SA520W: Restricting access to configuration utility

I have setup multiple vlans on my SA520W. I would like to restrict access to the configuration utility to only users on the default vlan. Currently, the configuration utility is available to all the vlans on each of the vlan's default gateway IP address. I'm currently using firmware: 2.1.51. Is this possbile? This device will be handling both office and customer Internet access. I can't have customers getting to the configuration utility, regardless of how difficult/complex the passwords are. Thank you.

Wei,
'This scenario is not supported by SA500' is a completely unacceptable answer. The SA520W is meant to provide multiple SSIDs/VLANs in order to provide both 'corporate' access and 'guest' access via WiFi. Allowing a guest to access the configuration utility page and attempt to hack the SA's password is totally unacceptable.
Do you really want a visitor to be able to try and hack the SA's password???
How about the guy in the car in the parking lot?!!!!!
The SA stands for Security Appliance. This is Security 101.
Please provide a solution for this most Basic functionality, or release a firmware update to fix this gaping hole in security.
Melissa

Similar Messages

SPA122 cannot access web configuration utility

The new SPA122 device connected to router through DHCP.
I can see IP-address on router's web page, can ping it, and receive it with ****110# IVR command.
But I cannot access web configuration utility in the browser: the page is unavailible. I tried to allow WAN access with ****7932#1#1 IVR action - the problrem still on.
Can You give me any advice what to do.

You can also connect to the lan/ethernet side of the device, do an ipconfig /renew
You should get an address on the 192.168.15 network, the default for the router in the ATA is 192.168.15.1
Then you can set up the non default password, enable the wan web server (administration tab I think).
dlm...

How do I restrict access to AirPort Utility?

Anyone messing with my computer can just simply go into the utility and change the passwords to my AirPort Extreme...Please help!

You can put a filter on your wifi or use something like the K9 browser.

CSCur85678 - ISA500 Cant access web Configuration Utility when SSLv3 is disabled

Any chance of a fix for this?
Would be so nice to see Cisco do the decent thing and give all the users caught by the premature EOLs of these devices an upgrade to fix this.

Follow up.....
Thank you.
The new frmware release 1.2.22 enables administration of the ISA500 devices using ssl without the sslv3 enabled.
Very nice.

Airport Utility Timed Access Control does not allow/restrict access to wireless clients per the time set.

I have been trying to setup Timed Access Control in Airport Utility and it does not seem to be working correctly.
In Airport Utility from Edit Timed Access Control I Enter a name for my device (iPad/iPhone any device), enter my mac address, set time for Everyday and use default Between 9:00 AM and 5:00 PM, save and then update. When I go to my device iPad iPhone etc. I still have access even when it is after the time set, 5:00PM. If I set no access it will restrict access also I set a time between 2:00 PM and 5:00 PM and access was restricted. It doesnt seem to matter what the device is. I know that the MAC Adress is set correctly. It seems like an issue with the Utility, possibly time miss match or something. Not sure if I am missing something or if this Utility just has flaws. Please Help.

I changed the default to (no access) and set an entry for my test device (an iPad) to "Everyday Between 9am to 5pm. The iPad was still able to gain access to the network.
Something else to note, if I try to edit the time of an entry it gives me an error on my MBP "Invalid value", "The value for “Timed Access Control” is invalid." This happens even if I delete a digit (number or letter in the time field) and replace with the exact same. Not sure if the two are related. I have tried to edit access from my iPad. I don't get any errors but I still don't get the expected results. I called Apple to try and get Tech support but they were not much help. Thanks again.

My brother used his Verizon Wireless SIM to activate my factory unlocked iphone 5s. Now, I can't access the cellular data network option to change APN settings for my new carrier. Already tried configuration utility and factory resets.

