SA520W - IPv4 Firewall Rule not visible
Hello,
We have a cisco SA520W Security Appliance Model with several IPv4 firewall rules configured and we would like to remove one of the rules.
The fact is as that this rule is not visible from the Security Appliance Configuration Utility, although it can be seen on the configuration backup file, it cannot be deleted…
Any idea how to delete this rule avoiding to revert to factory default setting will be appreciated.
Best regards,
Nicolas MASSOT
Is it one of the built in default rules or is it a rule that was created then deleted from the GUI? Can you paste the section of the config file with the ACL?
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security
Similar Messages
-
SA 540 INBOUND FIREWALL RULES NOT WORKING
Hi all,
I am having trouble configuring the firewall for the SA 540.
client 1 (160.222.46.154) ----- switch ------ sa 540 ------ cisco 887 W ------ client 2 (50.0.0.10).
client 1 can ping client 2, however client 2 cannot ping client 1. The default outbound policy (allow all) is set on the sa 540, and I have tried configuring a blanket ipv4 rule on the sa 540 to allow 'all' to 'any' (for all services) related to traffic from the WAN to LAN, and visa versa. The output from the logs are as follows:
Fri Jan 7 13:43:04 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
Component: KERNEL
Fri Jan 7 13:43:09 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=ICMP TYPE=8 CODE=0
Component: KERNEL
Fri Jan 7 13:43:14 2000(GMT +1000) WARN FIREWALL 50.0.0.10 160.222.46.154 [firewall] LOG_PACKET[DROP] IN=WAN OUT=WAN SRC=50.0.0.10 DST=160.222.46.154 PROTO=UDP SPT=60737 DPT=53
Component: KERNEL
Basically any connection identified as coming in from the WAN (i.e. IN=WAN) is dropped. I set up a new vlan on the cisco 887 W, in the 160.222.46.x address space, and connected a spare port directly to the sa 540 and had no problem testing connectivity to any device via ping. Obviously the zone communication is LAN to LAN and firewall treats the traffice differently.
I assumed that creating an all encompassing rule to allow all trafiic, for all services, between the LAN and WAN (in both directions) would be equivalent to placing the appliance in PASS THROUGH mode? There is no securtiy set on the 887 W or the switch.
Also is anybody could explain what 'SELF' means in the conttext IN=SELF or OUT=SELF it would be much appreciated. Firmware is latest.
Thank you.
Regards
MarcOn closer analysis and with some help from Experts Exchange it did seem non sensical to have both the IN and OUT as the WAN interface, but I had literally exhausted every avenue possible bar 1- changing the routing mode to CLASSIC and configuring a static route (which was at a higher administrative level than my RIP advertised routes) and took preferece when forwarding the packets.
Now the SA540 firewall rules work as I would expect and I can route between all zones. To summise it appears as if the Double NAT from the router (887W) and then the SA540 was the issue, and the innability to configure any workaround in the interface of the SA54O firewall rules.
It really makes you appreciate the power of the command line and the full scope of CIsco's command line options. Does anybody know if (and how) it would be possible to configure Double NAT on the SA540?
Regards
Marc -
Business Rules not visible sometimes-via web and smartview
We use EPM 11.1.2.
we have a unique problem-Business rules (associated with forms)sometimes fail to appear either via web or smartview for our users.After logging out and back in,sometimes they appear again.
If we explicitly 'disconnect all' from smartview, close Excel, and go back in again, then the rules are visible.
It is becoming hard to tell when the users can or cannot see the business rules.
All users have the right provisioning-interactive user.
Has anybody seen this kind of behavior before?
We had a similar issue a while back-with eas web versus eas desktop client. Oracle gave us a specific fix for the eas business rules problem.
Edited by: 784749 on Sep 26, 2011 11:59 AMThats the strange thing; We use (native) groups to provision. This works fine for the other 5 users.
But even if I provision this one user for the Business Rules, they remain invisible to this user. (in Planning)
I discovered this morning that this user can create a new BR, but when I try to open it in AAS console I get an error
"Exception occured, Please check your log file for details."
Unfortunately, the log doesn't provide any more details. (even if I set the level to Debug) -
Transported Alert rule not visible in RWB - Alert Configuration
Hi ,
I have Transported Alert rule Using Below mentioned blog ..
Know How to Transport Only the Required Alert Rules !!!
