WAAS Cached content access through Checkpoint firewall
Hello,
I would like to open access to the cached content on the WAAS from a server through a Checkpoint firewall. The server has to have L3 access to the actual WAE device, from what I understand. Is this feasable? What ports would I need to open in the Checkpoint?
Thanks
Doug Bradfield
Hello Douglas,
You're correct, if you see an optimized connection is probably being cache ( probably not the whole file) there is a big difference between "cache data" and "preposition data" .
Cache data is not for you to control or manually retrieve from the WAE box. WAAS controls what is being cache or delete when more new data comes through.
Preposition data is something you can manually store on the Remote WAE so remote users are benefit of a faster access to files already preposition. But this is uppon remote users request to the server( Users don't know that WAAS exist they just see the server-share they've always use) so WAAS notice that a user is requesting a file that a remote WAE already got in their preposition files, so it provide faster access to the file.
Neither of this two options above will let you access WAAS content like you describe on the initial question, you said you want open access to WAE files from a server right ? you can still get the files on your server and this files can be optimazed if you server is behind the WAAS optimization path, but you'd need to go and from the server copy the files one by one just like if you were retrieving them from a client PC.
hope this helps!
Similar Messages
-
Portal access through a firewall
Hi there!
Having the default installtion of R2 on a single W2K box, what's the minimal procedure to make this configuration available through a firewall?
I've opened ports 7777-7778 but fail when trying to logon via SSO (host.domain.com:7777/pls/orasso)
Have I missed out to open another port or am I forced to follow the steps of setting up a reversing proxy to have portal-access outside the firewall?
Cheers
/StaffanIf they are on different servers, then both are listening on the 7777 port, and you will have to change one of them to use another port (assuming your firewall can only port forward a port to only one host).
If you are running both instances on the same server, then your SSO is accessible via 7777 and your midtier would be on 7778, so your setup as described should be enough (I do the same thing).
If they are running on the one machine, can you access the SSO/INF server directly? http://inf.domain.com:7777 and then http://inf.domain.com:7777/pls/orasso ? -
Cisco 8851 phones registering through Checkpoint firewall
We have a customer with a secured network, using Checkpoint firewalls and have a VPN site-to-site tunnel between our Cisco ASA and their Checkpoint firewall, with Cisco phones on the far side of the tunnel and CallManager 8.6 behind the ASAs. We have all the proper network ports referenced, but cannot get either a new Cisco 8851 (SIP) or a Cisco 7942 phone to register. The 8851 phone, when it tries to register, uses the 6970 port for distributed TFTP via HTTP first (by design), followed by TFTP/69. The 7900 phone never generates TFTP on port 69 at all. What is also strange is that the source port 5060 on the 8851 phone seems to be masked with an upper ephemeral network port (51566) when the request traverses the network, regardless of it passing through the firewall or a router. I know that TFTP uses UDP, but there is nothing in the docs that state it uses these upper port ranges?
Is this behavior normal for a Cisco SIP-based phone, and with the Skinny phone, is there something with Checkpoint firewalls that causes issues with Cisco VOIP phones. I have done key-word searches on the Forum for this issue, but have not found anything significant. I have also looked at the Nokia support forum, and saw some briefs, but it didn't directly describe our issue. Any help would b e greatly appreciated.
Thanks,Hi Andrew
The attached document may assist:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_0/CCM_7.0PortList.pdf
A lot depends on topology etc, and the handset registration protocol you are using (SIP vs SCCP).
Hope this helps.
Barry Hesk
Intrinsic Network Solutions -
Why would the finder need to be accessed through my firewall?
Recently got a message on my iMac running Mavericks asking for permission to access the Finder from outside my firewall. I have not seen this before, so wondering if anyone has the reason. I denied access thinking it may have been an outside probe from uninvited sources.
Usually, the Firewall asks for permission for an application to receive incoming communications. If you access an FTP site through the Finder, then the Firewall will need to allow the Finder to receive data.
-
Webmin Port Access through firewall
OSX 10.8.5
I just finsihed installing the latest version of Webmin.
Everything is working fine but I can not figure out how to allow access through the firewall GUI.
