What object group a port is in?

The following does not help:
ASA# sho run object-g | in 1433
port-object eq 1433
service-object tcp eq 1433
port-object eq 1433
ASA# sho run object-g service | in 1433             
port-object eq 1433
service-object tcp eq 1433
ASA# sho run object-g | be 1433       
port-object eq 1433
ASA# sho run object-g | grep 1433
port-object eq 1433
service-object tcp eq 1433
port-object eq 1433

Here's the command to find the object group name a port is in:
ASAXXX# show run object-group | in object-group | time-exceeded
object-group icmp-type ICMP_SVCS
icmp-object time-exceeded
Now you can find what else is in that object group:
ASAXXX# sho run object-group id ICMP_SVCS      
object-group icmp-type ICMP_SVCS
icmp-object echo-reply
icmp-object unreachable
icmp-object echo
icmp-object time-exceeded
icmp-object traceroute
and the access-list that object group is being used in:
ASAXXX# sho access-list | in ICMP_SVCS
access-list Access_List_Name line 5 extended permit icmp object-group ABCD object-group WXYZ object-group ICMP_SVCS
So if you know a port number, you can quickly find out what object group and what access list is allowing that port.

Similar Messages

  • Implementing "object-group service"

    Running 8.2(3) on an ASA 5510
    I have created the two following object groups.
    object-group service gatewayTCP tcp
    port-object eq 88
    port-object eq 135
    port-object eq 445
    port-object eq ldaps
    port-object eq 3268
    port-object eq 3269
    object-group service gatewayTCP-UDP tcp-udp
    port-object eq domain
    port-object eq 389
    port-object eq 464
    port-object range 49152 65535
    I have run into an issue with "domain" working in the tcp-udp type. The following access-list does not work without explicitly calling out "domain" for both TCP and UDP. Everywhere I looked I appear to be doing it right so what am I missing. Does "permit tcp" need to be "permit ip" to cover both tcp and udp? I found one article with someone suggestiong just make it "permit tcp" and it will work. Not in a position to test at the moment so figured I'd ask here. Want to be sure I'm not getting bit anywhere else related to these object groups in case I am not implementing them correctly?
    access-list dmzAccess extended permit tcp host 172.26.11.10 host 10.16.11.203 object-group gatewayTCP
    access-list dmzAccess extended permit tcp host 172.26.11.10 host 10.16.11.203 object-group gatewayTCP-UDP
    Is this a bug with service object groups? Is there some place I need to enable this feature?

    Hi,
    Have you tried configuring it like this
    object-group service GATEWAY-SERVICES
    service-object tcp eq 88
    service-object tcp eq 135
    service-object tcp eq 445
    service-object tcp eq ldaps
    service-object tcp eq 3268
    service-object tcp eq 3269
    service-object tcp eq 53
    service-object udp eq 53
    service-object tcp eq 389
    service-object udp eq 389
    service-object tcp eq 464
    service-object udp eq 464
    service-object tcp range 49152 65535
    service-object udp eq 49152 65535
    access-list dmzAccess permit object-group GATEWAY-SERVICES host 172.26.11.10 host 10.16.11.203
    I am not sure if it was only after software 8.3+ that the command under the actual "object-group" was of format "service-object tcp source" / "service-object tcp destination" (or the same for UDP)
    - Jouni

  • ASA 5510 & Object-groups

    I have an ASA 5510 and have just started using object-groups which are super handy in theory, but not working in reality. I have a service object-group with a mix of tcp, icmp, and udp ports. Let's call it Sample_Port_Group. I'm trying to apply it to my dmz_access_in ACL. Here's the line giving me problems:
    access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 any
    The asa throws up an error between 192.168.1.1 and any. When I put up a ? after Sample_Port_Group, it gives me the option of putting in an IP address, any, etc. When I put in a ? after 192.168.1.1, it only gives me the option of putting in an IP address.
    Going off these posts:
    - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml
    - http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/nwaccess.html
    Those posts gave me the impression my line was possible, especially the "access-list outsideacl extended permit object-group myaclog interface inside any" line, which is at the end of the 2nd article linked.
    What am I doing wrong?
    Thanks in advance for any help.