I have followed the following Procedure
1. Go to Transaction SE16 Data browser.
2. Give the table name as SXMSALERTRULES and hit F7. Then Execute (F8).
3. Copy the ALERTHASHVAL field value of the entries that needs to be transported.
4. Go to transaction SE10 and Create a Workbench Request.
5. Select the Task under Workbench Request and Go to Menu Request/Task -> Change Type and select Development/Correction.
6. Double click the task and go to edit mode.
7. Enter Program ID: R3TR, Object: TABU, Objects Name: SXMSALERTRULES, press Enter and click on Functions.
8. Paste the ALERTHASHVAL field value copied in Step-3 and Save.
Now I can see the transported entries in SXMSALERTRULES table . But when I check RWB- Alert Configurations .. There is no new entry for above transported rule ...
Please tell me what is missing or where am i wrong ...Yes, My problem is Resolved ....
Solution : -
After Transport All Alert Rules, - >
I created Manual entry for any one of the alert rule from Alert Configuration. ->
Then automatically all other transported rule came into visible state ....
So now i can see all my transported rule in Alert Config...
I dont Know , How does it happaned .. But it worked for me ... All rules got visible to me only after creating a manual entry for amy one of the alert rule ...
Hope it helps someone else ...
Guys thanks for all your comments ...
Regards
PS -
Hi All,
I have created business rules in Essbase & works well.But Those are not showed in planning App.Here , While i'm
creating Business Rules ,able to access for essbase only , when click on planning to shows unable login planning.
Plzzzzzzzz help out.......
ThanksI am having the same problem with accessing business rules in version 9.3.1. I have been working with Oracle support for 5 months now trying to resolve this and they have not been able to help.
This application has been up and running for over a year before this behavior occurred. Previously users were able to view and run business rules. It is only affecting non-native authenticated users. The admin user and natively authenticated users can run/edit & vaidate rules. In order to run business rules all users have to log in with the admin user ID (not a good solution).
Any ideas, clues or new method of debugging this issue would be appreciated.
Thanks
John -
UWL - Substitution rule not visible to switch it off
Hello,
User A maintains substitution for user B. In ECC, the substitution is active in table HRUS_D2. But User A is unable to see the rule in "Manage substitution". As a result he is not able to switch off the substitution rule from portal.
Thanks,
Preeti.Dear Preeti Nair,
are you able to solve the issue?
I'm facing quite similat problem...
thanks, -
Business Rules not visible in Hyperion Planning
I created a group in Shared Services and added 6 (native) accounts.
After that, I assigned Access Privileges to Business Rules in AAS for this group.
When I open Planning Web and go to Tools - Business Rules, 5 of the 6 users can see the Business Rules,
but one users only sees the CalcScripts.
I think I tried everything; removed/added the account from the group, refreshing security, refresh in Planning-Desktop
I'm using version 9.2.03
Anyone knows whats going on here?Thats the strange thing; We use (native) groups to provision. This works fine for the other 5 users.
But even if I provision this one user for the Business Rules, they remain invisible to this user. (in Planning)
I discovered this morning that this user can create a new BR, but when I try to open it in AAS console I get an error
"Exception occured, Please check your log file for details."
Unfortunately, the log doesn't provide any more details. (even if I set the level to Debug) -
Columns based on first/last aggregation rule not visible in Answers
Hi guru!
I don't understand my mistake!
1. "summ" column in fact table
2. Time dimension with TOTAL-YEAR-QUARTER-MONTH-DAY levels
3. set up for "summ" column last aggregation
4. and set checkbox (based on dimension): for Time dimension LAST, for others SUM
but in Answers this "summ" column is NULL.
why?Is it possible that the last selected value of the Time dimension has no data? For example, if you're displaying all possible days of 2008, and you haven't loaded Dec-31-2008 data yet, the "last" value selected (i.e. Dec-31-2008) would not yet have been loaded with data, so the LAST aggregation function would return a NULL.
Thought: Try the query using a filter on the Time dimension to select a time period that is already completely loaded with data, and let us know what happens there. -
h:datatable rules not visible in ie 6
Hello,
I am displaying a table and want to have a line in between each rows
<h:dataTable id="tabwiw" value="#{managerBean.rsWIW}" var="wiw" rows="#{managerBean.nbWIW}" rules="rows" width="100%" rendered="#{managerBean.renderWIW}" border="0">
But this doesn't work in ie 6 (and works perfectly in Firefox, Mozilla and Netscape).
Thank you for your time
Best regards
Neil.Thats the strange thing; We use (native) groups to provision. This works fine for the other 5 users.
