StreamingAMFEndpoint and Firewalls

Similar Messages

• Using Sockets TCP/IP to connect through Proxies and Firewalls

  How to do in a Client/server Application using Sockets TCP/IP to connect through Proxies and Firewalls?
  How to implement the HTTP Tunnelling in this case?
  the code in Client to connect to server is:
  SSLSocketFactory sslFact = (SSLSocketFactory)SSLSocketFactory.getDefault();
                 socket = (SSLSocket)sslFact.createSocket(c.site, c.PORT);
            String [] enabledCipher = socket.getSupportedCipherSuites ();     
                 socket.setEnabledCipherSuites (enabledCipher);
                 out = new ObjectOutputStream(socket.getOutputStream());
                 in = new ObjectInputStream(socket.getInputStream());
  The Server is an executable Standalone Application with a main Function � How to do to convert this Server in a Servlet Application?
  the code in Server to wait client connections is:
  Runtime.getRuntime().addShutdownHook(new ShutdownThread(this));
            try {
                 SSLServerSocketFactory factory = (ServerSocketFactory) SSLServerSocketFactory.getDefault();
                 SSLServerSocket sslIncoming =
                      (SSLServerSocket) factory.createServerSocket (PORT);
                 String [] enabledCipher = sslIncoming.getSupportedCipherSuites ();
                 sslIncoming.setEnabledCipherSuites (enabledCipher);
            while(running) {
                      SSLSocket s = (SSLSocket)sslIncoming.accept();
                 newUser(s, pauseSyn);
            } catch (IOException e) { System.out.println("Error: " + e); }
  some links or code sample?
  Thanks in Advance

  Did you see this: Networking Properties?
  Including
  SOCKS protocol support settings
  and
  http.proxyHost (default: <none>)
  http.proxyPort (default: 80 if http.proxyHost specified)
  http.nonProxyHosts (default: <none>
  ftp.proxyHost (default: <none>)
  ftp.proxyPort (default: 80 if ftp.proxyHost specified)
  ftp.nonProxyHosts (default: <none>)

• New Qos and Firewalls URL Options for gamers for Win10

  This is more of a gamer thing.
  I'm wondering if there's a way to implement URLs ( instead of IPs ) with ports into Firewalls and QoS? Naturally I don't want to open ports for all IPs and determining all IPs for some sites, when there exist are multiple worlds, can't always be determined.
  It would be nice to say, for all *.SomeGame.com allow this port to be open.
  Additionally, if this rule is active, give it higher priority than video or voice....
  I have seen some gamer systems where their router and firewall have an open port for their games :\ Also, usually most gamers will have Skype/Twitch/Netflix/Hulu open whilst gaming. Naturally, they don't want lag for their games, and would prefer their gaming
  to have priority over any voice or video.

  You do not need to setup anything like that in any windows for gaming application...even if I running torrent + dc++ client I have no lags or freezes so on. So if you want to setup QoS just find appropriate guide for specific application. And
  btw URL's doesn't match game server IP's & port's ranges, so it is never been released under QoS development. Cause QoS is about how to manage your existing LAN bandwidth for applications on your OS installation.

• ISE and firewalls

  I have a Primary ISE node  (primary admin/monitoring/policy) sitting in network 192.168.1.0/24 and the Secondary ISE node (secondary admin/monitoring/policy) sitting in network 192.168.2.0/24.  There is a firewall sitting between these two networks.
  What TCP and UDP ports do I need to open on the firewalls so that these two nodes can communicate and sync with each other?  I AM ONLY INTERESTED IN THE TRAFFICS BETWEEN THESE TWO NODES and not other traffics to else where.
  I've read through the documentation and it seems that I only need a couple of tcp and udp ports for this.
  Any comments?
  Thank you  in advance.
  david

  David,
  AFAIU minimum of TCP/443 and TCP/1521  (and ICMP for hearbeat).
  http://www.cisco.com/en/US/partner/docs/security/ise/1.1/installation_guide/ise_app_e-ports.html
  M.

• NVGRE Gateway Security and Firewalls?