    Hi Adam!
    You are doing it right, you are just missing on little keyword.
    The line should be as this:
    access-list dmz_access_in extended permit object-group Sample_Port_Group host 192.168.1.1 any
    or you could specify the subnetmask as:
    access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 255.255.255.255 any
    Regards

  • Access list with multiple object groups

    Hello Everyone,
    I am using a cisco ASA 5525 with 8.6 code.  I am trying to setup access list for oubound access meaning hosts accessing the internet.  I have created an access list called outbound_access and did "access-groupc outbound_access in interface inside "
    I am trying to use object-groups where ever i can.  Here is an example.
    object-group service obj_Meraki_outbound
    service-object tcp destination eq 443
    service-object tcp destination eq 80
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.2.11.0 255.255.255.240
    network-object 10.5.11.0 255.255.225.240
    object-group network obj_Meraki_pub
    des This group lists all hosts associated with Meraki. 
      network-object host 64.156.192.154
      network-object host 64.62.142.12
      network-object host 64.62.142.2
      network-object host 74.50.51.16
      network-object host 74.50.56.218
    object-group service obj_Meraki_outbound
    service-object tcp destination eq 443
    service-object tcp destination eq 80
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.x.x.x 255.255.255.240
    network-object 10.x.x.x 255.255.225.240
    object-group network obj_Meraki_pub
    des This group lists all hosts associated with Meraki. 
      network-object host 64.156.192.154
      network-object host 64.62.142.12
      network-object host 64.62.142.2
      network-object host 74.50.51.16
      network-object host 74.50.56.218
    I have tried tying all these groups together in multiple ways but cannot figure out how to do this.  This what i think it should be "access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub"
    What i want is the use the service objects and the source network would be obj_Meraki_lan and destination would be obj_Meraki_pub.   It seems the rules completely change when you use object groups.  Can someone explain this maybe with a few examples.  I am already using object groups in many acls but not for every element.
    Thanks

    Hi,
    Seems to work on my test ASA
    Attached it to my current LAN interface.
    ASA(config)# packet-tracer input LAN tcp 10.2.11.1 12345 64.156.192.154 80
    Phase: 1
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   0.0.0.0         0.0.0.0         WAN
    Phase: 2
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group outbound_access in interface LAN
    access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub
    object-group service obj_Meraki_outbound
    service-object tcp destination eq https
    service-object tcp destination eq www
    service-object tcp destination eq 7734
    service-object tcp destination eq 7752
    service-object udp destination eq 7351
    object-group network obj_Meraki_lan
    network-object 10.2.11.0 255.255.255.240
    network-object 10.5.11.0 255.255.255.240
    object-group network obj_Meraki_pub
    description: This group lists all hosts associated with Meraki.
    network-object host 64.156.192.154
    network-object host 64.62.142.12
    network-object host 64.62.142.2
    network-object host 74.50.51.16
    network-object host 74.50.56.218
    Additional Information:
    access-list outbound_access line 1 extended permit tcp 10.2.11.0 255.255.255.240 host 64.156.192.154 eq www (hitcnt=1) 0x4d812691
    Also have used such configuration in some special cases where the customer has insisted on allow specific TCP/UDP ports between multiple networks. And nothing is stopping from adding ICMP into the "object-group service" also.
    - Jouni

  • Migrate network object group members; risk

           We upgraded to new 5555 hardware and jumped from 8.2 to 9.1 last year. Our objects listing is now a bit messy. I have never run the "Migrate Network Object Group Members" menu option in asdm. I see what it is going to do, I am not sure it really helps me clean old objects, it seems low risk, but when I walk up to execution, there are a lot of changes it wants to make. We always save backup configurations but, if there are "gotchas" I don't want to put the company in that position. What has been the communities, Cisco's experience? Thanks for any feedback. jc

