VCloud: vShield Edge FW Rules

Similar Messages

• Appending Firewall Rules to vShield Edge with PowerCLI Script

  Hi,
  I have a script which enables us to upload 4k worth of firewall rules, but every time it executes, all existing rules are over written.
  Is this something to do with the API or just a scripting issue - if so, can anyone suggest how to append on to the existing set?
  Update:
  So obviously the following line seems to create a new instance of the firewall:
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  Because the next 3 lines after are setting the main firewall parameters again - something you wouldn't need to do if we were just adding new rules to the existing firewall.
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  Is there a way to use a PowerShell command such as add-member rather than new-object?
  param (
  [parameter(Mandatory = $true, HelpMessage="vCD Server")][alias("-server","s")][ValidateNotNullOrEmpty()][string[]]$CIServer,
  [parameter(Mandatory = $true, HelpMessage="Org")][alias("-vOrg","o")][ValidateNotNullOrEmpty()][string[]]$orgName,
  [parameter(Mandatory = $true, HelpMessage="OrgNet")][alias("-orgNet","n")][ValidateNotNullOrEmpty()][string[]]$orgNet,
  [parameter(Mandatory = $true, HelpMessage="CSV Path")][alias("-file","f")][ValidateNotNullOrEmpty()][string[]]$csvFile
  # Add in the VI Toolkit
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Core
  if ( (Get-PSSnapin -Name VMware.VimAutomation.Cloud -ErrorAction SilentlyContinue) -eq $null ) {
  Add-PSsnapin VMware.VimAutomation.Cloud
  try {
  Connect-CIServer -Server $CIServer 2>&1 | out-null
  } catch {
  Exit
  #Search EdgeGW
  try {
    $myOrgNet = Get-Org -Name $orgName | Get-OrgNetwork -Name $orgNet
    $edgeHREF = $myOrgNet.ExtensionData.EdgeGateway.Href
    $edgeView = Search-Cloud -QueryType EdgeGateway -ErrorAction Stop | Get-CIView | where {$_.href -eq $edgeHREF}
  } catch {
  [System.Windows.Forms.MessageBox]::Show("Exception: " + $_.Exception.Message + " - Failed item:" + $_.Exception.ItemName ,"Error.",0,[System.Windows.Forms.MessageBoxIcon]::Exclamation)
    Exit
  #Item to Configure Services
  $edgeView.Configuration.EdgeGatewayServiceConfiguration
  $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
  $fwService.DefaultAction = "drop"
  $fwService.LogDefaultAction = $false
  $fwService.IsEnabled = $true
  $fwService.FirewallRule = @()
  Ipcsv -path $csvFile |
  foreach-object
  $fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
  $rowNum = $_.Num -as [int]
  $fwService.FirewallRule[$rowNum].description = $_.Descr
  $fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
  switch ($_.Proto)
  "tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }
  "udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }
  "any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  default { $fwService.FirewallRule[$rowNum].protocols.any = $true }
  $fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP
  if ($_.SrcPort -eq "any" ) { $srcPort = "-1" } else { $srcPort = $_.SrcPort }
  $fwService.FirewallRule[$rowNum].sourceport = $srcPort
  $fwService.FirewallRule[$rowNum].destinationip = $_.DstIP
  $fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange
  $fwService.FirewallRule[$rowNum].policy = $_.Policy
  #$fwService.FirewallRule[$rowNum].direction = $_.Direction
  #$fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)
  $fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)
  $fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)
  #configure Edge
  $edgeView.ConfigureServices($fwService)
  Thanks,
  Scott.

  Hi,
  Agree with Ed, you can publish CAS array VIP to internet, and use it to configure Federated Delegation.
  Thanks.
  Niko Cheng
  TechNet Community Support

• Virtual fw for Azure pack with fw rules.

  Are there any Virtual fw for Azure pack, like VMware have Vshield edge?
  I really miss the control of fw rules in azure pack. I want to be able to block or allow icmp, open up ports or block ports on networks. Is that possible somehow?