  Hi,
  I am setting up a Hyper-v NVGRE gateway on Windows Server 2012 R2. Now from what I have read the gateways have 3 NICs and one interface dedicated to public IP addresses, I haven't been able to find any information about how the gateways are secured.
  Can they be protected behind hardware firewalls?
  Are they already secured at the time of install out of the box?
  Do we have to use and configure the windows firewall on the gateway for protection?
  Any best practice out there, real like experience / examples or some documentation on this subject as I am struggling?
  Many thanks in advance.
  Microsoft Partner

  Hi,
  i have created some blogs on hyper-v.nu about nvgre gateway.
  My recommendation:
  Put the gateway Hyper-V host and GW VM's in a separate domain.
  Connect the GW VM's directly to internet.
  Enable the Windows Firewall. look after the Network Connection Profile as there are different rule sets for Private, Public and Domain rules. Make sure the external interface is marked as public profile. If you use the toolkit i created for GW deployment
  its configured for you.
  if your company policy doesn't allow to directly connect to the internet put firewall in front, but transparently, or create a public subnet behind that firewall so your GW VM's have public ip's.
  Only use inspection on traffic (IDS), don't block it, if you really need to, create a common allow list for regular ports. Otherwise tenants need to open service requests at your helpdesk to open ports if they want to publish application via a NAT
  rule.
  since you put the hosts and GW VM's in a separate domain you managed to separate it from your management domain, what is in my sense the best practice.
  Use 3th party NVGRE vendors like Boudewijn mentioned as BIG IP F5.
  Best regards, Mark Scholman. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• XMPPGateway and Firewalls - can't connect to googletalk

  This has myself (the developer) and the firewall guys really
  stumped. I am trying to use talk.google IM service to launch an IM
  bot using the CF gateways. Everything works well on my local
  install of CF server but once we move it to our dev server and
  setup up the instance, the gateway cannot connect to talk.google.
  Firewalls have port 5222 wide open. AND.... I downloaded the
  gtalk client onto the server and it connects through that without
  issue. Does anyone have any idea?
  the error in the logs is "XMPPGateway (xxxx) Error trying to
  connect to talk.google.com: Connection failed. No response from
  server."
  pertinent config settings are:
  resourceName=ColdFusion
  secureprotocol=TSL
  securerequirement=false
  serverip=talk.google.com
  serverport=5222

  Wow, not 2 minutes after I posted this I figured it out. I had to go into Server Preferences and in there was able to turn on file sharing. So that was stupid of me and an easy fix. Now it can be accessed easily from the imac and macbook.
  Sorry for the waste of space.

• Multiple IPs and firewalls

  I'm wondering if it's possible to create multiple firewalls in Mountain Lion server. I have four IP addresses on one server, all on the same LAN, and I want to restrict specific traffic to specific TCP/UDP ports (e.g. only mail ports on IP X, web services on IP Y, and VPN services on IP Z, etc.).
  Is it possible to create multiple firewalls on each port so that I can restrict network traffic in this manner? Or is there a better way to do this from the start?
  Thanks!

  Use pfctl (see: man pfctl)

• BT Infinity and Firewalls

  Hi,
  I'm interested in ordering the BT Infinity option 2, however I have noticed the BT website makes it quite clear that no other networking equipment (routers in specific) is compatible with the service.
  The reason I am posting, is because I have a Juniper SSG20 firewall and a spare Draytek 2955, which is capable of dealing with more than 1 WAN (untrust) connection, and is much more expensive and will definitely be much better grade of equipment than the BT Infinity Home Hub.  I have no need for the home hub, and made it clear when I last spoke to Sales about this but they are adamant that I need the home hub because the modem is "special".
  Now, I understand that you might be concerned for sake of providing technical support and quality of service in the case where a customer wants to attach for instance any of the other consumer-grade equipment to the modem, however these firewall/routers I've got is business grade, have a good reputation for reliability and also will deal with much more bandwidth at a much lower latency than the other equipment I have tested (including the Home Hub 2.0).
  From what I can see and read on the net this is pretty much a bog-standard VDSL2 modem with an ethernet WAN interface.
  Thus, I want to know whether it would be possible to take out the Infinity home hub and use Bridging on the WAN connection from the Openreach modem to one of my firewalls in order to establish a connection instead of using the Home Hub.
  I'm an IT engineer with more than 13 years of experience and I don't need BT to help me configure the Juniper/Draytek as I'm perfectly capable of doing that myself and will never need to call them for assistance. 
  v
  Solved!
  Go to Solution.