I need to open port 10000. Any suggestions?Thanks, I posted there a few months ago, without luck. I think I've finally found something when Googling the versions of each. iChat on Leopard doesn't use newer authentication protocols and Psi would need recompiled to be compatible. If anyone is curious in the modification here you go:
http://forum.psi-im.org/thread/5091
For now I'm looking for an alternative Jabber server to use. -
For the last week or so, whenever I try to print from a website accessed by Firefox (either to pdf or printer) the resulting pages(s) are completely unitellibible -- they look like a kind of code. I have McAfee- SitAdvisor is disabeled and Firefox has full access through the Firewall. My Windows FIrewall is turned off.
When I use Safari for the same operations, everything prints fine.
Please advise.
ThanksI also have this problem. I believe it is caused by being connected through a proxy which is adding a second compression to the data. (I think IF uses gzip compression already).
Added details:
* Opera also works.
* I can view the IF admin section on FF
* I can view the forum if I go through a web proxy. -
How to allow Flash, Reader, and Shockwave installations through the firewall?
When I allow a single machine to full access through the firewall on port 80, all three products install flawlessly. I am trying to narrow this down and only open the specific IP ranges used by adobe. Does anyone know which ones need to be allowed for this to work? Also, I do know about the standalone files that can be downloaded and then installed to avoid the firewall issue, but I would like to allow all users who bring their own devices to install these products. With the below IP address open through port 80, I am able to install Flash almost every time, but Reader and Shockwave are less reliable. Thank you for any help you can provide.
Bill
23.67.250.122
23.67.250.129
23.67.250.104
23.67.250.147
23.15.7.153
23.15.7.130
23.15.7.160
23.15.7.99
23.15.7.155
23.15.7.113
23.15.8.203
23.57.1.169
23.57.3.235
23.67.250.88
23.57.2.70
8.10.179.247
66.235.147.77
96.17.160.72
96.17.160.18
192.150.16.58
192.150.16.64
193.104.215.66
199.167.187.72I have a method that works for FLASH player, but am trying to come up with a method for the other 2 myself. To automate flash player, I created a Policy and added the following:
Under Computer Config, Prefrences, Windows Setting, Files I created a new File Item.
I set Action = Replace, Created a Source File named mms.cfg* (more below) and have the destination file as systemroot%\System32\Macromed\Flash\mms.cfg (or %systemroot%\SysWOW64\Macromed\Flash\mms.cfg for x64)
I used notepad to edit the mms.cfg, and used the following in the body:
AutoUpdateDisable=0
SilentAutoUpdateEnable=1
AutoUpdateInterval=0
My non-admin users now update flash in the background silently and automatically. -
How can we allow internal users to access internet through ASA firewall?
Hello,
I am new to security track, i have been asked to setup lab and allow users from inside firewall to access internet. here is my lab setup
PC -> switch 1 (layer2) -> (inside) ASA (outside) -> switch 2 (Layer2) -> Router
does switch 2 port needs internet access through router?
what configuration required on ASA to allow users behind the firewall to access internet?
any help on this would be much appreciated.
thanks,Hi,
Okay , can you clarify on this for me. Are you able to ping the internet from the ASA outside interface ?
Just try something like this:-
ping 4.2.2.2 .. Does this work ?
If this does not work , then i think the ASA even is not able to get to the internet and that would be a problem on the router.
Also , internet from Switch 2 is not a requirement as that is only a Layer 2 device.
You can assign the ISP allocated address on the PC , connect it to the Switch 2 port and then try to ping something on the internet or surf internet and i think that should work.
Thanks and Regards,
Vibhor Amrodia -
I cannot access Content Library in iMovie - Content Library doesn't show on the iMovie screen and is greyed out when accessed through "windows" tab at the top. Also unable to update the projects/events (a suggested solution for a similar question). I haven't had this issue before, I have always used the content library on the screen but haven't used this for about a month. How can I make the Content Library available?
Thanks so much! I am backing up the entire computer now with an external hard drive - this should be fine right? And surely if I am backing up the whole computer these projects/videos will be backed up too? I wasn't sure how to do this any other way and I am clearly not great with tech issues. Once this is done and I am sure my projects/videos are safe I will do the delete and reinstall bit. Thanks for taking the time to help
-
How to Access data from SAP Content Server through SAP Portal
Hi Experts,
I want to aceess the data from SAP Content server through portal. Currently I am working on LSO business package. The SAP content server should work like Webdav as we uses KM as webdav.