  Take a look at:
  http://www.5nine.com/lp/59CloudSecurityWAP-Preview.aspx
  http://www.5nine.com/5nine-security-for-hyper-v-product.aspx
  They'll do the job!

• Installation of Nexus 1000v 4.2.1.SV2.1.1 - Operation timed out.

  Hi,
  We are trying to install the latest version of Nexus 1000v to ESXi5.1 and the installer application is much better than the previos one, but we are having problems with implemetation, because deploying of OVA file times out.
  First attempt: Nexus-1 was successfully deployed on ESXi-1, but Nexus-2 which should be deployed on ESXi-2 returned an error: "Deploy OVF template":"Operation timed out."
  Second attempt: Deploying of Nexus-1 returned the same error
  Third attempt: The same as the first attempt.
  It looks like that there is a time limit which is used for deploying OVA file and since file needs to be uploaded to ESXi it takes too long, so the installation fails. Is it possible to extend this time?
  BR,  M.

  Hi Mtrcek,
  The fact that it  gets to the 'Deploy OVF Template' step and then fails still points to one of two possible things:
  1. DNS
  2. Storage
  1. DNS - When you say you put entries in hosts files it tells me you are looking at the DNS on the VC or ESX hosts. What you need to check is the DNS on the vShield Manager. DNS servers need to be configured on the vShield Manager, also a good way to test is to log in to the CLI of the vShield Manager and from there ping by hostname the VC and the ESX servers.
  2. Storage - make sure there is enough space on the datastore where you are deploying the vShield Zones firewall and make sure there are no latency/slowness when writing to the disk. A quick test is to install the vShield Zones firewall on local disk, just to rule out the shared storage being the issue. Of course, this is not the recommended installation location and I would strongly suggest to uninstall and then re-install on shared storage once the issue is fixed (Assuming there are issues with shared storage).
  ne more thing I noticed from the screenshot is that you have not applied the license keys for vShield App and vShield Edge. I mention this because you say your test plan requires Edge and most likely vShield App (not the free version: Zones). You will need to apply the license keys in order to be able to deploy Edge.
  Please check DNS/Storage.
  orrrrrrrrrrrrrr
  vShield Data Security Installation Fails
  Problem
  During vShield Data Security installation, I get an error while installing the service virtual machine and an
  error message on vSphere client.
  NAME=deploy OVF template Target=VMWARE-Data Security-xxxx
  Status=operation timed out
  Cause
  The DNS setup for vShield Manager may not be consistent with the DNS setup for the host in vCenter Server.
  Solution
  Change the vShield Manager DNS setup so that it matches the host setup.
  Regards
  please rate if it helps.

• Exchange 2013 - Import-TransportRuleCollection from Exchange 2007 failing

  I am in the middle of a Exchange 2007 SP3 to Exchange 2013 Sp1/CU4 migration and am importing transport rules and it's failing.
  [PS] C:\Windows\system32>Import-TransportRuleCollection -FileData C:\2007TransportRules.xml -Verbose
  Cannot process argument transformation on parameter 'FileData'. Cannot convert value "C:\2007TransportRules.xml" to type "System.Byte[]". Error: "Cannot convert value "C:\2007TransportRules.xml" to type "System.Byte".
  Error: "Input string was not in a correct format.""
      + CategoryInfo          : InvalidData: (:) [Import-TransportRuleCollection], ParameterBindin...mationException
      + FullyQualifiedErrorId : ParameterArgumentTransformationError,Import-TransportRuleCollection
      + PSComputerName        : ex2013-mb1.MYDOMAIN.local
  Before you ask, I am still on SP1/CU4 because CU5 and CU6 are so buggy I refuse to install them. And that's probably not the fix anyway... WHEN IS CU7 coming out?