    John,
    if you feel that is risky, you can always go for plan B.
    - you can take closure look at the object groups and decide new object naming convention policy.
    - from ASDM or CSM, you can see overlapped or duplicate rules, so you can start with reducing them
    - you can see same services used in couple of rules with different service groups.
         - like object-group service WEB-PORTS tcp
                        port-object eq http
                        port-object eq https
                 object-group service APPLICATION-PORTS tcp
                        port-object eq http
                        port-object eq https
                   object-group service APPS-PORT tcp
                        port-object eq www
                        port-object eq https
    - you can replace all these different object-group with one object group. like WEB-PORTS.
    - same way you can do excercise for network group as well.
    hope this helps.
    JD...

  • ORA-23326: object group "PUBLIC","REPG" is quiesced

    I am using Oracle 9i Enterprise Manager.
    I have two servers with databases isb.city and rwp.rawat. I completed the whole process of Multimaster Replication. I am working on the SCOTT schema as test. Right now I am working on LAN.
    Two servers are connected with each other. I am facing two problems:
    1) When I try following command, it shows no rows on both servers:
    SQL>SELECT DBLINK FROM DBA_REPSITES WHERE GNAME = 'repg';
    no rows selected
    2) When I try to insert data in the tables, it doesn't allow it and give following:
    ORA-23326: object group "PUBLIC","REPG" is quiesced
    I already made changes in init.ora and changed spfile file as well accordingly.
    What is wrong with my setup?

    Try this:
    1. SELECT DBLINK FROM DBA_REPSITES WHERE GNAME = 'REPG';
    2. You should change init.ora or spfile (database is using one of them):
    show parameter pfile will show you if you are using spfile or not
    execute RESUME_MASTER_ACTIVITY to unquisce replication group
    Best Regards
    Krystian Zieja / mob

  • Using Object Group.

    I am using the forms 6i. And i have a problem with attach Object Group.
    After attach, the form do not execute.
    I have a question: What the values the Object Group utility on the registry?
    Or if another sugestion...
    Thanks, so much.
    Martônio.

    1. Did you copy the object group to the new module or subclassed it?
    R- Subclass.
    2. Did you compile your form module after doing copy/subclass of the object group?
    R- Yes.
    3. Did you get any compilation error/warning?
    R-No. Because the form close before display.
    4. Is the base object group is from a form or a object library?
    R-Object Library.
    5. Is the base form / object library in which the object group exists is there in the FORMS60_PATH?
    R-Yes.
    Thanks. So much....
    Martônio.

  • How can I find out what objects are in a datafile???

    My database is 8.1.7...
    I have a tablespace with multiple datafiles. How can I find out what objects are in a specific datafile???
    Thanks in advance...

