REG:DMZ server

Similar Messages

• How to Read file from Application in DMZ Server (page on DMZ)

  Hi All,
  i am trying open a file from application server from OAF page on DMZ server .
  i am getting the error 'either not supported file type or file is damaged '.
  i am taking the path of production server to read the file from DMZ server .
  Please let me know what is the issue .
  Thanks
  Raju

  Please post the details of the application release, database version and OS.
  i am trying open a file from application server from OAF page on DMZ server .Is the issue with all OAF pages or with specific ones only?
  i am getting the error 'either not supported file type or file is damaged '.Please check Apache log files for details about the error (error_log* and access_log*).
  i am taking the path of production server to read the file from DMZ server .What type of DMZ configuration you have?
  Thanks,
  Hussein

• How can i access dmz server via public ip from inside?

  hi all !
  As shown in Figure，how can i access the server in dmz zone via public？
  i can access it via private ip 192.168.1.1 now,but i can't access it via 101.100.1.2.
  who can help me ?
  thank you !

  Hi,
  You would have to configure Static NAT from DMZ to INSIDE for the server in the same way you have done for DMZ to OUTSIDE.
  Basically in the following way for example
  object network DMZ-WEB
  host 192.168.1.1
  nat (dmz,inside) static 101.100.1.2
  This would enable your users on the "inside" to access the "dmz" server with the public IP address. And naturally only with the public IP address after this NAT.
  Hope this helps
  Please do remember to mark a reply as the correct answer if it answered your question.
  Feel free to ask more if needed
  - Jouni

• Issuing Certificates to a DMZ server

  I'm in the process of setting up a PKI infrastructure for an SCCM 2012 environment. In order to manage travelling laptops over the internet, we installed a new Windows 2012 R2 server in the DMZ.  To communicate properly with the travelling
  SCCM clients, we need to install 2 certificates on this DMZ server.  This DMZ server is in a different forest/domain than the SCCM and CA server, with no trusts established between it and our production domain.  If it makes any difference, there
  is also no DNS forwarding, but I have added an entry to the hosts file on the DMZ server, and to the internal CA and SCCM servers (all Windows 2012 R2), so that they can resolve each other.
  I've created the 2 certificate templates per the SCCM documentation on the internal CA server, but in the Security tab, there is no way for me to add the DMZ server for the "Read and Enroll" rights (since it's in another, untrusted forest.) 
  Since I can't enroll the certificates through the MMC console of the DMZ server, my next thought was that I could use the CA web enrollment method, and try to get certificates enrolled that way.   However, when I type in
  http://MY_CA_SERVER/certsrv, Internet Explorer spins for about 10-15 seconds, and then I get "Page cannot be displayed."  I added the webpage to the Trusted Sites in IE, but that did not help.  Visiting
  the CA webpage from a domain-joined computer works fine; it's just not working from the DMZ server.
  Does this sound like a communications/port issue?  Between my internal domain and this DMZ server, I've currently got ports 80, 135, 443, 445, 1433, 8530, and 8531 open.  Do I need anything additional for Certificate Authority communication? 
  If I'm not approaching this in the correct manner, I'm also open to other suggestions on how to install these 2 certificates properly.
  Thanks in advance for any advice.

  > I've currently got ports 80, 135, 443, 445, 1433, 8530, and 8531 open.
  please, close RPC ports in your perimeter firewall. Instead of using legace web pages, I would consider to set up a new Certificate Enrollment Web Servcies (which first appeared in Windows Server 2008 R2):
  http://social.technet.microsoft.com/wiki/contents/articles/7734.certificate-enrollment-web-services-in-active-directory-certificate-services.aspx
  if it is not possible to install CEP/CES services, then you can use the following guide (although it requires some manual procedures):
  http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=5
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Configure IIS on DMZ Server

  We've been asked to publish SharePoint (2013) on the internet. Because of the way our network is set up, we have to put a server in our DMZ that takes that traffic and forwards it on the SharePoint server. We can't put the SharePoint server in the DMZ and
  we can't route or NAT outside traffic directly to the SharePoint server.
  I don't have to worry about the network settings, subdomain registration, public IP's etc. since our network management team will take care of all of that, what I need is some ideas on how I can setup IIS on the DMZ server to forward the traffic to
  the SharePoint server.
  Thanks