  I've seen an official list but, rules that were Edge transport rules are the first ones that come to mind. After the import you can look in the EAC and it should show you any rules that have errors or you can stare and compare the rules to your 2007 environment
  to determine if any weren't imported. 
  DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com

• Map Builder Preview rendering errors

  I am having problems using Map Builder. I have wasted quite a bit of time trying to fix these problems assuming I was doing something wrong, or something was wrong with my data.
  Error 1: I create a map using 2 themes. One theme is a geometry theme of topo edge primitives. The other is a topology theme of features built from those primitives. The geometry theme is assigned a red line style. The topology(feature) theme is assigned a blue line style. the geometry theme is listed first, to draw first. I expect to see the red overdrawn by the blue. The preview show red lines. When viewed in Acquis Data Editor, this map displays as expected (blue lines) and when a feature is removed (disassociated from the topo primitive) the underlying primitive shows up as red. When I stop and restart Map Builder, the preview rendering is as expected, blue on top.
  Error 2: I create a map using 1 theme. This theme is a geometry theme of topo edge primitives. I assign node and edge styles. When I preview the map, the nodes (only one node per edge) are displayed at the center of the straight edges, at what appears to be mid-distance between the end points of the edges of the shaped edges (not on the edge), and in the center of rings created by edges that have the same start and end node. They look like they are attempting to be what ESRI calls label points. Again, when I view this map in Acquis Data Editor, the nodes show up on the ends of the edges where I usually tend to look for nodes to show up. Stopping and restarting Map Builder does not fix this rendering problem.
  Are these known bugs and when can I expect to use the preview button reliably?
  Alden

  For the red line style, L.EDGE, the xml def is:
  <?xml version="1.0" standalone="yes"?>
  <svg height="1in" width="1in">
  <desc/>
  <g class="line" style="fill:#FF33FF;stroke-width:1.0">
  <line class="base"/>
  </g>
  </svg>
  For the blue line style, L.FEATURESTYLE, the xml def is:
  <?xml version="1.0" standalone="yes"?>
  <svg height="1in" width="1in">
  <desc/>
  <g class="line" style="fill:#3366FF;stroke-width:1.0">
  <line class="base"/>
  </g>
  </svg>
  For the geometry (edge primitive) theme, TOPO_EDGE, the xml def is:
  <?xml version="1.0" standalone="yes"?>
  <styling_rules>
  <rule>
  <features style="C.FACE"> </features>
  </rule>
  <rule>
  <features style="M.NODE"> </features>
  </rule>
  <rule>
  <features style="L.EDGE"> </features>
  </rule>
  </styling_rules>
  For the topology(feature) theme, GLOBAL, the xml def is:
  <?xml version="1.0" standalone="yes"?>
  <styling_rules theme_type="topology" topology_name="MGF_TOPO">
  <rule>
  <features style="L.Featurestyle"> </features>
  </rule>
  </styling_rules>
  For the base map, TEST2, the xml def is:
  <?xml version="1.0" standalone="yes"?>
  <map_definition>
  <theme name="TOPO_EDGE"/>
  <theme name="GLOBAL"/>
  </map_definition>
  As I said earlier, this does display blue lines after a restart of MapBuilder but upon first creating this map and themes, the initial display is red lines.
  As to error 2: I understand now that Acquis probably does a specialty mapping of metatdata and uses the NODE$ table, applying the style definition for the edge theme (M.NODE) to display them.

• Environment Segmentation - PGI vs VXLAN

  I have been tasked with redesigning my companys virtual infrastructure (vSphere 5.5 Ent Plus). This redesign will involve the consolidation of two physically air gapped Dev and Production environments into one IT Service, logically separated environments.
  I have been looking at design guides utilising VMware vShield Edge product to simplify the segmentation via PGI (port group isolation). However, from what I understand, the PGI capability has been removed post v4.1 and is no longer available in vShield 5. The design I was looking to emulate was:
  A few questions I have for anyone with experiance in this field:
  - Why was PGI functionality removed, it looks to be a great method for segmenting environments
  - does VXLAN supercede PGI or are there other functionalities vShield can provide to give the same functionaliy
  - How does you segment your vEnvironment. My company is ultimately looking to migrate to a converged CIAB solution wtih DEV, Test, Prod and DMZ all located within the same physical infrastructure but yet securely separated logically.

