WAAS Cached content access through Checkpoint firewall

Similar Messages

• Portal access through a firewall

  Hi there!
  Having the default installtion of R2 on a single W2K box, what's the minimal procedure to make this configuration available through a firewall?
  I've opened ports 7777-7778 but fail when trying to logon via SSO (host.domain.com:7777/pls/orasso)
  Have I missed out to open another port or am I forced to follow the steps of setting up a reversing proxy to have portal-access outside the firewall?
  Cheers
  /Staffan

  If they are on different servers, then both are listening on the 7777 port, and you will have to change one of them to use another port (assuming your firewall can only port forward a port to only one host).
  If you are running both instances on the same server, then your SSO is accessible via 7777 and your midtier would be on 7778, so your setup as described should be enough (I do the same thing).
  If they are running on the one machine, can you access the SSO/INF server directly? http://inf.domain.com:7777 and then http://inf.domain.com:7777/pls/orasso ?

• Cisco 8851 phones registering through Checkpoint firewall

  We have a customer with a secured network, using Checkpoint firewalls and have a VPN site-to-site tunnel between our Cisco ASA and their Checkpoint firewall, with Cisco phones on the far side of the tunnel and CallManager 8.6 behind the ASAs.  We have all the proper network ports referenced, but cannot get either a new Cisco 8851 (SIP) or a Cisco 7942 phone to register.  The 8851 phone, when it tries to register, uses the 6970 port for distributed TFTP via HTTP first (by design), followed by TFTP/69.  The 7900 phone never generates TFTP on port 69 at all.  What is also strange is that the source port 5060 on the 8851 phone seems to be masked with an upper ephemeral network port (51566) when the request traverses the network, regardless of it passing through the firewall or a router.  I know that TFTP uses UDP, but there is nothing in the docs that state it uses these upper port ranges?
  Is this behavior normal for a Cisco SIP-based phone, and with the Skinny phone, is there something with Checkpoint firewalls that causes issues with Cisco VOIP phones.  I have done key-word searches on the Forum for this issue, but have not found anything significant.  I have also looked at the Nokia support forum, and saw some briefs, but it didn't directly describe our issue.  Any help would b e greatly appreciated.
  Thanks,

  Hi Andrew
  The attached document may assist:
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/7_0/CCM_7.0PortList.pdf
  A lot depends on topology etc, and the handset registration protocol you are using (SIP vs SCCP).
  Hope this helps.
  Barry Hesk
  Intrinsic Network Solutions

• Why would the finder need to be accessed through my firewall?

  Recently got a message on my iMac running Mavericks asking for permission to access the Finder from outside my firewall.  I have not seen this before, so wondering if anyone has the reason.  I denied access thinking it may have been an outside probe from uninvited sources.

  Usually, the Firewall asks for permission for an application to receive incoming communications. If you access an FTP site through the Finder, then the Firewall will need to allow the Finder to receive data.

• Webmin Port Access through firewall

  OSX 10.8.5
  I just finsihed installing the latest version of Webmin.
  Everything is working fine but I can not figure out how to allow access through the firewall GUI.
  I need to open port 10000. Any suggestions?

  Thanks, I posted there a few months ago, without luck. I think I've finally found something when Googling the versions of each. iChat on Leopard doesn't use newer authentication protocols and Psi would need recompiled to be compatible. If anyone is curious in the modification here you go:
  http://forum.psi-im.org/thread/5091
  For now I'm looking for an alternative Jabber server to use.

• Printing from websites accessed through Firefox is unitelligible - just symbols, whereas fine with Safari.

  For the last week or so, whenever I try to print from a website accessed by Firefox (either to pdf or printer) the resulting pages(s) are completely unitellibible -- they look like a kind of code. I have McAfee- SitAdvisor is disabeled and Firefox has full access through the Firewall. My Windows FIrewall is turned off.
  When I use Safari for the same operations, everything prints fine.
  Please advise.
  Thanks

  I also have this problem. I believe it is caused by being connected through a proxy which is adding a second compression to the data. (I think IF uses gzip compression already).
  Added details:
  * Opera also works.
  * I can view the IF admin section on FF
  * I can view the forum if I go through a web proxy.