  Hi,
  According to your description, what you need is “forwarding request”. So you may need a proxy server.
  You can use Web Application Proxy or Application Request Routing.
  Web Application Proxy is a new Remote Access role service in Windows Server® 2012 R2. Web Application Proxy provides reverse proxy functionality for web applications inside your corporate network to allow users on any device to access them
  from outside the corporate network. Web Application Proxy pre-authenticates access to web applications using Active Directory Federation Services (AD FS), and also functions as an AD FS proxy.
  Application Request Routing (ARR) is a proxy-based routing module that uses HTTP headers, server variables, and load balance algorithms to determine how to forward HTTP requests to content servers.
  To install and configure Web Application Proxy for publishing internal applications, please refer to the article below,
  Installing and Configuring Web Application Proxy for Publishing Internal Applications
  http://technet.microsoft.com/en-us/library/dn383650.aspx
  To install, configure, and use the ARR module, please refer to the article below,
  Application Request Routing
  http://technet.microsoft.com/en-us/library/ee683905(v=ws.10).aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• How to configure inactivity time out in 11i for external DMZ server

  Hi All,
  We are currenlty enablling DMZ functionality for some of internet applications. Generally a user will travel through Oracle Portal to access these applications.
  We want to set a seperate inactivity time out for user comming via external server. We manage to do this for Portal and SSO. But enable to find one for ebusiness suite. The idea is if a user access these applications from pulic PC and fogot to log out then if the system doesn't time out in 5-10 mins then it raise a risk of access to application by unautherized users.
  Any advise on this will be of great help.
  Incase this is no the right forum for these questions then if you know please advise where to direct this query.
  Regards,
  Navin

  Hi Hussien,
  Thanks for the quick notes, The challange we have is most of these setups are common for both external and internal servers. Change in one will impact the behaviour for others. What we are looking at is some thing like this. Unless I am missing some thing here.
  User login using external server over DMZ will time out in 10 mins assessing an application (i.e. Employee self service) where in if the same user access the same application using internal server then the session can be alive for say 60 mins.
  Do you think I am thinking on the right track. or am i missing any point here
  Regards,
  Navin

• Use iptables on DMZ server to port forward

  Hello!
  My ISP have this great idea that we have to go to their site to do port forwarding and changing settings on the router/modem, so I was thinking to just set one of my servers as a DMZ, and do port forwarding with iptables on that server.
  The problem is that I can't find out how I can make packets coming in on one port go out to another ip in the LAN.
  Here is my network setup:
  1. Combined router, modem and wireless AP.
  2. Apple AirPort Express connected to the Wifi
  3. switch connected to the AirPort Express with ethernet.
  4. two servers connected to the switch(also with ethernet).
  the two servers have ip adress 192.168.2.3 and 192.168.2.4. And I have set up 192.168.2.3 as DMZ.
  How do I use iptables to route connections that is coming to 2.3 on a speciffic port to 2.4?

  hunterthomson wrote:
  Well, I have kind of turned into an arno-iptables-firewall fanboy. I mean really, you can read through the script in /usr/sbin/arno-iptables-firewall  Super well commented and written very well. It covers all your bases.
  You will want to use the updated package listed in the comments.
  http://dl.dropbox.com/u/1367726/arno-ip … all.tar.gz
  You will also want the SystemD Unit file
  https://aur.archlinux.org/packages/syst … -firewall/
  To do NAT and Port-Forwarding... basically just read through the whole firewall.conf and when you hit the bottom your done.
  But really, you just need to change these things.
  /etc/arno-iptables-firewall/firewall.conf
  Line #41, put your Internet facing interfaces here.
  Line #46, Probaly want to set this to '1' becuase it sounds like the server dose get it's IP from DHCP... but that is a bad idea because it needs to have the same IP all the time... so maybe leave it disabled '0'
  Line #87, Put your LAN facing interfaces here
  Line #94, Put the LAN network here, So like if your Internet facing network is 192.168.2.0/24 you could make the LAN 192.168.4.0/24
  Line #140, Change this to '1' to enable NAT for your LAN
  Line #162, Change this to '1' to enable Port-Forwarding
  Line #193-195, Here is where you define your port-forwards,
  Example: Forward TCP port 22 to host 192.168.4.55 and TCP port 80 to 192.168.4.66
  --> Line 193, NAT_FORWARD_TCP="22>192.168.4.55 80>192.168.4.66"
  Then open port 22 and 80 on the WAN side so they 'can' be forwarded.
  Line #1170, OPEN_TCP="22 80"
  You should also check out the config's in the plugins directory. This is where you get your moneys worth...
  ssh-brute-force-protection.conf
  ids-protection.conf
  traffic-shaper.conf
  ipv6-over-ipv4.conf
  traffic-accounting.conf
  transparent-proxy.conf
  multiroute.conf
  ipsec-vpn.conf
  And More !!!
  Thanks for answer. But it seems like you missed that the server is only connected to the LAN, never to the internet.

• R12 DMZ server services

  What EBS services need to be running on the EBS DMZ application server?
  EBS: 12.1.2 (Internal: single DB node + on apps node; external: one-apps node).