  Hello,
  As of vSphere 6 there is no more vCNS available to buy. So unless you already have Cloud Suite you will need to consider something like NSX or a third party.
  I use Edge firewall devices between my portgroups to ensure isolation. If those portgroups are on different VLANs then port group isolation still works. However, you then need to bridge the gap.... an edge style firewall does this for you. There are several virtual versions of these firewalls.
  pSwitch <-> Cable <-> pNIC <-> vSwitch <-> portgroup <-> EDGE FW <-> portgroup <-> vSwitch <-> workloads trust zone 1
                                                           EDGE FW <-> portgroup <-> vSwitch <-> workloads trust zone 2
  The above works just fine for me. And if you want to ensure no traffic goes between the portgroups put each trust zone in its own VLAN, but that does mean the EDGE FW needs to bridge between VLANs. You can also do something similar with microsegmentation of workloads tagged as trust zone 1 and trust zone 2 depending on how you want to split things. Microsegmentation works within each trustzone to either act as a secondary defense, I.e. VMs in trust zone 1 cannot talk to trust zone 2 or you can say XYZ vms in tust zone 1 cannot talk to ABC vms in trust zone 1.
  Lots of uses there. any virtualized EDGE FW can work here btw, does not need to be VCNS (if you do not already own it)
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009-2015
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• Graduated filter substitute?

  Hi,
  I'm far away from being a professional photographer but I do enjoy landscape photography. I've been playing around with Lightroom 3 and I love what I can do with my pictures in there. My big problem is that I also love Apple products and all the syncing that comes with it. I really want to move over to Aperture but I can't find a decent substitute for the graduated filter that Lightroom 3 has. I've tried the Brushes (dodge and burn) but they leave me with edges. It ends up looking bad. I've tried experimenting with the exposure but that changes the whole picture, not the sky or the ground (which is mostly what I want to adjust in my pictures). I've also played around a bit with highlights and shadows but, as with exposure, it's the whole picture that is being altered.
  Any suggestions?
  Thanks so much
  Sophie

  Also useful:
  Put down brushstrokes at different strengths.  Use "color overlay" to see.  Feather between strokes as well as between stroke and non-stroke.  Note that Feather is also strength-settable (afaict).
  Brushes are stupendously variable.  I find them the least well-used and understood aspect of Aperture.
  For the quick'n'dirty GND filter, use the Polarize Quick Brush, turn off "Detect Edges", set size to whatever is one-fourth the distance from horizon to top of Image, set softness to c. 0.3 and Strength to 1.0 and draw a swath across the top of the Image.  Change strength to 0.9 and come back the other way with swath #2 just below the first.  Repeat at 0.8 and 0.7.  Set Strength back to 1.0 and Feather the three in-between edges, and the fourth (lowest) edge as needed.
  Note that "Detect Edges" works as an Eraser as well.  It is often easier (IME) to erase to the edge of a form as it is to fill outside the form to the edge (the rule of thumb is simple: detect edges from the side of the edge with the least tonal variation).  I almost always lightly feather all edges detected w. "Detect Edges".
  Try to avoid relying on "Detect Edges".  It is needed much less than commonly thought, imho.  (Any draftsman could tell you this.  We perceive with our brains, and our brains are massively motivated completion machines.  You are generally better off under-specifying an edge and letting the viewer "find it", than over-specifying it and bringing attention to it.)
  OP:  Note that almost every Adjustment except "Exposure" can be brushed on/brushed off, and that there are separate Quick Brushes for each of the four slider-controls in the Enhance Brick.
  Message was edited by: Kirby Krieger

• New vCloud Suite Purchase and Install - No Edge Gateway?

  vCloud Suite 6 no longer comes with vCNS, but does allow upgrading customers to bring their existing vCNS product forward. So what does a new customer do when installing an Edge cluster to secure things without vCNS? Is it pretty much mandatory to purchase either NSX or some other 3rd party virtual network and security product?