    DBA_SEGMENTS
    DBA_SEGMENTS describes the storage allocated for all segments in the database.
    Related View
    USER_SEGMENTS describes the storage allocated for the segments owned by the current user's objects. This view does not display the OWNER, HEADER_FILE, HEADER_BLOCK, or RELATIVE_FNO columns.
    Column Datatype NULL Description
    OWNER
    VARCHAR2(30)
    Username of the segment owner
    SEGMENT_NAME
    VARCHAR2(81)
    Name, if any, of the segment
    PARTITION_NAME
    VARCHAR2(30)
    Object Partition Name (Set to NULL for non-partitioned objects)
    SEGMENT_TYPE
    VARCHAR2(17)
    Type of segment: INDEX PARTITION, TABLE PARTITION, TABLE, CLUSTER, INDEX, ROLLBACK, DEFERRED ROLLBACK, TEMPORARY, CACHE, LOBSEGMENT and LOBINDEX
    TABLESPACE_NAME
    VARCHAR2(30)
    Name of the tablespace containing the segment
    HEADER_FILE
    NUMBER
    ID of the file containing the segment header
    HEADER_BLOCK
    NUMBER
    ID of the block containing the segment header
    BYTES
    NUMBER
    Size in bytes, of the segment
    BLOCKS
    NUMBER
    Size, in Oracle blocks, of the segment
    EXTENTS
    NUMBER
    Number of extents allocated to the segment
    INITIAL_EXTENT
    NUMBER
    Size in bytes requested for the initial extent of the segment at create time. (Oracle rounds the extent size to multiples of 5 blocks if the requested size is greater than 5 blocks.)
    NEXT_EXTENT
    NUMBER
    Size in bytes of the next extent to be allocated to the segment
    MIN_EXTENTS
    NUMBER
    Minimum number of extents allowed in the segment
    MAX_EXTENTS
    NUMBER
    Maximum number of extents allowed in the segment
    PCT_INCREASE
    NUMBER
    Percent by which to increase the size of the next extent to be allocated
    FREELISTS
    NUMBER
    Number of process freelists allocated to this segment
    FREELIST_GROUPS
    NUMBER
    Number of freelist groups allocated to this segment
    RELATIVE_FNO
    NUMBER
    Relative file number of the segment header
    BUFFER_POOL
    VARCHAR2(7)
    Default buffer pool for the object
    This view with this another viwe can help you to identify where the object is:
    DBA_DATA_FILES
    DBA_DATA_FILES describes database files.
    Column Datatype NULL Description
    FILE_NAME
    VARCHAR2(513)
    Name of the database file
    FILE_ID
    NUMBER
    NOT NULL
    File identifier number of the database file
    TABLESPACE_NAME
    VARCHAR2(30)
    NOT NULL
    Name of the tablespace to which the file belongs
    BYTES
    NUMBER
    Size of the file in bytes
    BLOCKS
    NUMBER
    NOT NULL
    Size of the file in Oracle blocks
    STATUS
    VARCHAR2(9)
    File status: AVAILABLE or INVALID (INVALID means that the file number is not in use, for example, a file in a tablespace that was dropped)
    RELATIVE_FNO
    NUMBER
    Relative file number
    AUTOEXTENSIBLE
    VARCHAR2(3)
    Autoextensible indicator
    MAXBYTES
    NUMBER
    Maximum file size in bytes
    MAXBLOCKS
    NUMBER
    Maximum file size in blocks
    INCREMENT_BY
    NUMBER
    Autoextension increment
    USER_BYTES
    NUMBER
    Corresponding number of bytes
    USER_BLOCKS
    NUMBER
    Number of blocks which can be used by the data
    Joel Pérez
    http://otn.oracle.com/experts

  • ICR 002 - Object Groups and Sets

    Hi,
    Tcode here is FBCR009.
    I need one help on the PROCESS 002 for ICR. In the current system, we have implemented the Object groups and Sub groups as mentioned below:
    Object Group - 100
    Object Subgroup 100
    Object group  Sequence      Company Field  Company Set   Description                   Partner Field     Partner Set    description
    100     1     RACCT     RULE2A     B/S Cash Management     RACCT     RULE2B     B/S Cash Management
    100     2     RACCT     RULE3A     B/S ST Interest Bearing     RACCT     RULE3B     B/S ST Interest Bearing
    100     3     RACCT     RULE4A     B/S ST Non-Interest Bearing     RACCT     RULE4B     B/S ST Non-Interest Bearing
    100     4     RACCT     RULE5A     B/S ST Non-Interest Bearing Derivatives     RACCT     RULE5B     B/S ST Non-Interest Bearing Derivatives
    100     6     RACCT     RULE7A     P&L LT Interest     RACCT     RULE7B     P&L LT Interest
    100     7     RACCT     RULE8A     P&L ST Interest     RACCT     RULE8B     P&L ST Interest
    100     8     RACCT     RULE9A     P&L Toll     RACCT     RULE9B     P&L Toll
    100     9     RACCT     RULE10A     P&L Royalties     RACCT     RULE10B     P&L Royalties
    100     10     RACCT     RULE11A     P&L Rent     RACCT     RULE11B     P&L Rent
    100     11     RACCT     RULE12A     P&L Brokerage Commission     RACCT     RULE12B     P&L Brokerage Commission
    100     12     RACCT     RULE13A     P&L Warehousing     RACCT     RULE13B     P&L Warehousing
    100     13     RACCT     RULE14A     P&L Misc/Other     RACCT     RULE14B     P&L Misc/Other
    100     14     RACCT     RULE15A     P&L Insurance     RACCT     RULE15B     P&L Insurance
    100     15     RACCT     RULE16A     B/S LT     RACCT     RULE16B     B/S LT
    I am a little confused here. The following sets under the sub-group has a logical u201CANDu201D . the customer corporate reporting group would like to see the Config to allow each group of accounts defined as ruleXa reconciled to group of accts defined as ruleXb, e.g.
    Rule 2A with Rule 2B
    Rule 3A with Rule 3B etc
    Each Company set should only reconcile with the partner set.
    looked at this OSS Note 1499183 - ICR: Documents are not assigned to the object groups & got even more confused.
    Request if you can advice here.
    Regarzds
    Aahish