• How to allow Flash, Reader, and Shockwave installations through the firewall?

  When I allow a single machine to full access through the firewall on port 80, all three products install flawlessly. I am trying to narrow this down and only open the specific IP ranges used by adobe. Does anyone know which ones need to be allowed for this to work? Also, I do know about the standalone files that can be downloaded and then installed to avoid the firewall issue, but I would like to allow all users who bring their own devices to install these products. With the below IP address open through port 80, I am able to install Flash almost every time, but Reader and Shockwave are less reliable. Thank you for any help you can provide.
  Bill
  23.67.250.122
  23.67.250.129
  23.67.250.104
  23.67.250.147
  23.15.7.153
  23.15.7.130
  23.15.7.160
  23.15.7.99
  23.15.7.155
  23.15.7.113
  23.15.8.203
  23.57.1.169
  23.57.3.235
  23.67.250.88
  23.57.2.70
  8.10.179.247
  66.235.147.77
  96.17.160.72
  96.17.160.18
  192.150.16.58
  192.150.16.64
  193.104.215.66
  199.167.187.72

  I have a method that works for FLASH player, but am trying to come up with a method for the other 2 myself.  To automate flash player, I created a Policy and added the following:
  Under Computer Config, Prefrences, Windows Setting, Files I created a new File Item.
  I set Action = Replace, Created a Source File named mms.cfg* (more below) and have the destination file as systemroot%\System32\Macromed\Flash\mms.cfg (or %systemroot%\SysWOW64\Macromed\Flash\mms.cfg for x64)
  I used notepad to edit the mms.cfg, and used the following in the body:
  AutoUpdateDisable=0
  SilentAutoUpdateEnable=1
  AutoUpdateInterval=0
  My non-admin users now update flash in the background silently and automatically.

• How can we allow internal users to access internet through ASA firewall?

  Hello,
  I am new to security track, i have been asked to setup lab and allow users from inside firewall to access internet. here is my lab setup
  PC -> switch 1 (layer2) -> (inside) ASA (outside) -> switch 2 (Layer2) -> Router
  does switch 2 port needs internet access through router?
  what configuration required on ASA to allow users behind the firewall to access internet?
  any help on this would be much appreciated.
  thanks,

  Hi,
  Okay , can you clarify on this for me. Are you able to ping the internet from the ASA outside interface ?
  Just try something like this:-
  ping 4.2.2.2 .. Does this work ?
  If this does not work , then i think the ASA even is not able to get to the internet and that would be a problem on the router.
  Also , internet from Switch 2 is not a requirement as that is only a Layer 2 device.
  You can assign the ISP allocated address on the PC , connect it to the Switch 2 port and then try to ping something on the internet or surf internet and i think that should work.
  Thanks and Regards,
  Vibhor Amrodia

• I cannot access Content Library in iMovie - Content Library doesn't show on the iMovie screen and is greyed out when accessed through "windows" tab at the top. Also unable to update the projects/events (a suggested solution for a similar question).

  I cannot access Content Library in iMovie - Content Library doesn't show on the iMovie screen and is greyed out when accessed through "windows" tab at the top. Also unable to update the projects/events (a suggested solution for a similar question). I haven't had this issue before, I have always used the content library on the screen but haven't used this for about a month. How can I make the Content Library available?