  I've found the solution on another thread and it goes like this:
  1) install the most recent Nokia Software Updater
  2) install the most recent Nokia PC Suite
  3) uninstall Nokia Connectivity Cable Driver from Add or Remove programs in Control Panel
  4) install the older Nokia Connectivity Cable Driver (6_85_10)
  Restart your PC if asked to do so.
  Here is the rapidshare link for the Nokia Connectivity Cable Driver (6_85_10) if you have trouble finding it.
  http://rapidshare.com/files/108603126/Nokia_Connec​tivity_Cable_Driver_rel_6_85_10_0_eng.msi.html

• Gray area between vertical ruler and edge of page – remove

  I have a pages file where there is a large gray area between the edge of the page and the vertical ruler. I don't know where it came from but I want to get rid of it. I have a new file that I just opened from my templates and he does not have this large gray area.
  I tried looking, clicking on things and scratching my head and nothing works.
  I tried to add a couple J pigs to show what I'm talking about but can't do it. Anyway any suggestions would be highly appreciated.
  TIA
  David

  I'm not sure what you're seeing.
  Check the documents printer settings. They may be set for different printers. Perhaps Any Printer. If they'e not set for your printer, change them and see what you get.
  Walt

• Lync Edge and Proxy server public DNS records port forwarding rules

  Hi All
  I have question in regards to port forwarding rules for port 443 of simple url.
  I have 4 public ip addresses.
  1 edge server (4 nics , 3 running with different ip for sip, meet and dialin in DMZ network, 1 connected to internal local network).
  1 proxy server (2 nics, 1 running with an ip which is in DMZ same as edge, and 1 connected to internal local network)
  1 front end (lync 2013 standard installed.) connected to internal local network
  1 office web apps . connected to internal local network
  The question is that I am using 3 public ip addresses respectively on public DNS records for sip, meet and dialin(av) and using port 443 which has been set on edge server. So , I can use 3 DMZ network ip address on edge for sip, meet
  and dialin (av) port forwarding from 3 public ip addresses as per in Microsoft document.
  However, I also have a reverse proxy .Hence, my understanding is all public DNS records except SIP and port 443 should be pointed and port forwarded to reverse proxy ip address which is in DMZ network as it would redirect 443 and 80 to 4443 and 8080 to front
  end.
  Now the question has been clear, if simple URLs public DNS record and port forwarding rules for port 443 should be pointed to reverse proxy server, why they need to be set on each ip address and port number in Front end server topology to edge server?
  If anyone knows, please give a help how to set it correct and what is supposed to be a correct configuration for a topology lync 2013

  Hi George
  Thanks for your reply. Attached is my topology which could make my it bit clear. You may see the public dns host record from the image. I set sip, meet, dialin , and owa 4 host records. The first 3 records are pointed to lync edge by doing a NAT with port
  443 which is the same as per you said. However my understanding is they should be pointed to reverse proxy instead as for instance, I need meet.xxx.com with port 443 to be redirected to port 4443 through reverse proxy server to the front end. So when the external
  customers who do not have lync client installed to their machine then we can shoot a lync meeting and send to them via outlook and they just need to click on join lync meeting link in the email to join in such a meeting based on IE. (Is my understanding correct?)
  If lync web meeting works like so , then the question is why I need to set three SAME addresses in front end topology builder for edge and make them point to edge server instead?　
  １. Access Edge service (SIP.XXX.COM) ---> I understand that it is used for external login lync front end.
  2. Webconf edge server(Can I set to meet.xxx.com which is the same as simple URL that points to reverse proxy?) ----> If I can set this address to be the same as simple url address that points to reverse proxy, why should it need to be NATed to edge
  instead? TO BE HONEST, if I HAVE tested, if I set this url as sip.xxx.com which means to use a single FQDN and ip address with port 444 and points simple url meet.xxx.com to reverse proxy, it will still work to join lync meeting sent by
  outlook.I DO NOT REALLY UNDERSTAND WHAT this URL used for at this stage.
  3. AV edge --- same as webconf
  Regards
  Wen Fei Cao

• How can I find the ruler in Edge Reflow?

