Wrt54gl vs host-based firewall

I have here a wrt54gl I am setting up the wireless side. For some reason, when I set it up to do wireless (WPA, TKIP). I then try to connect to it using a XP laptop (wireless, the microsoft default host-based firewall). It tries to connect and then gives up. I try doing this for 2hours with the same results. When I disabled the firewall in the laptop, I was able to connect. So, I disconnect and then enable firewall and try to connect again. This time it also connects and picks up the dhcp info. Weird...

Hi Dave,
What happens if Sunscreen is not in the picture? I don't think are are any known
issues with this part of the console. If you haven't already please download
WLS6.1SP2 and try with that. If you still see this behaviour I suggest logging
a support case.
Kind Regards,
Richard Wallace
Senior Developer Relations Engineer
BEA Support.
"dave" <dave@work> wrote:
Hi
I wondered if anyone had any experience using host based firewalls and
WLS.
I am running 3 physical servers with 2 managed servers on each i.e. 6
managed servers, all in one cluster. In the same VLAN is the WLS Admin
server. On each server is SunScreen Lite allowing 2 way connectivity
on TCP
ports 7001, 7002 and multicast on 237.0.0.1. Connections between the
Admin
server and each physical server is also allowed on port 5555 for NodeManager
to stop and start managed servers.
My problem is that when looking at the console on the admin server via
a
browser, odd servers are listed as not running when in actual fact their
process is still running when doing a ps -ef and are still servicing
requests. Under the clustering tab, a server which is listed as not running
under the servers tab, is listed as not in the cluster, although the
field -
Known Servers - lists all 6 managed servers.
The only way to be able to control the server again is to kill the process
on the box itself, and go back to the console and use NodeManager to
start
it up again. I am wondering what would make WebLogic remove the server
from
the list of running servers?
Any comments appreciated.
Cheers
Dave

Similar Messages

  • Host-based OpenLDAP Authentication On Mac OS X Mountain Lion

    Hello All,
    I'm sorry if this is the wrong group to post such a question, or if this has been already answered.
    I have openldap (slapd version 2.4.31-1+nmu2ubuntu8) running on Ubuntu Server 14.04. The 'hostObject' objectClass is added in the OpenLDAP directory. The 'host' attribute is added under all ldap users, which allows users to access just those particular hosts. Apple schema has been added as well.
    I have a ubuntu client that authenticates users against the ldap server. The ubuntu client is configured to perform host-based authentication via pam modules. Only users that have access to the Ubuntu client can login, and others are denied access. I also have a Mac OS X Mountain Lion (10.8.5) client that authenticates users against the same openldap server. All network users can login through the login window. I would like to restrict access to the Mountain Lion client based on hosts, as I've it on the Ubuntu client.
    I tried to search for documentation on this, but didn't find any good one. Most of the documentation suggest that network user access be controlled on the Mountain Lion client. I'd really like to have that control on ldap server and not on client. Also, restricting network user access using 'Users & Groups' settings in System Preferences fails. All ldap users are blocked from login.
    I have successfully tested host-based authentication on a Ubuntu Server 10.04 client that is connected to the same ldap server. So, I know host based authentication works. I would really appreciate if anyone could shed some light on this, or point me to a document that talks about host-based authentication on Mac OS X Mountain Lion client.
    Thanks,
    Amit

    I just found the anwer to my own issue. The installation failed on Jam Pack Content 3 disk. To finish the installation I need to go to the Logic Pro Main menu under the item Download supplemental content

  • Change Application-Based firewall via command line

    I'm looking for the command line method of changing the application-based firewall. I am not referring to ipfw, which I already have configured. Basically, all I want to do is change "Set access for specific services and applications" to "Allow all incoming connections" under Security > Firewall. However, I need to do this via ssh, so I need the command line method.

    sysadmin wrote:
    It has been included in several Apple packages dating back to Tiger. However, you have to dig it out of one of the packages in /Library/Receipts. Use the "locate" command and you'll find it in a few packages. Apparently they were using it internally long before they included it in the OS.
    Interesting. The same thing was true for SetFile, which was/is present in Developer Tools. If you hadn't installed the latter, you could still find it in some of the system update for Tiger.
    Using 'defaults' for nested values can be downright painful,
    Yes

  • Standard (application-based) firewall with one additional port open?

    Lion and Snow Leopard both have application based firewalls.  I want to allow access to a Minecraft server on port 25565 but I don't want to allow all of Java.  How can I open one port in addition to leaving the standard firewall in place?