I am trying to use this URL into the CMS address but it is not working
http://XXX-XXX-XXXX:1090/ConTentServer/ContentServer.dll?adminContRep&operation=docIdList&contRep=ZADGAS_LSO
Is there any other procedure for acceesing the DATA from SAP content server. ?
Thanks,
AhmadIf your Content Server is being used by DMS, then you can use the DMS Connector for KM. This connector allows all documents stored in DMS to be accessed in Portal as if they are stored in KM. For more info see this:
http://help.sap.com/saphelp_erp60_sp/helpdata/en/42/d289b446076bb2e10000000a1553f6/frameset.htm
Andrew -
Retrieve the default content access account for search through code
Hi there,
Does anyone have the code to retrieve the default content access account (crawl account) for the MOSS search? I tried looking into Microsoft.Sharepoint.Search.Adminstration.SearchService namespace. It has a "crawlaccount" property but not sure how to initialize it.
Thanks,
Kishtry:
using Microsoft.Office.Server.Search.Administration;
using Microsoft.SharePoint;
using (SPSite site = new SPSite("http://basesmcdev2/sites/tester1"))
SearchContext context = SearchContext.GetContext(site);
Content content = new Content(context);
return content.DefaultGatheringAccount;
http://www.certdev.com -
Oracle server and Checkpoint firewall
When setting block Findricset SQL Injection
on Checkpoint firewall and try to login by sqlplus
to the db server (8.1.7) behind that firewall
the following error messages occur:
ORA-24323: value not allowed
ERROR:
ORA-03114: not connected to ORACLE
Error accessing PRODUCT_USER_PROFILE
Warning: Product user profile information not loaded!
You may need to run PUPBLD.SQL as SYSTEM
ORA-24323: value not allowed
ORA-24323: value not allowed
Error accessing package DBMS_APPLICATION_INFO
ERROR:
ORA-03114: not connected to ORACLE
SP2-0575: Use of Oracle SQL feature not in SQL92 Entry Level
ORA-24323: value not allowed
Can anyone tell me where's the problem?It appears that the firewall is blocking the connection to the database. Since this appears to be something more than a basic firewall product (i.e. it is doing more than allowing and denying requests on particular ports for particular IP addresses), you would need to talk to your firewall vendor to determine why it thinks a SQL*Plus connection is a SQL injection risk and how to get around the problem.
Of course, you could set up something like Oracle Connection Manager to proxy the connection through the firewall, but that may well defeat the point of an active firewall product.
Justin -
Keepalives over Checkpoint Firewall
Hello!
I'm having some problems, with CSS Keepalives over a Checkpoint Firewall.
It is not a CSS Problem, but may anyone expected the same and can help me how i can solve it.
We do some TCP or HTTP Head Keepalives over the Firewall to some Application servers.
The Firewall seems to terminate the TCP Connecten and also the HTTP Requests and the Service is always alive, because the Firewall answert the requests.
The guys who administrate the firewall do not know, why the firewall do this and do not know how to disable that feature.
Has anyone an idea how the firewall must by modified to not answer the keepalives?
This problem does only appear on TCP Port 80. All other TCP Ports work.
Best regards
SvenHello Gilles,
thanks for that fast response.
Not sure if this is the feature.
But my Head Keepalives does not work. Because the Firewall is generating a Error Webpage with a Responsecode of 200 OK
Leets have a look into this:
REQUEST: **************\nGET /monitor/alive?op=css HTTP/1.1\r\n
Host: 172.21.86.135\r\n
Accept: */*\r\n
Authorization: Basic U3ZlbkJ1dHplazo=\r\n
\r\n
RESPONSE: **************\nHTTP/1.0 200\r\n
Pragma: no-cache\r\n
Cache-Control: no-cache\r\n
Content-Type: text/html\r\n
Content-Length: 108\r\n
\r\n
Error\n\n
Error\nFW-1 at fw1gsb2bln: Failed to connect to the WWW server.\r\nWWWConnect::Close("172.21.86.135","80")\nclosed source port: 2314\r\n
finished.
The IP 172.21.86.135 is not configured on any device.