  VeeMan
  'If you have a router that supports Ethernet WAN, you may use this in place of the
  BT Home Hub. Please bear in mind, though, that our helpdesk can’t help with
  connection problems if you’re using a non-BT-supplied router.'
  Thats directly from the HH Infinity manual, the modem is owned by Openreach so you have to use it.

• RMI-IIOp  and firewalls

  what support is provided for RMI and IIOP through Firewalls?

  "Scot Hale" <[email protected]> wrote:
  >
  Andy Piper <[email protected]> wrote:
  "Uma Patil" <[email protected]> writes:
  what support is provided for RMI and IIOP through Firewalls?None, right now. We tried to get support into 7.0 for this but
  failed. It will probably be fixed in 7.1. We currently get very few
  requests for this.Is it supported in 8.1? I am in a position where I need it.Yes, it looks like it is fixed, now I just have to test it and see if it works.
  http://e-docs.bea.com/wls/docs81/notes/resolved.html#1011163
  >
  >
  >>
  andy

• Question Regarding QoS and Firewalls Rules

  Hello experts, I hope a simple question for you today. I am working to elevate our outdated H323 traffic down a VPN tunnel we are only getting 600k throughput on.
  Under "Networking --> QOS --> WAN QOS" I have configured the downstream and upstream bandwidth rates using the 85% rule. I have also created a bandwidth profile called VOIP using 128-256kbps with a priority of "High"
  Under "Traffic Selector" I have created the profile using the VLAN 100 for the IP phones with the VOIP bandwidth profile.
  My question, is this the correct configuration and I'm done? Or do I need to go further and create the same IPv4 rules in the firewall rules giving it a QoS Priority of "Minimize Delay"
  Is there a way in SA540 to see the QOS statistics to see if they are working correctly?  I appreciate your input as always experts!!

  It's about the relevance of the link. Some will post a vague link to the SAP help that adds no value to anyone trying to find the answer to the question, whereas a targeted link to a - possibly difficult to find - page can be very useful.
  It's a bit of a subjective thing, example:
  A detailed question asks about technical info behind assigning a cost center to an organizational unit in the org chart.
  A reply such as:
  Check [this link|http://help.sap.com/saphelp_erp60_sp/helpdata/en/0b/dfba3692dc635ce10000009b38f839/frameset.htm].
  Is just wasting everyone's time. Unfortunately we see a lot of these, people seem to think it's a quick way of getting cheap points but it just frustrates everyone else.
  Asimilar answer can however be very useful if it contains a targeted link that relates directly to the question, e.g.
  See the help on [account assignment infotypes|http://help.sap.com/saphelp_erp60_sp/helpdata/en/bb/bdb2b6575911d189240000e8323d3a/frameset.htm].
  However a generic link as per my first example as part of a detailed explanation with a comment of "further info can be found over here" is a good post since the purpose of the link it more for convenience or reference info in addition to the answer in the post.
  Hope that helps,
  Mike

• My iPhone won't restore. It is in dfu mode and when I try and restore I get an error 21 message. I have tried to reinstall iTunes and disable my security and firewalls. No luck apple say send in for a 348 buck hardware reset/fix. Any thoughts.

  I am open to trying anything. Until I plugged it into computer I just kept getting a apple symbol then it would turn off every five second it would light up then turn off. I man the boost network and don't live near an apple store. 3 hours away! Would Telstra or Optus shop look at it ? Or should I just send it too Apple and pay. It is 14 months old my iPhone 5

  Error 20, 21, 23, 26, 28, 29, 34, 36, 37, and 40
  These errors typically occur when security software interferes with the restore and update process. Use the steps to troubleshoot security software issues to resolve this issue. In rare cases, these errors may be a hardware issue. If the errors persist on another computer, the device may need service.
  Also, check your hosts file to verify that it's not blocking iTunes from communicating with the update server. See the steps under the heading "Blocked by configuration (Mac OS X / Windows) > Rebuild network information > Mac OS X > The hosts file may also be blocking the iTunes Store." If you have software used to perform unauthorized modifications to the iOS device, uninstall this software prior to editing the hosts file to prevent that software from automatically modifying the hosts file again on restart.