    Hello Johannes,
    Unfortunately what you are trying to do is not possible.
    Object groups are defined using the information in the totals table. Therefore fields only available in the line item table cannot be used when setting up object groups. Unfortunately it is also not possible to set up status fields on the totals level because of the standard update process of those fields when setting a status (the line item table is modified directly, there is no totals update). Depending on the details of your setup you might be able to simply add a "normal" field on the totals level and then fill it via BADI. This would probably work quite well if the field does not have to be set manually - and in this case you do not really need the functionality of setting a status manually either.
    I hope this helps you in your efforts!
    Ralph

  • Problem subclassing an object group from an object library

    Hi
    I've created an object group using Forms 6i (can't tell you the exact version just now) containing a number of objects, including a couple of alerts, a couple of data blocks, canvas, window, program units etc. I've saved the object group into an object library and used it successfully for some time. Now I've gone to a new job, I suspect that I'm using a subtly different version of Forms 6i (6.0.8.16.1), but I'm finding a strange behaviour when I try to add the object group to a form.
    Dragging the object group over, I get the 'Do you want to copy or subclass the object?' message. If I select 'Copy', everything gets copied across fine - the datablocks have all the items in them and the program units are fine. However, if I select 'Subclass', the items all appear in the object navigator, but are 'empty', so the data blocks contain no items and the program units are just 'begin' and 'end' statements with nothing in between.
    Funnily enough, if I 'copy' the object group into a form (so everything's present), then create another copy of the object group in the current version of Form Builder and save it in a (new) object library, the behaviour is still the same.
    Has anyone come across this situation before (I couldn't find anything exactly comparable on Metalink), and what workaround (if any) did you find?
    regards
    Andrew
    UK

    Hi again
    The answer to this strange behaviour became apparent when I found bug 2772326 on Metalink.
    Basically, either the OLB has to be on the FORMS60_PATH, or the option in Forms Builder under Tools->Preferences->Access->Subclassing Path has to be set to 'Keep' rather than 'Remove'. Doing either of these things solves the problem.
    regards
    Andrew

  • Object Group Vs Object Libraries

    Hi ,
    I have not used Object Groups and Object Libraries extensively....and am trying to understand them
    Having read the form builder help ,I am still not clear with the following.
    My questions are as follows
    1)When should I be giving preference to Object Group over OBL?
    2)Why will i use an Object Group ,when an object group's object is just a pointer to the
    object in the form module?
    Grouping of similar objects for one single form module only,does'nt provide me much benefits?
    3)How will I reference an Object group's object and not a form's object which I have
    moved into the object group and vice versa?
    4)OBL module has a data block(say emp) as one of its many object,
    how can I use this data block in my new forms module(will I be copying this data block
    object from the attached OBL to the data block node of the form module in OBJECT navigator?).
    will i have to create a Layout manually if I use the data block of OBL or will forms
    builder automatically create a layout for this OBL data block.?
    5)What are the types of objects which CANNOT be included in OBL and Object groups?
    I am aware that I can't include an item of a data block if i don't include the data block itself.
    rgds
    s