But even if I provision this one user for the Business Rules, they remain invisible to this user. (in Planning)
I discovered this morning that this user can create a new BR, but when I try to open it in AAS console I get an error
"Exception occured, Please check your log file for details."
Unfortunately, the log doesn't provide any more details. (even if I set the level to Debug) -
SA 520 Firewall rules not applying
I've set up 3 schuldes for
1) 04.00 - 08.00 PM
2) 10.00 - 11.59 PM
3) 12.00 - 10.00 AM
Locked the mac address on the client computer to an leased IP number.
Then I set up 3 rules to block from LAN to WAN for this local IP 192.168.75.70 at the Scheduled times. But it dosen't apply.
The firmware is 2.1.71
I can see the client get the right IP address.I did try to reset it, but It did'nt do the trick. Still full connection, where it should be blocked.
Enabled LAN WAN ANY BLOCK by schedule 192.168.75.70 Any Always -
In Business Rule child elements of Unbounded element are not visible.
Hi All,
Jdev version 11.1.1.7.0
I am facing one issue in Business Rule...
Scenario: I am creating Approval Service (BPEL) with Human Work flow and Bunises Rule.
I am assingning participant in HW by using Rule based(Connecting HW and BR).
Problem here is:
Shema has "unbounded" element.
<element name="ExpenseItem" maxOccurs="unbounded">
<complexType>
<sequence>
<element name="ItemID" type="string"/>
<element name="ItemName" type="string"/>
<element name="ItemPrpjectID" type="string"/>
<element name="ItemStatus" type="string"/>
</sequence>
</complexType>
</element>
Whenever I create Busines rules to configure rules.
While configuring rules child elements of ExpenseItem are not visible. But those are neccesary to configure rules.
If you can help to me resolve would help.
Is it a bedault behaviour of BR? If so how can i acheive this?
Thanks,
SantoshSolution found:
Click on RuleSet which you have created.
Expand Rule inside it.
Enable Advanced mode and Tree mode and click OK.
Select Root as Task and click on insert pattren and create pattren which is based on unbounded element (here its meant as fact)
Once you create pattren , will be able access elements under unbounded element for Business rule configuration. -
Substitution variable is not visible at Data Prep editor-creating rule file
Hi,
We are working on Essbase 9.3.1, Oracle as a database source for loading the data into Essbase.
We have create a substitution variable at "server level" to use it in rule file as a DSN for data source. But this substitution variable is not visible in the drop down of substitution variable in 'Data prep editor' while creating the rule file.
We restarted the Essbase server also but still it is not visible in 'data prep editor'.
Any help will appreciated on this issue.
Thanks & Regards,
Mohit JainCameron-
1) yes I've tried it on 2 different clients
2) yes I've tried it on the server
3) I haven't tried that, but don't normally use MaxL for anything
4) I took a 'broken' rule, saved it locally, closed and reopened and it still didn't work
5) I normally do files on the server, but I can't even get to that point because when I get the 'Open Data File' nothing happens, no dialog box pops up, so I don't get the chance to select the location
6) This is a production server and EAS is running as a service, so I'd have to test this one afterhours.
Because it happens on 3 separate PC's I'd eliminate bad EAS, since only some rules do it and others don't I'd think it could be corrupt rules, but it'll happen to new rules just as fast, and they still work just fine, so if that's the case I need to figure out what is corrupting them...
Network issues wouldn't surprise me, I get TCP/IP errors regularly saying I have to increase my net retry count, but I've tweaked with those settings tons... looks like those are really the database server is running out of memory even though I have 4GB physical 16MB Virtual memory (32 bit environment though... I do have the /3GB switch turned on)... I've had to scale my caches way back to allow certain databases to even function.
Thanks for your help.
Edited by: Norton5150 on May 28, 2009 2:12 PM -
OTL Custom Formula not visible in Time Entry Rule window
Hi Friends,
I have created a custom Fast Formula of type 'OTL Time Entry Rules'. Created a context with segments for the OTL Formulas Flex Field with formula name same as of the context. But the formula is not visible in the in the time entry rule window.
Can any one please suggest what is the reason for this?
Many many thanks in advance.Hi,
Check whether you have given the description for your custom Fast formula while defining the FF in the Write Formula screen.
Coz, In the Time Entry rules window you will see the description of the fast formula .
Though the description iss not a mandatory field while defining the FF in the Write Formula screen the time entry rule will take only the description of the FF instead of the FF Name.