So as the title says, after I got my iPhone 5s from apple, factory unlocked, my brother used his sim card in it for a moment to allow it to be registered and usable on WIFI until I made it to Japan. Now that I have a data SIM card, I have to input specific APN settings, which are located in settings>cellular>cellular data network, however, cellular data network is not available as an option. I have reset the phone multiple times with and without backups and with and without the new sim in the phone. I have also used the configuration utility to try to put the APN settings in the phone. I contacted Apple and they didn't really have an answer as to what i should do. My brother checked his Verizon account and my phone does not show up as one of his devices, so right now I'm stuck with and incredibly expensive iPod. Does anyone have any idea what I can do to remedy this? I am unable to contact Verizon via telephone myself as I have no phone service. Any help would be greatly, greatly appreciated.

You only have to clone your mac when using certain cable modem. You don't clone your mac when using dsl.
Greetings from Northern Ontario, Canada

Java.security.AccessControlException: access denied (java.util.PropertyPerm

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
at com.sun.ba.tool.baApplet.init(baApplet.java:46)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
... 7 more
any help would be appriciated so much.
thanks
mehmad

I dont know, but It may be that an Applet can only access the local machine. ie. If you run the applet on computer A and you want to edit the config on computer B, I do not believe you can. The applet can only talk to Computer A. You would have to:
1) Run an application on computer A and the applet would tell the application what to change.
2)Maybe sign the applet in a JAR File
You will probably have to do #1.
US101

Java.security.AccessControlException: access denied (java.util.PropertyPer

Hi All,
I try to run an applet from Solaris 8 server on some client machine using IE5 and NetScape 6.2 ( I installed JRE 1.4, I also try other JRE versions) but I get the following errors again and agian,
I even try to use appletviewer on the Solaris Box itself to open the applet but it makes no difference same errors
could somebody please help or give me a hint how should I start tracing what the problem might be ?
this applet comes with Solaris Bandwidth Manager as a gui administration tool ( webbased ) it supposed to change the configurations remotly over the web. I asure there is no solaris permission problem exist.
I use Tomcat on the server side.Installed JDK 1.3 on Solaris 8 with all the default settings.
i suppose something should be done with java.policy or java.security files i know nothing about java security please at least give me some URL's to find out more about this matter i searched a lot but couldn't find good documents about java default security restrictions
java.lang.ExceptionInInitializerError
     at com.sun.ba.common.QConfiguration.loadPredefServices(QConfiguration.java:617)
     at com.sun.ba.common.QConfiguration.getPredefServices(QConfiguration.java:630)
     at com.sun.ba.tool.MainPanel.<init>(MainPanel.java:95)
     at com.sun.ba.tool.QoSFrame.<init>(QoSFrame.java:48)
     at com.sun.ba.tool.baApplet.init(baApplet.java:46)
     at sun.applet.AppletPanel.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)
Caused by: java.security.AccessControlException: access denied (java.util.PropertyPermission console read)
     at java.security.AccessControlContext.checkPermission(Unknown Source)
     at java.security.AccessController.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPermission(Unknown Source)
     at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
     at java.lang.System.getProperty(Unknown Source)
     at com.sun.ba.common.QDebug.<clinit>(QDebug.java:39)
     ... 7 more
any help would be appriciated so much.
thanks
mehmad

Hi,
Please make changes in the java.security files present in the jdk1.3/lib/jre/security/java.security.There you make the changes in the property which gives you the error.See if this helps..
regards vickyk

Java.lang.ExceptionInInitializerError: java.security.AccessControlException: access denied (java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)

We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We have an applet
that
subscribes to a JMS Topic. The applet is throwing the following exception with
SP5:
java.lang.ExceptionInInitializerError: java.security.AccessControlException: access
denied
(java.util.PropertyPermission weblogic.kernel.allowQueueThrottling read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79)
at weblogic.kernel.Kernel.<clinit>(Kernel.java:54)
at weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Unknown Source)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
at com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
at com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Any ideas as to what I am missing?
Thanks,
Ram