  Thanks so much! I am backing up the entire computer now with an external hard drive - this should be fine right? And surely if I am backing up the whole computer these projects/videos will be backed up too? I wasn't sure how to do this any other way and I am clearly not great with tech issues. Once this is done and I am sure my projects/videos are safe I will do the delete and reinstall bit. Thanks for taking the time to help

• How to Access data from SAP Content Server through SAP Portal

  Hi Experts,
  I want to aceess the data from SAP Content server through portal. Currently I am working on LSO business package. The SAP content server should work like Webdav as we uses KM as webdav.
  I am trying to use this URL into the CMS address but it is not working
  http://XXX-XXX-XXXX:1090/ConTentServer/ContentServer.dll?adminContRep&operation=docIdList&contRep=ZADGAS_LSO
  Is there any other procedure for acceesing the DATA  from SAP content server. ?
  Thanks,
  Ahmad

  If your Content Server is being used by DMS, then you can use the DMS Connector for KM.  This connector allows all documents stored in DMS to be accessed in Portal as if they are stored in KM.  For more info see this:
  http://help.sap.com/saphelp_erp60_sp/helpdata/en/42/d289b446076bb2e10000000a1553f6/frameset.htm
  Andrew

• Retrieve the default content access account for search through code

  Hi there,
         Does anyone have the code to retrieve the default content access account (crawl account) for the MOSS search? I tried looking into Microsoft.Sharepoint.Search.Adminstration.SearchService namespace. It has a "crawlaccount" property but not sure how to initialize it.
  Thanks,
  Kish

  try:
  using Microsoft.Office.Server.Search.Administration;  
  using Microsoft.SharePoint;  
     using (SPSite site = new SPSite("http://basesmcdev2/sites/tester1"))  
                  SearchContext context = SearchContext.GetContext(site);  
                  Content content = new Content(context);  
                  return content.DefaultGatheringAccount;  
  http://www.certdev.com

• Oracle server and Checkpoint firewall

  When setting block Findricset SQL Injection
  on Checkpoint firewall and try to login by sqlplus
  to the db server (8.1.7) behind that firewall
  the following error messages occur:
  ORA-24323: value not allowed
  ERROR:
  ORA-03114: not connected to ORACLE
  Error accessing PRODUCT_USER_PROFILE
  Warning: Product user profile information not loaded!
  You may need to run PUPBLD.SQL as SYSTEM
  ORA-24323: value not allowed
  ORA-24323: value not allowed
  Error accessing package DBMS_APPLICATION_INFO
  ERROR:
  ORA-03114: not connected to ORACLE
  SP2-0575: Use of Oracle SQL feature not in SQL92 Entry Level
  ORA-24323: value not allowed
  Can anyone tell me where's the problem?

  It appears that the firewall is blocking the connection to the database. Since this appears to be something more than a basic firewall product (i.e. it is doing more than allowing and denying requests on particular ports for particular IP addresses), you would need to talk to your firewall vendor to determine why it thinks a SQL*Plus connection is a SQL injection risk and how to get around the problem.
  Of course, you could set up something like Oracle Connection Manager to proxy the connection through the firewall, but that may well defeat the point of an active firewall product.
  Justin

• Keepalives over Checkpoint Firewall

  Hello!
  I'm having some problems, with CSS Keepalives over a Checkpoint Firewall.
  It is not a CSS Problem, but may anyone expected the same and can help me how i can solve it.
  We do some TCP or HTTP Head Keepalives over the Firewall to some Application servers.
  The Firewall seems to terminate the TCP Connecten and also the HTTP Requests and the Service is always alive, because the Firewall answert the requests.
  The guys who administrate the firewall do not know, why the firewall do this and do not know how to disable that feature.
  Has anyone an idea how the firewall must by modified to not answer the keepalives?
  This problem does only appear on TCP Port 80. All other TCP Ports work.
  Best regards
  Sven