  I am building the website, and I need a ruler tool. I have been looking for it, but I can't find in anywhere.
  Please help!

  An horizontal ruler that allows you to add add/edit breakpoints is aviable on the top of the document window. If you need a "classic" horizontal/vertical ruler, like InDesign, Illustrator and other Adobe applications, it's not aviable on Reflow.

• Is there a ruler for the side edge of the paper?

  Pages provides a ruler at the top of the document, is there one for the side of the document?

  Yes, see Menu > Pages > Preferences.
  Peter

• How to migrate vShield to another vCenter?

  I have a vCenter 5.1 infrastructure with 2 ESXi 5.1 hosts and vShield implemented with 2 Edges.
  I need to migrate this 2 ESXi hosts to a new vCenter 5.5.
  Migrate the hosts is not the problem, my question is: how I migrate vShield Manager, Edge, etc to the new vCenter (vShield Manager was already upgraded to version 5.5.x)?

  Hello,
  Best approach is to export your existing firewalls and rules from the first vShield Manager. Setup a new one within the new location. Import all the firewall rules into the new vShield Manager. You may have to fix up your networks on the firewalls however.
  Best regards,
  Edward L. Haletky
  VMware Communities User Moderator, VMware vExpert 2009-2015
  Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.
  Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

• Issues with EDGE connection - Curve 8520

  Hi!!
  I have been having problems with the Blackberry EDGE internet connection on my phone for the past 3 months. I thought it may be a problem with my mobile provider, Yoigo, but they have told me they don't know what's wrong and cannot fix the problem.
  The connection shuts itself off randomly without warning and I no longer receive emails, fb notifications or whatsapp messages. I know that it has stopped because 'EDGE' in the top right hand corner turns to lower case 'edge'. In order to fix it I have found that I have to go to host routing table in options and re-register myself with the Blackberry Internet Service, wait for the message to tell me that I am now registered again and then wait... and wait! Sometimes it comes back after 5 mins, other times I have to re-start the device after 1 or 2 hours.
  Does anyone know how I could fix this issue for good, because this happens at least twice a day now and it's driving me crazy!!
  Appreciate it!! Thanks in advance!
  Laura

  Hi LauraM22
  Welcome to BlackBerry Support Forums
  If your Connection drops frequently then it might a problem with your Carrier Network , but still you can perform those steps in a sequence  :
  1- Register your Handheld .
  KB00510 : How to register a BlackBerry smartphone with the wireless network
  Wait till a Registration messages comes in your message box.
  2- Delete and Resend your Service Book
  KB05000 : Delete the service book for the BlackBerry Internet Service email account from the BlackBerry smartphone
  KB02830 : Send the service books for the BlackBerry Internet Service
  ( Wait till a Registration Message comes in your message box for each email that you have configured on your device )
  3-  Then perform a battery pull restart like this while the device is powered On remove your battery wait for a min. then reinsert it back
  Try it and see if that helps , If problem still Continues then to rule out any software issue you can Reload your device Software , to do that first do a backup of your device using Desktop Software , once it is done you can reload your Device OS , for help refer to this KB :
  KB03621 : How to Reload BlackBerry Device Software and application using BlackBerry Desktop Software
  Good luck.
  Click " Like " if you want to Thank someone.
  If Problem Resolves mark the post(s) as " Solution ", so that other can make use of it.