was unsuccessful on all the nodes.
==========================================================================
3)Based on some website advice, I down the ntpd service and move the "/etc/ntpd.conf" to another location.Then i got the below error.
Result: Query of CTSS for time offset passed
Check CTSS state started...
Check: CTSS state
Node Name State
rac2 Observer
CTSS is in Observer state. Switching over to clock synchronization checks using NTP
Starting Clock synchronization checks using Network Time Protocol(NTP)...
NTP Configuration file check started...
ERROR:
PRVF-5402 : Warning: Could not find NTP configuration file "/etc/ntp.conf" on node "rac2"
PRVF-5405 : The NTP configuration file "/etc/ntp.conf" does not exist on all nodes
rac2
PRVF-5414 : Check of NTP Config file failed on all nodes. Cannot proceed further for the NTP tests
Result: Clock synchronization check using Network Time Protocol(NTP) failed
PRVF-9652 : Cluster Time Synchronization Services check failed
=============================================================
What should i do to solve this issue?? Please help me ...Hi,
I start the ntpd start the service in both node and done the CLUVFY.SH.
The output is below,
Checking if CTSS Resource is running on all nodes...
Check: CTSS Resource running on all nodes
Node Name Status
rac2 passed
rac1 passed
Result: CTSS resource check passed
Querying CTSS for time offset on all nodes...
Result: Query of CTSS for time offset passed
Check CTSS state started...
Check: CTSS state
Node Name State
rac2 Observer
rac1 Observer
CTSS is in Observer state. Switching over to clock synchronization checks using NTP
Starting Clock synchronization checks using Network Time Protocol(NTP)...
NTP Configuration file check started...
The NTP configuration file "/etc/ntp.conf" is available on all nodes
NTP Configuration file check passed
Checking daemon liveness...
Check: Liveness for "ntpd"
Node Name Running?
rac2 yes
rac1 yes
Result: Liveness check passed for "ntpd"
Checking NTP daemon command line for slewing option "-x"
Check: NTP daemon command line
Node Name Slewing Option Set?
rac2 yes
rac1 yes
Result:
NTP daemon slewing option check passed
Checking NTP daemon's boot time configuration, in file "/etc/sysconfig/ntpd", for slewing option "-x"
Check: NTP daemon's boot time configuration
Node Name Slewing Option Set?
rac2 yes
rac1 yes
Result:
NTP daemon's boot time configuration check for slewing option passed
NTP common Time Server Check started...
PRVF-5410 : Check of common NTP Time Server failed
PRVF-5416 : Query of NTP daemon failed on all nodes
Result: Clock synchronization check using Network Time Protocol(NTP) passed
Oracle Cluster Time Synchronization Services check passed
========================================================================================
[oracle@rac1 ~]$ /u01/app/grid/oracle/product/10.2.0/db_1/bin/cluvfy comp clocksync
Verifying Clock Synchronization across the cluster nodes
Checking if Clusterware is installed on all nodes...
Check of Clusterware install passed
Checking if CTSS Resource is running on all nodes...
CTSS resource check passed
Querying CTSS for time offset on all nodes...
Query of CTSS for time offset passed
Check CTSS state started...
CTSS is in Observer state. Switching over to clock synchronization checks using NTP
Starting Clock synchronization checks using Network Time Protocol(NTP)...
NTP Configuration file check started...
NTP Configuration file check passed
Checking daemon liveness...
Liveness check passed for "ntpd"
NTP daemon slewing option check passed
NTP daemon's boot time configuration check for slewing option passed
NTP common Time Server Check started...
PRVF-5410 : Check of common NTP Time Server failed
PRVF-5416 : Query of NTP daemon failed on all nodes
Clock synchronization check using Network Time Protocol(NTP) passed
Oracle Cluster Time Synchronization Services check passed
Verification of Clock Synchronization across the cluster nodes was successful.
[oracle@rac1 ~]$
================================================================================
I hope the problem solved. Am i correct?? -
Problem with Edit option for a role created in GRC 10.0
Hello Experts,
I created a role in GRC 10.0 , I see my newly created role in the list of roles . If I want to Edit the role I select the row and click " OPEN" and edit the role.
But when I click the role directly and enter the role , the "EDIT" button is disabled and even maintain authorization button is disabled.
Did SAP defined in such a way that we should selct the role and click OPEN then only we can Edit or is this a Bug??
Please let me know if any one of you faced the same problem.
Regards,
Jagadish BhandaruHi,
Sabita is correct.