    Hi
    The Zone based firewall uses "inspect" statements, that's just what it does.
    A simple zone-based firewall that will inspect all traffic going from the local network to the internet and protecting the outside interface of the router, but allowing anyconnect connections would look something like this:
    ip access-list standard INSIDE-NETWORK_ACL
     permit 192.168.1.0 255.255.255.0
    class-map type inspect INSIDE-NETWORK_CMAP
     match access-group name INSIDE-NETWORK_ACL
    class-map type inspect HTTPS_CMAP
     match protocol https
    policy-map type inspect INSIDE-TO-OUTSIDE_PMAP
     class type inspect INSIDE-NETWORK_CMAP
      inspect
    policy-map type inspect OUTSIDE-TO-SELF
     class type inspect HTTPS_CMAP
      pass
    zone-pair security INSIDE-TO-OUTSIDE_ZP source INSIDE destination OUTISDE
     service-policy type inspect INSIDE-TO-OUTSIDE_PMAP
    zone-pair security OUTSIDE-TO-SELF_ZP source OUTSIDE destination self
     service-policy type inspect OUTSIDE-TO-SELF
    I haven't personally configured Zone Based Firewall with anyconnect. So if this doesn't work you can look at this link: https://supportforums.cisco.com/document/46481/anyconnect-ios-zone-based-firewall-zbfw

  • Recommendation Needed on Host Based Intrusion Detection

    Hi,
    I don't have any experience in selecting or implementing a host based intrusion detection package.
    I need a package to sit on a web server (Win 2k / 2003 with IIS), running some e-Commerce websites, and I need to make sure that this package can detect and/or block any attempt to manipulate the scripts or web pages. If it's possible, I want to make sure that only certain IP addresses are allowed to carry out changes for this web service.
    Can Cisco Security Agent fullfil my requirements? What is the licensing scheme if I wanted to deploy this on multiple servers? And do I have to get any central management station for these servers (any CiscoWorks platform for instance) or I can manage them individually?
    Any comment or recommendation would be highly appreciated.
    Thanks alot.
    Salem.

    CSA will work well for this. You would need a license for each server. It is managed with CiscoWorks VMS.
    http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html
    Tom S

  • Host-based access restrictions

    What is the preferred method for implementing host-based access restrictions in Directory Server 5.2?
    I am setting up Solaris 9 clients using the native LDAP client.
    I tried setting up host-based access using netgorups, and it works great, but found the user's group associations stopped working. Only the default group shows up.
    Removing netgroups allows any valid user to authenticate to any host. Very bad.
    As a last resort, one could add an ACL for each user in the LDAP server specifying which hosts he can bind from. But then again, it's the proxyagent that will be binding.
    There has to be a better way to do this. Absolutely no info on this in the admin guides.

    Solaris10u6 (Solaris 10 10/08) added a pam_list module that appears to do what your asking about from a brief glance at the whats new.

  • PAM-KRB5: account:  unable to get host based service name for realm

    I want a custom service to authenticate via PAM with Microsoft Active Directory Services on Windows 2003. kinit appears to work:
    Myserver% klist
    Ticket cache: /tmp/krb5cc_200
    Default principal: [email protected]
    Valid starting Expires Service principal
    Tue 01 Aug 2006 10:42:23 AM CDT Tue 01 Aug 2006 08:42:23 PM CDT krbtgt/[email protected]
    renew until Tue 08 Aug 2006 10:42:23 AM CDT
    Running a sample PAM consumer using 'winsamp' as its service name complains that Kerberos doesn't know the user. syslog reports: PAM-KRB5: account: unable to get host based service name for realm 'EXAMPLE.COM'.
    I'm stuggling to get any additional logging out of either PAM or Kerberos. Any advice appreciated.
    /etc/pam.conf:
    winsamp auth required pam_krb5.so.1 debug
    winsamp password required pam_krb5.so.1 debug
    winsamp account required pam_krb5.so.1 debug
    winsamp session required pam_krb5.so.1 debug
    /etc/krb5/krb5.conf:
    [libdefaults]
    default_realm = EXAMPLE.COM
    default_tkt_enctypes = des-cbc-md5 ; or des-cbc-crc
    default_tgs_enctypes = des-cbc-md5 ; or des-cbc-crc
    [realms]
    EXAMPLE.COM = {
    kdc = mykdc.example.com:88
    admin_server = mykdc.example.com
    default_domain = EXAMPLE.COM
    [domain_realm]
    .example.com = EXAMPLE.COM
    [logging]
    default = FILE:/var/krb5/kdc.log
    kdc = FILE:/var/krb5/kdc.log
    kdc_rotate = {
    # How often to rotate kdc.log. Logs will get rotated no more
    # often than the period, and less often if the KDC is not used
    # frequently.
    period = 1d
    # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
    versions = 10
    [appdefaults]
    kinit = {
    renewable = true
    forwardable= true
    PAM sample application synopsis:
    pam_start("winsamp", "someuser", &conv, &pamh);
    err = pam_authenticate(pamh, 0);
    if (err == PAM_USER_UNKNOWN)
    printf("don't know that user\n"); // <-- we always arrive here
    logout();
    }