Doing HTTP Get Keepalives would solve this on CSS, but not on CSM and i also want to include more das 256 keepalives per CSS.
Sven -
if the music that is on an iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?
See this support article:
http://support.apple.com/kb/HT1848
You can also download at least some of your content (audiobooks being a notable exception) again from the iTunes Store:
http://support.apple.com/kb/ht2519
For additional instructions, particularly for content not purchased from the iTunes Store, check out this user tip from TuringTest:
https://discussions.apple.com/docs/DOC-3991
and this page on "How-to Geek":
http://www.howtogeek.com/104298/sync-your-ios-device-with-a-new-computer-without -losing-data/
Regards.
Forum Tip: Since you're new here, you've probably not discovered the Search feature available on every Communities page, but next time, it might save you time (and everyone else from having to answer the same question multiple times) if you search a couple of ways for a topic, both in the relevant forums and in the Apple Knowledge Base, before you post a question. -
Internet Access through TMG for all HO & Branch office
Dear Experts!,
I am new to the Forefront TMG 2010. Have requirement to implement internet access.
Head office : 192.168.11.x/24 (192.168.11.1 is the TMG server)
Branch Office 1: 192.168.12.x/24
Branch Office 2 : 192.168.14.x/24
Branch Office 2 : 192.168.16.x/24
Forefront TMG 2010 standard edition.
Having 3 NIC's two have different ISP network addresses and one has 192.168.11.1.
Branch office are connected using MPLS network, the requirement is all branch site internet must be accessed through TMG 2010 server which is homed in Head Office. How to achieve ?
What needs to be done in external firewall and in TMG for enabling internet access.
Thanks!
Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.Hi Ganesh,
Hope this helps
1 - If you wish to give internet as Proxy to users.
Ensure the Below subnet is able to reach TMG Internal Interface that is 192.168.11.1
Subnet
Branch Office 1: 192.168.12.x/24
Branch Office 2 : 192.168.14.x/24
Branch Office 2 : 192.168.16.x/24
Configuration
Enable Proxy in TMG and configure Proper Ports as per your requirements
On the Client IE – Ensure you put Proxy IP as TMG and Port configured in TMG configuration.
Enable a Rule
Access Rule
Source : Internal
Destination : External
Ports : HTTP / HTTPS
Users : Authenticated Users
2 As normal Internet as Gateway to users
You need to request your MPLS provider to change the Default Route of below subnet to 192.168.11.1. By doing this, all the internet request from the below subnet to internet will hit TMG.
Subnet
Branch Office 1: 192.168.12.x/24 Default Route 192.168.11.1
Branch Office 2 : 192.168.14.x/24 Default Route 192.168.11.1
Branch Office 2 : 192.168.16.x/24 Default Route 192.168.11.1
IF you have any L3 Switch then you can also make Default gateway as L3 for all the subnet and from L3 device point it to TMG
Enable a Rule
Access Rule
Source : Internal
Destination : External
Ports : HTTP / HTTPS
Users : All Users ( Important )
Two ISP
In network Rules : You need to use NAT
You will have a Rule which NATS internal to External
On external - Choose which ISP interface should be used and Apply NAT rule
Maybe you are looking for
-
Why Mac Mini if started up with monitors switched off looses Mouse settings?
Hi, I have a late 2012 Mac Mini connected to 2x LG HD monitors (one with thunderbolt adapted to HDMI and one on HDMI). Every morning I switch on the computer but sometimes I forget to switch on the monitors. If the machine boots without monitors I ge
-
Possible to use iPhoto QT Export Format in FCP?
Hi everyone, I'm looking to create some killer slide shows which go far beyond iPhoto's capabilities. I exported 5 photos from iPhoto at 1024x768 for 2 seconds each. The quality was excellent and the file size was only 616 kb. I pulled up the movie's
-
The path My Pictures or the volume is invalid. ??? Error
During install the following error occurs: "Error 1324. The path My Pictures or the volume is invalid. Please enter it again. Anyone have a solution to this??
-
Not recognized carrier need to access to process company payroll
-
Hello, we use SAP GUI for HTML to display some Z-Transaction in CRM WebUI. They work fine, except one thing. We open a dialog Popup with Function Module POPUP_GET_VALUES or other Methods. They appear an work properly. But when someone is moving this