  Please refer to (Oracle E-Business Suite R12 Configuration in a DMZ [ID 380490.1]).
  Thanks,
  Hussein

• Secure way for SMTP relay for DMZ server

  Hi,
  I would like to know if there is a secure way to allow SMTP relay from server in DMZ.  This is our Exchange server configuration.
  All Exchange server roles installed on a single server.
  No Edge server.
  Thanks in advance.

  Hello
  if haven't got relay connector, need create one receive connector add only one dmz ip and if application can authentication use that authentication method, if cant use any auth method  enable anoynous relay.
  sorry my english

• DMZ Server.

  Hi,
  I have one server where database and application are running.
  Another server for DMZ which is using for external user and for external user URL is like http://abc.com:8000
  I have one more URL which is using for our company site like www.cde.com.qa.
  Now my question is here does the front end application (DMZ) accept any packet using a different URL than http://abc.com:8000,
  since we have bind with the company URL www.cde.com.qa.
  now www.qib.com.qa/tybc will be redirected through our load balancer to 192.168.0.1.
  Regards
  Mustu.

  Hi Mustu;
  What is your EBS (r11-r12?) and what is your OS?
  Please check below and see its helpful for your issue:
  Oracle E-Business Suite R12 Configuration in a DMZ [ID 380490.1]
  Best Practices For Securing Oracle E-Business Suite Release 12 [ID 403537.1]
  Regard
  Helios

• Publish DMZ server over Internet

  I want to publish the dmz over the internet through outside interface

  Hi,
  You can do that. We are missing some important information although i can give you an idea.
  You can either forward only a specific port or service or you can map the server for the complete IP or all the TCP/UDP ports as well as per the requirement.
  It might be different for different ASA software code so you can check the configuration guides for the NAT/PAT configuration syntax accordingly.
  ASA 8.2 and before:-
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_control.html
  ASA 8.3 +
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/nat_objects.html
  Thanks and Regards,
  Vibhor Amrodia

• Reg Mail Server Setup

  Hi Experts,
  I want to set-up a mail server so as to perform some email-related scenarios, so please tell me the procedure to set-up a mail server in my local desktop. Is it cumbersome to set-up a mail server for testing purposes?
  Can I use one of the options available on www.google.com? Is it reliable?
  Thanks.
  Edited by: Abhishek01 on Jul 23, 2009 12:16 PM

  Hi,
  Better to checkw with your network team for desk top mai server,  why because we need few autoorization for configuration.
  Follow below steps for mail configuration.
  1. First we need to configure basis level setp like SMTP, POP3 through Tcode SCOT then
  2. Take URL for SMTP & POP3 from your network team & basis team
  3. Follow below links for scenario configuration
  /people/prasad.ulagappan2/blog/2005/06/07/mail-adapter-scenarios-150-sap-exchange-infrastructure

• Reg: Internal server error

  Hi
  Oracle Application Version:11.5.10.2
  Database Version:9.2
  Os : linux 4
  When tried to clik the ebusiness suite,it given the internal server error message, i ran autoconfig in apps tier its suscceed
  but itried to run in db tier its not running it given the following error message.
  AutoConfig is configuring the Database environment...
  AutoConfig will consider the custom templates if present.
  Using ORACLE_HOME location : /prod/r02/oracle/proddb/9.2.0
  ERROR: OA_JRE_TOP isn't available at either of the following locations
  JDK - /prod/r02/oracle/proddb/9.2.0/jdk
  JRE - /prod/r02/oracle/proddb/9.2.0/jdk
  Pass option 'java' on command line
  ERROR: OA_JRE_TOP isn't available at either of the following locations
  JDK - /prod/r02/oracle/proddb/9.2.0/jdk
  JRE - /prod/r02/oracle/proddb/9.2.0/jdk
  Pass option 'java' on command line
  ERROR in setting Environment variable ADJREOPTS
  please give the solution
  Regards
  karthick raja

  Hi,
  As oracle user, source the database env file and issue "echo $OA_JRE_TOP" and post the output here.
  Also, make sure the value of this parameter is set correctly in the database context file, and run AutoConfig again.
  Regards,
  Hussein

• Reg app server console view

  Hi,
  I have installed websphere application server and portal server.
  appln server is getting started without any errors, but when i try to open the appln server admin console,
  it says "The page cannot be displayed".
  Also, after starting the application server, when i saw in task manager, its showing as javaw.exe.
  Does this have any relevance to our topic..
  Generally java.exe would be running right..
  Thanks in advance,
  Balaji B

  harshaa-01 wrote:
  Hi,
  I have installed websphere application server and portal server.
  appln server is getting started without any errors, but when i try to open the appln server admin console,
  it says "The page cannot be displayed".Sounds like a websphere question so you should probably ask that in a webspehere forum (since it isn't related to Java)
  >
  Also, after starting the application server, when i saw in task manager, its showing as javaw.exe.
  Does this have any relevance to our topic..
  Generally java.exe would be running right..No. javaw.exe is a java vm without a console window.
  Kaj