    Part of the problem was that the Sun server's domain was not an exact match for the ADS domain. One was XXXX.EXAMPLE.COM and the other was just EXAMPLE.COM. Adding the equiv. domains in krb5.conf improved that situation.
    The sample PAM application still doesn't behave the way I want. When pam.conf is configured to authenticate against /etc/passwd, it works. Not when authenticating against ADS alone. I've come to the conclusion that PAM is for authenticating ONLY access to Solaris accounts.
    My application does not need a Solaris account. Am I using the wrong authentication API?

  • Identity based firewall - how to ignor a username

    I have set up an identity based firewall configuration.
    This all seems to work quite well, some issues still arise however:
    policies with usergroups containing spaces (i.e. "Domain Users") are not correctly handled;
    it seems that a process / service account or whatever running on a workstation and firing a kerberos ticket request deletes the ip - user mapping that was recorded for the user logging in.
    The group names can be handled, but it would be absolutely great to find a way to ignore certain usernames in the ip-user mappings. For instance "Administrator" or "epo_service_account"
    Does anyone know how to arrange this?
    Thanks,
    Bas

    Hi Frank,
    Thanks a lot for your answer. Just one more easy question: what I need to do is a custom Authentication Module (which will read the cookie)? If only you can point me to the correct chapter of the WLS documentation I'll be very pleased.
    In future releases of JDeveloper will be easier to do this kind of things related to security?
    Riveck

  • Host based zfs config with Oracle's Unified Storage 7000 series

    Hi all,
    It is my understanding that the 7000 storage displays a FC or ISCSI lun to the host. I understand this LUN is a ZFS lun in the 7000 storage, however the host still sees this as only one LUN. If I configure a host based ZFS storage device on top of this LUN I have no host based zfs redundancy. So do we still need to create a host based ZFS mirror or a host based ZFS raidz device when use a 7000 series storage array?
    Thanks,
    Shawn

    Many thanks - telling ESX to connect to the 7310's IP address on one of the other subnets DOES appear to work!
    My brain must still be addled from some other recent issues we've been having...absolutely no idea why I hadn't tried it already...
    I stand by the fact that the BUI is ambigious, however - it still mentions that it's exported on only one of the networks...
    Thanks again...

  • Cisco Zone-based firewall issue/ not receiving return traffic

    Hi,
    I have created a Cisoc IOS Zone based firewall on my cisco 3945 router. I have an issue receiving any returning traffic. Here is a simplified version of my issue.
    I have two zone pairs: Internal to Outside and Outside to Internal.
    In the zone pair Out-to-Int I have a few rules allowing connections to specific servers on specific ports. The default class-map drops any non-matching packets.
    In the zone pair Int-to-Out I have a rule saying internal PCs can access any destination on the internet over “any” service. When I put the action as “Inspect” I cannot connect to the internet. It’s as if my return traffic is not detected by the firewall and instead gets dropped by the default class map in the Out-to-Int pair.
    To make it work I need to do two changes. I need to choose Allow instead of Inspect and I need to change the default class-map on the Out-to-Int pair to “allow” for unmatched traffic. But this is not good because I have a default allow on my out-to-int pair.
    Am I misunderstanding something? Shouldn’t the inspect action on the Int-to-Out zone allow for return traffic no matter what rules I applied on the Out-to-Int pair? Thank you in advance for your help.

    Please share your config. Then we can see what's wrong there.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • Old host-based printer can be networked using Airport Express

    Was thrilled to find out that my old HP printer works (uh, at least it DID work) as a wireless network printer because of Airport Express! (THAT's why I paid more for a router with a printer port.)
    According to HP, my old HP LaserJet 1020 printer is host-based and therefore supposedly NOT network-compatible. (True, a host-based printer CAN be shared among computers on a network as long as the printer is connected to the powered-on main computer, but I wanted more than that.) BTW, the HP 1020 shares drivers with the network-compatible 1022.
    But AX doesn't care whether a printer is host-based. Took several steps (including Bonjour) to get it to work, and I've printed wirelessly from both my PCs with the HP LaserJet 1020 plugged into the AX USB port.
    First I installed the HP drivers (1020/1022 plug and play, from the HP website) and set up and printed from computer 1. Late at night, maybe I did this through Bonjour, but I think instead I was able to just find it through Windows > Add a printer). It defaulted to an HP 1020.
    Next I installed the HP drivers and set up and printed from computer 2. Bonjour didn't find the printer, so I did a manual setup through Airport Utility, choosing TCP/IP and entering the IP address of the AX (10.0.1.1). I chose to set it up as an HP 1022, based on my limited understanding that some folks report better results that way.
    When I went back to print from computer 1, I printed a file successfully. However, even later that night (yawn), when I tried to print a second file from computer 1, the print job would show up in the queue as "printing" but would then revert to error.
    Any settings advice out there? I've read that the 1020 has been known to crash the print spooler, so I may re-install on computer 1 as if it's a 1022. Should I change the spooler settings? Shouldn't need to "share" the printer through Windows, right? Do I need to add _1 to the printer's IP address on the second computer? At least it worked ONCE, so I'm confident this can be set up to work reliably.