    Hi,
    WIP  wrote:
    Hi ,
    I have not used Object Groups and Object Libraries extensively....and am trying to understand them
    Having read the form builder help ,I am still not clear with the following.
    My questions are as follows
    1)When should I be giving preference to Object Group over OBL?Depends on the requirement. The objects in the Object group are limited to the current form module. However, Object libraries can be used across the forms. Of course, you can subclass this object group in other modules.
    >
    2)Why will i use an Object Group ,when an object group's object is just a pointer to the
    object in the form module?Its like a template. You define set of properties (say width, height and font for a text item), and then subclass the object to all the object you create in your form. So, they all will look similar. Also, once after creating the object group, you can add the object group to the object library. This can be very useful.
    Grouping of similar objects for one single form module only,does'nt provide me much benefits?
    So, here we use Object Library
    3)How will I reference an Object group's object and not a form's object which I have
    moved into the object group and vice versa?
    You cannot reference the individual objects in the object groups.
    4)OBL module has a data block(say emp) as one of its many object,
    how can I use this data block in my new forms module(will I be copying this data block
    object from the attached OBL to the data block node of the form module in OBJECT navigator?).
    will i have to create a Layout manually if I use the data block of OBL or will forms
    builder automatically create a layout for this OBL data block.?You can add all the Blocks, canvaces, etc to the Object grou, add the object group to the object library. Then, if you just copy/subclass the object group from the Object library, all the blocks, items, canvaces would be created automatically in the target form.
    >
    5)What are the types of objects which CANNOT be included in OBL and Object groups?
    I am aware that I can't include an item of a data block if i don't include the data block itself.
    Only the Parent objects can be included in the Object Group (Child objects cannot). However, in the Object Library, you can add the parent as well as child objects. Here, for ex, parent is a data block and child are the items inside the data block
    -Arun
    >
    rgds
    s

  • ICR - Wrong display of assigned documents in Object Groups.

    Hello ICR gurus,
    Hello,
    We are just about to start with UAT and we have found this error which is a major problem for us.
    When we run the automatic assignment step via FBICA3, the system starts assigning documents automatically based on the matching rules that we
    have customized. After this, it starts classifying the matched documents based on the account groups defined in the customizing.
    The problem is, that sometimes one side of the matching falls into one group and the other side of the matching falls into another group and
    then the user cannot see the assigned documents in the same screen.
    We were thinking of using a BADI that gets called after the automatic assignment but we think this is a huge thing to do with a BADI because we would be changing the way the standard fucntionality works with our code.
    Any other ideas?
    Thanks a lot
    Regards
    Isabel

    Hello Isabel,
    Where in your scenario is the problem:
    #1 The object groups are defined incorrectly.
    #2 The data is posted incorrectly.
    If #1 is the case - change the object group definition
    In case of #2 it seems to me that what you want is more transparency where the issue is so the users can make the necessary adjustment postings. It would be good to have a specific scenario here.
    Why did you create the object groups you created? Are these examples you're referring to based on the fact that the invoices were posted incorrectly?
    In FBICR3 you would usually use either just one object group (Open Items) or two object groups (Payables and Receivables). Are GL open items classified as payables or receivables incorrectly when integrating them into process 003?
    Hope this helps. If you need additional answers, please provide more details and specific examples...
    Ralph
    P.S.: Instead of adding these other documents to the object groups where they don't belong you could also add a function which will display the partner documents for the currently displayed "assigned" documents which don't have their partner documents in the display in a popup. That way you're still showing the problem (partner document is not posted correctly) but give them a little more information how to correct it (item should have been posted to account ABC instead of BAC)...

  • Saveing the OBJECT GROUP

    Hi Experts,
    I've created Object Group which consists of (alert, parameters, visual attribute and property class).
    Now I want to save this Object Group.
    Please help me to save it.