Get beack to me if you need further info.
Thanks,
Anuradha -
WSUS Firewall rules do not use names nor groupnames
Hi everyone,
Today I've been playing around with PowerShell Workflows and the firewall cmdlets on my test environment. (Great stuff, Thanks
Scripting Guys)
After working out a little workflow I noticed that the firewall rules that were made by the WSUS feature installation had no Name nor DisplayGroup, only the DisplayName.
My test environment is made up from tree Server 2012 R2 servers with a domain.
The script I made :
workflow Get-AllFirewalls
Parallel{
InlineScript{
Get-NetFirewallRule -Enabled True -Action Allow |?{
$_.Profile -match "Any|Domain"
} | select Name,DisplayName,direction,DisplayGroup,
@{n='Port';e={($_|Get-NetFirewallPortFilter).LocalPort}},
@{n='Protocol';e={($_|Get-NetFirewallPortFilter).Protocol}},
@{n='Program';e={($_|Get-NetFirewallApplicationFilter).Program}}
$output = Get-AllFirewalls -PSComputerName (Get-ADComputer -Filter 'OperatingSystem -like "Windows Server*"').name
$output |Sort-Object DisplayGroup |Format-Table PSComputerName,Name,DisplayName,Direction,Port,Protocol,Program -GroupBy DisplayGroup -AutoSize
Now this is just for testing and I could get around the fact there are no proper names but I think it's sloppy not to fill the naming attributes.
Am I the only one with these results or is it just WSUS?There are only two rules created, one for HTTP on port 8530 one for HTTPS on port 8531, and the latter isn't even used in most WSUS installations.
There is no Group Name, because this is not a GROUP of rules, it is two individual rules. One is always enabled; the second is optionally enabled WHEN the WSUS Server is configured to use SSL, and it's enabled by an administrative script provided in the
WSUS toolset.
Ergo, a server administrator never has to mess with these two rules at all, so, no, I think it's insignificant that these rules may be missing a couple of generally irrelevant attributes.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
SA520 Firewall Rule cannot block HTTP
Hi All,
We are currently encountering a firewall rule problem. The following are the steps we
have done so far:
Default Outbound Policy: Allow Always
IPV4 Rules - Delete all firewall rules we have created and made a single firewall rule to block
outbound HTTP for a single IP Address
- Delete all firewall rules we have created and made a single firewall rule to block
outbound HTTP for a range of IP Address
- Tried making "Block by schedule" Action on port HTTP on a single and a
range of IP Addresses
- We have tried blocking HTTPS / POP3 / SMTP / IMAP and was successfully
blocked but not on HTTP
Services - Created a Custom Service blocking Port 1-65535 but still workstation can still access the internet.
MAC Filtering - Checked MAC address filtering and Policy for MAC Addresses listed below is set to
Block and Permit the Rest and added the MAC address of the workstation we want to block
still the workstation can access the internet.
IP/MAC Binding - We have also binded the MAC Address and IP Address
Content Filtering - Only content filtering works - blocked URL
We have also tried doing all the IPV4 Rules with the Default Outbound Policy: Block Always and all
the firewall rules action set to allow only those services that needs to be permitted.
Still blocked workstations can still access the internet.
Firmware Version: 1.1.42
Thanks
KarlHi Karl,
This looks like a bug in build 1.1.42. Please upgrade your
image to the latest build 2.1.18 which fixes the problem.
Let me know if the upgrade helps.
Regards,
Wei
Maybe you are looking for
-
Hi, I have one procedure which calls a function. My requirement is if that function didnt return value in 1 minute then stop the exection of that function and call next statement. Begin (1)......... (2)....... (3) get_func_val:= function(1,2); (4)...
-
Openoffice 2.0 install problem
I've recently acquired a mac mini, but been a linux/bsd user for a long time. I want to use openoffice 2.0 on the mac, so I downloaded a .dmg file for osx. I have of course X11 installed. As far as I know, this is a disk image and it's mounted in fin
-
Couldn't enter the Charactristic in query due to invalid value
Couldn't enter the Charactristic in query due to invalid value because SID numeric generation error. Unable to upload the data.
-
my httpwatch professional is not compatible with firefox 4 ? any updates will be released for that ?
-
Can I replace my screen affordably?
Hey, I was wondering if you could switch screens with a new macbook pro 2011 from the regular resolution glossy display to a hi-resolution glossy display? I would obviously expect to pay a fee, but I was wondering if an apple store would do it for m