Prasad,
It's one thing not to have to modify the security policy on the server,
but on a client and applets have even bigger restrictions this might
very well be the only way since the default applet restrictions would
not allow a lot of permissions granted by default for normal Java
applications.
Dejan
Prasad Peddada wrote:
Deyan D. Bektchiev wrote:
Ram,
You are missing a permission grant in your policy file and the
SecurityManager doesn't allow the code to read that property.
You have either configured a different security manager or have the
wrong file in use.
For applets this file might be in the user's home directory and named
.java.policy
you need to have the following line somethere in it:
grant {
permission java.util.PropertyPermission "*", "read,write";
Which will allow any applet to read and write any JVM property.
Look at Java permissions is you need more info:
http://java.sun.com/j2se/1.3/docs/guide/security/permissions.html
--dejan
Ram Gopal wrote:
We are in the process of migrating from Weblogic 6.1 SP2 to SP5. We
have an applet
that
subscribes to a JMS Topic. The applet is throwing the following
exception with
SP5:
java.lang.ExceptionInInitializerError:
java.security.AccessControlException: access
denied
(java.util.PropertyPermission weblogic.kernel.allowQueueThrottling
read) at java.security.AccessControlContext.checkPermission(Unknown
Source) at java.security.AccessController.checkPermission(Unknown
Source) at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source) at
java.lang.System.getProperty(Unknown Source) at
weblogic.kernel.Kernel.initAllowThrottleProp(Kernel.java:79) at
weblogic.kernel.Kernel.<clinit>(Kernel.java:54) at
weblogic.jndi.WLInitialContextFactoryDelegate.<init>(WLInitialContextFactoryDelegate.java:166)
at java.lang.Class.newInstance0(Native Method) at
java.lang.Class.newInstance(Unknown Source) at
weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:147)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source) at
javax.naming.InitialContext.init(Unknown Source) at
javax.naming.InitialContext.<init>(Unknown Source) at
com.fedex.efm.frontend.model.JMSMessageProcessor.<init>(JMSMessageProcessor.java:266)
at
com.fedex.efm.frontend.view.EFMAbstractApplet.startMessageProcessor(EFMAbstractApplet.java:81)
at
com.fedex.efm.frontend.view.EFMAbstractApplet.start(EFMAbstractApplet.java:187)
at com.fedex.efm.frontend.view.EFMApplet.start(EFMApplet.java:430)
at sun.applet.AppletPanel.run(Unknown Source) at
java.lang.Thread.run(Unknown Source)
Any ideas as to what I am missing?
Thanks,
Ram
This is a WLS bug. You shouldn't have to modify security policy.
Please approach support for a fix.
Cheers,
-- Prasad

Restricting Access only for APPS account using SQLNET

Dear Friends,
Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
please help.
Thanks.

Recently we have an incident that a functional consultant has cracked the Apps password. I don't know how.
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.ora
Now what we are planning is to restrict the database access to only the dba team using sqlnet.ora file and its tcp.validnode_checking parameter.
However, the problem is that we want to continue the APPSRO(which is an Apps Read Only Account) access to them.
Is there any way possible to restrict access only for a particular database user account using sqlnet.oraNo (and even if it exists, I believe this does not fix the main issue with the apps password which could be cracked again).
The proper way would be changing the apps password and meet the security requirements in these docs.
Secure Configuration Guide for Oracle E-Business Suite 11i [ID 189367.1]
Secure Configuration Guide for Oracle E-Business Suite Release 12 [ID 403537.1]
FNDCPASS Utility New Feature: Enhance Security With Non-Reversible Hash Password [ID 457166.1
Thanks,
Hussein

How do I access the web utility with model cisco sf302-08p ?

Hi,i have a problem with the model Cisco SB SF302-08PP Switch , i connect a cable rj45 to my pc and configure the adapter local area connection (ip address:192.168.1.252), the LEDs blink green, and go to the address bar and get the IP by default, which according to the manual is 192.168.1.254 and the result is: page not found. Is there any way to change the web utility? How do I access the web utility?

restore the switch by holding more than 30 seconds and try accessing with ip 192.168.1.254. username and password is "cisco". before change your base ip to 192.168.1.2-253.try to ping and check the connectivity

Restricted access to attachments in SRM 7.0 web applications

Hi,
We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
- signed contract
- meeting minutes
The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
Any help would be greatly appreciated.
Cheers,
Mark

Hello,
Have a look at note 1334202. It provides some inputs.
Regards,
Ricardo

ASA WebVPN. How do you restrict access to users in an AD group using LDAP?