• Reg Weblogic Server Startup Problem

  Hi
  I have configured the weblogic Application Server using Oracle SOA11g
  When i started the weblogic server, i am getting below exception.
  Exception [TOPLINK-4002] (Oracle TopLink - 11g Release 1(11.1.1.5.0) (Build 110305)): oracle.toplink.exceptions.DatabaseException
  Internal Exception: java.sql.SQLSyntaxErrorException: ORA-00942: table or view does not exist
  Error Code: 942
  Call: SELECT DRIVER_NAME, MIME_TYPES, PROTOCOLS, CARRIERS, SENDER_ADDRESSES, COS
  T, DELIVERY_TYPES, SPEED, STATUS_TYPES, CHECKSUM, SUPPORTS_CANCEL, ENCODINGS, SU
  PPORTS_REPLACE, SUPPORTS_TRACKING, SUPPORTS_STATUS_POLLING, DEFAULT_SENDER, CAPA
  BILITY, LOCK_VERSION FROM DRIVER_INFO
  Query: ReadAllQuery(oracle.sdpinternal.messaging.config.DriverInfo)>
  Pls find below log from AdminServer.log and domain_name.log
  MDS-01370: MetadataStore configuration for metadata-store-usage "soa-infra-store" is invalid.  
  ORA-06550: line 1, column 12:
  PLS-00201: identifier 'MDS_INTERNAL_SHREDDED.GETREPOSITORYVERSION' must be declared
  ORA-06550: line 1, column 7:
  PL/SQL: Statement ignored
  I have tried several solutions for above problem:
  Sol1:
  I have checked my datasource.
  The database details and URL are correct and i am able to test the connection and the DB is up and running.
  Sol2:
  I dropped RCU and created again but it didnt resolve the issue.
  Sol3:
  I have renamed the folders tmp, cache and data folders to in the below location
  C:\Oracle\Middleware\user_projects\domains\SOA_domain\servers\AdminServer
  After starting the weblogic server,these folders are created again but problem is not solved.
  Sol4:
  Logged intoto Weblogic console->services->Data Source->Click on SOADataSource->Go to Transaction tab->verify 'XA Transaction Timeout:' is set to 0
  Sol5:
  The schemas details in RCU and during the SOA configuration, there is a screen called "Configure JDBC Component Schema".
  The schema details are same in both cases
  Sol6: Dropped Database, RCU and SOA and installed again.
  But the problem is not solved.
  Now i am getting below exception also:
  Caused by: javax.ejb.CreateException: SDP-25700: An unexpected exception was cau
  ght.
  Cause: weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.Res
  ourceException: Could not create pool connection. The DBMS driver exception was:
  IO Error: The Network Adapter could not establish the connection
  Action: Check the stack trace for more details.
          at oracle.sdpinternal.messaging.storage.MessagingStoreBean.ejbCreate(Mes
  sagingStoreBean.java:174)
          at oracle.sdpinternal.messaging.storage.MessagingStore_urkbp2_Impl.ejbCr
  eate(Unknown Source)
          ... 56 more
  ; nested exception is: com.oracle.pitchfork.interfaces.LifecycleCallbackExceptio
  n: Failure to invoke public void oracle.sdpinternal.messaging.storage.MessagingS
  tore_urkbp2_Impl.ejbCreate() throws javax.ejb.CreateException,javax.ejb.EJBExcep
  tion on bean class class oracle.sdpinternal.messaging.storage.MessagingStore_urk
  bp2_Impl with args: []>
  I have tried deleting tmp folder and renaming tmp, data and cache folders in C:\Oracle\Middleware\user_projects\domains\BPM_Sample_domain\servers\AdminServer location.
  But the problem still perists.
  Please help me in resolving the issue.
  Regards
  Swathi

  Hi Swati,
  When you see this error
  Cause: weblogic.common.resourcepool.ResourceDeadException: 0:weblogic.common.Res
  ourceException: Could not create pool connection. The DBMS driver exception was:
  IO Error: The Network Adapter could not establish the connection
  Action: Check the stack trace for more details.
  That means Datasource Connection Pool is failing to create a pool either due to DB is down or no connection made by Pool resource.
  Try to tune the Datasource with following parameter will help you.
  1. Eanble Test connection on reseve
  2. Connection creation retry frequency second set as 10 these two parameter make reconnect back to you DB and Pool start executing correctly.
  After enable still have problem please provide complete stack.
  Regards,
  Kal