  Hello Gilles,
  thanks for that fast response.
  Not sure if this is the feature.
  But my Head Keepalives does not work. Because the Firewall is generating a Error Webpage with a Responsecode of 200 OK
  Leets have a look into this:
  REQUEST: **************\nGET /monitor/alive?op=css HTTP/1.1\r\n
  Host: 172.21.86.135\r\n
  Accept: */*\r\n
  Authorization: Basic U3ZlbkJ1dHplazo=\r\n
  \r\n
  RESPONSE: **************\nHTTP/1.0 200\r\n
  Pragma: no-cache\r\n
  Cache-Control: no-cache\r\n
  Content-Type: text/html\r\n
  Content-Length: 108\r\n
  \r\n
  Error\n\n
  Error\nFW-1 at fw1gsb2bln: Failed to connect to the WWW server.\r\nWWWConnect::Close("172.21.86.135","80")\nclosed source port: 2314\r\n
  finished.
  The IP 172.21.86.135 is not configured on any device.
  Doing HTTP Get Keepalives would solve this on CSS, but not on CSM and i also want to include more das 256 keepalives per CSS.
  Sven

• HT1329 if the music that is on the iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?

  if the music that is on an iPod can no longer be accessed through iTunes because it was deleted, is there anyway to recover the music on the iPod if it wasn't purchased?

  See this support article:
  http://support.apple.com/kb/HT1848
  You can also download at least some of your content (audiobooks being a notable exception) again from the iTunes Store:
  http://support.apple.com/kb/ht2519
  For additional instructions, particularly for content not purchased from the iTunes Store, check out this user tip from TuringTest:
  https://discussions.apple.com/docs/DOC-3991
  and this page on "How-to Geek":
  http://www.howtogeek.com/104298/sync-your-ios-device-with-a-new-computer-without -losing-data/
  Regards.
  Forum Tip: Since you're new here, you've probably not discovered the Search feature available on every Communities page, but next time, it might save you time (and everyone else from having to answer the same question multiple times) if you search a couple of ways for a topic, both in the relevant forums and in the Apple Knowledge Base, before you post a question.

• Internet Access through TMG for all HO & Branch office

  Dear Experts!,
  I am new to the Forefront TMG 2010. Have requirement to implement internet access.
  Head office : 192.168.11.x/24 (192.168.11.1 is the TMG server)
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Forefront TMG 2010 standard edition.
  Having 3 NIC's two have different ISP network addresses and one has 192.168.11.1.
  Branch office are connected using MPLS network, the requirement is all branch site internet must be accessed through TMG 2010 server which is homed in Head Office. How to achieve ?
  What needs to be done in external firewall and in TMG for enabling internet access.
  Thanks!
  Regards, Ganesh, MCTS, MCP, ITILV2 This posting is provided with no warranties and confers no rights. Please remember to click Mark as Answer and Vote as Helpful on posts that help you. This can be beneficial to other community members reading the thread.

  Hi Ganesh,
  Hope this helps
  1 - If you wish to give internet as Proxy to users.
  Ensure the Below subnet is able to reach TMG Internal Interface that is 192.168.11.1
  Subnet
  Branch Office 1: 192.168.12.x/24
  Branch Office 2 : 192.168.14.x/24
  Branch Office 2 : 192.168.16.x/24
  Configuration
  Enable Proxy in TMG and configure Proper Ports as per your requirements
  On the Client IE – Ensure you put Proxy IP as TMG and Port configured in TMG configuration.
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : Authenticated Users
  2 As normal Internet as Gateway to users
  You need to request your MPLS provider to change the Default Route of below subnet to 192.168.11.1. By doing this, all the internet request from the below subnet to internet will hit TMG.
  Subnet
  Branch Office 1: 192.168.12.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.14.x/24 Default Route 192.168.11.1
  Branch Office 2 : 192.168.16.x/24 Default Route 192.168.11.1
  IF you have any L3 Switch then you can also make Default gateway as L3 for all the subnet and from L3 device point it to TMG
  Enable a Rule
  Access Rule
  Source : Internal
  Destination : External
  Ports : HTTP / HTTPS
  Users : All Users ( Important )
  Two ISP
  In network Rules : You need to use NAT
  You will have a Rule which NATS internal to  External
  On external - Choose which ISP interface should be used  and Apply NAT rule