Hi All,
I am trying to configure separate WebVPN connection profiles to give different portal bookmark contents to users based on their AD group membership. This has been very difficult, even though I beleive it should be easy.
The login page of teh ASA by default has a dropdown to allow default users to access the default portal and the SSL VPN client connection.
There are two other portals that I would like to restrict access to based on AD group membership. I have set these up to be selected by URL.
The biggest problem is, I have no way of knowing how to go about this. The AAA LDAP options show a group membership search, which I have configured, but I cannot say "Profile X is restricted to AD group CarpetBaggers", so that if soneone that is NOT a carpetbagger tries to log in, it fails.
I can only do an all or nothing scenario.
It would be nice to use Dynamic Access Policies to do this, and I have created a few, but they do NOT seem to work when the drop down aliases or URLs are in use. So how do I go about using them in this scenario? Turning off the aliases or URLs is not really an option right now.
Scenario 1 would work the best for me. Restrict access to profiles/groups based on AD group membership using LDAP.
Scenario 2 would be an ideal longer term solution.
Any thoughts, ideas or assitance would be greatly appreciated.
Cheers

This is exactly what i was looking for, and Nelson is correct. When you enter the DAP configuration for a profile click on "Advanced" and there is the option to create a logical expression. The guide (ther is a button to access this) is really helpful, with a couple of examples. This is what i used:
assert(function()
   if ( (type(aaa.ldap.distinguishedName) == "string") and
        (string.find(aaa.ldap.distinguishedName, "OU=Users") ~= nil) )
then
       return true
   end
   return false
end)()
from the debug dap you can see what Users relates to;
DAP_TRACE: Username: MyUsername, aaa.ldap.distinguishedName = CN=Mr B,OU=Users,OU=Site ******,DC=CH,DC=Mycompany,DC=com
My admin account fails to get me in to the same profile:
DAP_TRACE: dap_add_to_lua_tree:aaa["ldap"]["distinguishedName"]="CN=Admin Mr B,OU=Admin Users,OU=Site *****,DC=CH,DC=Mycompany,DC=com"
Thanks
Andrew

HT1178 How do I restrict access to my network to mac addresses?

I am setting-up a new Time Capsule and wish to restrict access to my wireless network to only those mac addresses of my equipment. I can't find instructions on how to do this. Any help in pointing me to the correct resource would be appreciated.

Suggest that you check the Help area in AirPort Utility for instructions.
Open AirPort Utility
Click the Help menu at the top of the screen
Click AirPort Utility Help
Wait for Help to load
Click Setting up a Wi-FI network on the left side of the main page
Click Control when a user can access your network
Click Control access to your wireless network

How do I restrict access to a folder-like attaching a password in order for someone to open it.

I want to locate a folder on my desktop, but want to restrict access so that anyone on my laptop can't access the folder, even though they will see it sitting on the desktop. How do I set up folder permissions?

Any file on YOUR desktop already has permissions set such that no other user account can access. But if you want to use the OS's native capability to encrypt the contents of a folder, place that folder within an encrypted image.
Use Disk Utility to create a disk image, and encrypt it with the same utility (use settings in "new image") . Make sure you size the image to a size great enough to hold all your files. Once created, and placed on your desktop, open it, using your password. Once the image is mounted, place the files you want to protect into that image, and then dismount/eject the image. The image essentially becomes your password encrypted folder. Double click it at any time to access your files (enter password). Eject the mounted image to "re-encrypt".
If you want a disk image that has cross platform capability, then try TrueCrypt. It is great App for Mac & Windows, with other advantages as well.

SA520W: Restricting access to configuration utility

Similar Messages

Maybe you are looking for