    You can't save it on it's own.
    I'm guessing what you want to do is use it as a shared component with all your Forms ?
    In this case what you need to do is create an object library (olb) and copy the object group into the object library module (then open the object library and then drag your object group into it).
    Then you can drag the object group from the object library into your other Forms (referencing it now rather than copying it).
    That's just a guess at what you'd like to do : for more information have a search for object libraries and referencing components.
    HTH
    Steve

  • IOS - object-group service

    Hello Guys,
    my question is do below access-lists operate the same way? I am confused about source and destination ports in object-group based acl.
    ip access-list extended 101
      deny tcp any any eq bgp
      deny tcp any eq bgp any
      deny tcp any any eq ftp
      deny tcp any eq ftp any
    service object group services
    tcp eq bgp
    tcp eq ftp
    ip access-list extended 101
      deny object-group service any any
    Following question is if the purpose is to deny any traffic where source port is bgp (e.g. deny any eq bgp any), how it can be configured using object group service.
    Thanks in advance
    Regards

    Hi,
    Have you tried configuring it like this
    object-group service GATEWAY-SERVICES
    service-object tcp eq 88
    service-object tcp eq 135
    service-object tcp eq 445
    service-object tcp eq ldaps
    service-object tcp eq 3268
    service-object tcp eq 3269
    service-object tcp eq 53
    service-object udp eq 53
    service-object tcp eq 389
    service-object udp eq 389
    service-object tcp eq 464
    service-object udp eq 464
    service-object tcp range 49152 65535
    service-object udp eq 49152 65535
    access-list dmzAccess permit object-group GATEWAY-SERVICES host 172.26.11.10 host 10.16.11.203
    I am not sure if it was only after software 8.3+ that the command under the actual "object-group" was of format "service-object tcp source" / "service-object tcp destination" (or the same for UDP)
    - Jouni

  • Copy Object group

    Hi
    Forms Builder (9.0.4.2.0) DB - 10gR2
    I just want to copy one object group from one form to another.
    Only thing source object group also sub classed. I tried copy/paste and drag and drop
    It didn't work.
    Then I tried copy from the original form which is not sub classed from any. Still didn't work.
    What's the concept behind.
    rgds
    shabar

    Hi Magoo
    When check the subclass information of object group
    there could see
    Object
    Object Name - Obj1
    Module - Mod1
    But I need the same object group (OG1) in form1 to be placed in the Form2.
    When I check the Mod1 it's a another Form where it has a object group (Obj1) which is not sub class to any
    How could this be done
    rgds
    shabar

Maybe you are looking for

  • I can't drag and drop any music from iTunes into the iPad tab on the left it just come up with a red cross ? Help !

    I just up loaded a load of music onto my computer and then when I press ctrl and s and try to drag the album tag over the iPad one it just comes up with a red cross and won't let me drop anything in it !

  • Problems creating MySQL Datasource in OC4J

    I was recently tasked with creating a MySQL datasource in my development OC4J container (running through Eclipse, but that's irrelevant). I searched for and found this page: http://www.oracle.com/technology/products/jdev/tips/duff/mysql_and_oc4j3.htm

  • Change the DN in the keystore

    Hi SDN, I tried to change the DN=<SID>. But there seems to be no way in SAP Visual Administrator > Service > keystore neither in the Portal itself. I am able to see the values,  but can not change them. Has anyone an idea? Best Regards, Olaf Reiss

  • Disabling country specific checkings for it 0021

    Although we are a german-based company and only do german payroll, we still have to maintain personal records from our employees all over the world, mainly for reporting purposes. Last week someone from our HR-staff tried to create it 0021 subtype 1

  • Including external CSS while designing

    Hi there!  Sorry if this is a simple question, but I'm a Dreamweaver newbie and didn't see this answered anywhere else, in the Dreamweaver help or forums. I'm usually creating portions of pages in dreamweaver, that get included later in larger pages.