Here is the link to the documentation
SAP Access Control 10.0
Simon -
ASA 5520: Create Network Object for range of hosts?
Hi,
I'm new to Cisco Firewalling. I'm migrating our network objects from our current firewall to a new ASA 5520 configuration. I'm using ASDM 6.4 for configuration.
We have a range of IP addresses for hosts that we need to add to a firewall rule/ACL. In the previous FW software I could create an object that was a range of IP address. For example there is an object called emailservers that is defined as 192.168.2.25-192.168.2.50.
Is there a way to do a similar thing on the ASA 5520?
I can see how to create subnets, but in this case I only have a range of IP addresses, no subnet mask.
Any help greatly appreciated.Sure there is,
hostname(config)# object network TEST2
hostname(config-network-object)# range 10.1.2.1 10.1.2.70
No need for subnet masks, this will be a Object network, not an Object-group of type network. Now in 8.3 they are a lot different.
http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/nat_objects.html
Check this doc for reference.
Cheers,
Mike -
Problem creating a new Glassfish 4 server with Oracle Tools for Kepler
Hello,
I installed Oracle Tools for Kepler with no problem. But when I want to create a new server and fill in the directory to the server (which is valid, C:/glassfish4/glassfish), nothing happens. I can only click 'back' or 'cancel'.
There is no error message.
Is this a bug in Eclipse or Oracle Tools, or do I do something wrong ?
Thanks in advance for help.Hi,
Could you let us know where you installed the GlassFish tools plugins from ?
Glassfish 4 support in OEPE has been available since Glassfish was released in June. But it looks like a bug may have been introduced in the latest build available on http://download.java.net/glassfish/ which does not exist in the version available at http://download.oracle.com/otn_software/oepe/12.1.2.1/kepler/repository
The workaround on the version you are running is to enter a dummy password value and this should allow you to create the Glassfish 4 server.
I will be filing a bug to track this issue
thanks
Raj -
Problem Creating Partner Link for Adapter Integrating with Tuxedo using JCA
Hi All,
This is the first time that I am working on integration tools. I will explain in brief the problem.
There will be a legacy system (Tuxedo) running which connect to legacy database for requests. I am able to connect to that legacy system using Attunity Studio for getting the response back. Which is working fine.
Now I want that to integrate with BPEL PM 10.1.2 using JCA. For this I followed this URL (http://www.oracle.com/technology/tech/java/oc4j/904/how_to/oc4j-jca-tux/onjava-jca.html). What happens here is, a simple servlet invokes a Session Bean that interacts the Attunity Server using the JCA. For that I am using oc4j container of BPEL PM 10.1.2. I could able to work it fine.
For working with BPEL, I have created synchronous process, when try to create Partner link using Adapter service from WSIL browser, it is not coming in.
Am I missed any important configuration at BPEL PM end.
For doing this a followed the "tutorial 2" @ http://www.oracle.com/technology/products/integration/adapters/dev_support.html
In exact way, above provided tutorial 2 PDF, I failed at step "Configuring a BPEL Service to invoke the above Adapter Service" on page 11.
Your help is highly appreciated
Thanks
VenkataSomething to note. I tried adding the same BPEL services as partner links to a new application and new project on two other developer's workstations, and the creation of the partner links were successful.
Maybe you are looking for
-
I need information on how to install and execute the export/import utility
Hi there, I am migrating an application from Weblogic 10 to Weblogic 10.3. I need to import a desktop from a .portal file in Weblogic 10.3. I know how to do the process of installing and executing this tool in WebLogic 10, but I don't know how to do
-
Since upgrading to 10.9.4 dvds will not load
After upgrading to OS X 10.9.4 onto my 2011 iMac, I tried to load a DVD. It whirled around and then got stuck. It took me about 3 hrs to finally get it unstuck. Now it will not accept DVD's at all, just whirls them around and pops them out. CD's it
-
Does iMovie sync from laptop to iPad?
Can I sync iMovie from my MacBook Air to the new iPad I just purchased. I can buy an iMovie App for the iPad but I only want to do this if it will sync with my existing movies. Thanks.
-
Hello Readers, I am doing a fresh install of SCM2007 on AIX5.3, Oracle 10.2.0.4. Type of install is central instance (ABAP, Java, DB on one server). After importing ABAP, sapinst proceeds to create secure store. At that point sapinst fails with the m
-
My iPad mini won't connect to wifi. Well it does but very sporadically.