• IIOP and firewalls - urgent help!!!

  Hello there,
  we have problems connecting with a Java applet to BC4J deployed as EJBs in an OracleJVM (Oracle9i AS 1.0.2) over IIOP throu a firewall. Is anyone out there who can help us? We need urgent help!!!
  Thanks in advance!
  Stefan
  null

  AFAIK, you have only three options:
  1. Configure your IIOP connection to use an existing open port on the firewall (e.g., port 80 which is usually reserved for HHTP protocol) - THIS IS A BAD IDEA
  2. Configure the firewall to allow inbound traffic on the IIOP port you are using (Oracle uses 2481 by default) - this is fine if you control the firewall.
  3. Wrap your EJB client code in a servlet and communicate from the applet to the servlet via HTTP. This is the normal "firewall-puncturing" approach (aka "tunneling").
  John H.

• IIOP and firewalls - need urgend help!!!

  Hello there,
  we have problems connecting with a Java applet to BC4J deployed as EJBs in an OracleJVM (Oracle9i AS 1.0.2) over IIOP throu a firewall. Is anyone out there who can help us? We need urgent help!!!
  Thanks in advance!
  Stefan

  Are ports 1521 (for JDBC) and 2481 (for IIOP) open on your firewall? That's what my problem turned out to be.

• Problems with Oracle, Apache, mod_ssl and firewalls - hang

  Hi,
  We have an Apache server as supplied by Oracle (1.3.19), serving both
  static html and mod_plsql pages.
  When the system is accessed via SSL and the Internet, it will tend to hang
  after a relatively short time - especially if two people access at the same
  time. This is seen at the browser as a page that simply fails to arrive,
  there is no standard 'Page could not be found' type message.
  A network sniffer seems to show that there is some continuing network
  traffic, but the Apache error_log does not show activity.
  If the system is accessed without SSL but still via the Internet then there
  appears to be no problems and the system runs a lot faster than SSL +
  Internet.
  If the system is accessed with SSL but internally so avoiding the Internet
  then there also appears to be no problems and the system runs faster than
  SSL + Internet.
  Our servers are running NT4 SP6.
  Our firewall is Checkpoint NG running on Solaris (although we also
  swapped in a Nokia firewall running Checkpoint 4.1 which had the same
  results).
  Any thoughts on what might be occurring, what we should be looking at
  next?
  Andy

  Can anyone say, what's thue problem:
  openssl req -new -key key.pem -out req.pem
  and i see it :((
  Using configuration from /usr/local/ssl/openssl.cnf
  Unable to load config info
  unable to find 'distinguished_name' in config
  problems making Certificate Request
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:
  740:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:.\crypto\conf\conf_lib.c:343:

• RMI and Firewalls

  Hi folks,
  I have a sun cluster on which I put my RMI server, clients connect to server through a firewall. My problem, since it's a clustered environment we get physical IP addresses and logical IP addresses, clients if they ahve to connect to the server without firewall they have to see only logical IP addresses and not the physical. That works fine, but when there is a firewall the setting is different. If my logical IP is, say 120.30.40.10 and my physical IPs are 120.30.40.6, 120.30.40.7 .... The firewall is configured to let clients connect to, say IP 180.70.40.4 and it transltes that to the logical IP address. When client is trying to make a lookup it connects to 180.70.40.4 which will be translated to 120.30.40.10. It passes this step and manages to get a reference to the server, but when it tries to invoke a method on that server it 's rejected by the Firewall. The cleint is getting RMI exception connection refused to 120.30.40.6, which is the physical IP of the server. After discussion with security team they said that the client is trying to initiate another connection to that physical IP which is not allowed by firewall.
  My question is how to avoid the client connecting to the physical IP address. it seems that it's done internally in the RMI protocol.

  I solved that problem by setting the property java.rmi.server.hostname=external_IP_address which solved the external client problem. But that raised anothe rproblem, since I have internal clients as well they couldn't connect to the sever becasue it's on an external ip adress it's giving me connection refused to that IP.
  What's the solution in this case, I need somebody to help me ...
  Thanx