    Just wanted to provide my happy update. For whatever reason, all I had to do was redo the printer setup on computer 1, and all I needed was Windows Add a Printer, now tha I know what steps to take. I'm printing wirelessly to it through my network, yay!
    So if you have a host-based printer (which HP support website says is not network compatible), you can still use it as a network printer, thanks to Airport Express! No need to plug the printer into a computer and use Windows Printer Share.

  • Are supported Windows host based printers from HP by Netweaver?

    Are Windows host based (GDI) printers from HP supported by NetWeaver?
    For example HP LASERJET PROFESSIONAL P1102.
    Which SPAD configuration I must set, to print for it?

    Hello,
    The following SAP Notes will be a good starting point for you:
    [Note 1135055 - Printer Vendor Wizard Note: HP|https://service.sap.com/sap/support/notes/1135055]
    [Note 1036961 - Device type selection wizard in transaction SPAD|https://service.sap.com/sap/support/notes/1036961]
    Success.
    Wim  Van den Wyngaert

  • Host based mirror on FC LUN's

    Hi everybody,
    I would like to know, if it's possible or somebody has experience to create a host-based mirror with Oracle VM 3.1.x - on 2.x it was possible using MD-device and format it with ocfs2.
    As far as I can see in 3.1.x the only way for mirroring on SAN would be on the storage box, which will produce additional costs for BC-Volume license ...
    Kr
    Michael.

    Hi,
    Guest LDOM images can be on anything, as it is transparent to the LDOM. Remember the Control domain is actually serving the filesystems to the guest LDOM`s. So they can either be whole LUN`s, zfs devices, mounted filesystems, anything really. You could even have a LDOM guest image on a NFS filesystem if you really wanted..
    I have setup the majority of systems using the SAN attached to the Control domain, and then setup ZFS filesystems on these LUN`s and placed disk images on the ZFS filesystems. This means that we can use ZFS snapshots on the control domain if we need to do any patching etc.etc.
    I would also suggest that you have a minimum of 2 connections to each of your SAN devices. One connection is bad, m`kay? :D
    Edited by: krankyd on Sep 23, 2009 1:01 AM

  • What is the minimal reqs to use Host-based IPS?

    I have several servers touching the internet, and one basic ASA-5510.
    Aside from purchasing the AIP-SSM and upgrading the 5510 license, what else is required to have a host-based IPS?
    Do I need to purchase MARS or other software?
    How are the security-agents spec'ed?
    Thanks.    

    This is what Cisco is saying to that topic (from the EOL-page):
    Cisco's network security product portfolio has complementary security technologies, such as Cisco Intrusion Prevention Systems,Cisco ASA 5500 Series Adaptive Security Appliances, and Cisco IronPort Email and Web gateways. Please contact your Cisco account team for more information on these products. While there is no direct Cisco Security Agent replacement product from Cisco, many endpoint security products are available from a wide variety of third-party vendors. We expect that customers will want to do their own due diligence in choosing a replacement product that best meets their needs.
    For Clients I would go for the typical security-packages every anti-virus-vendor has to offer. In addition with a web-filter the protection should be quite good. For Servers, network-based IPS together with filtering reverse-proxys and application-gateways do the work for me. But I really miss the CSA in some cases.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • ACU & Host Based EAP

    I have been able to setup EAP-TLS with Windows XP using the Windows network settings. I would like to use the Aironet Client Utility to control my profiles as it offers more configurability and information.
    I create a profile in the ACU with the SSID, Dynamic WEP, and select Host Based EAP from the Network Security Type drop-down menu. When I enable this profile, I lose all network connectivity. I have tried this with the 'Use Windows to configure my wireless network settings' checkbox both checked and unchecked and I have not removed any of the settings for this SSID from the Windows networking.
    What am I missing? Thanks.

    Try following this the instructions on this link
    http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/350cards/windows/incfg6/win5_ch6.htm#1170175

Maybe you are looking for

  • Control Panel on HP Photosmart Plus e-All-in-One Printer - B210

    The touch screen control panel on my HP Photosmart Plus e-All-in-One Printer - B210 has stopped working.  I am able to use the Home button and others around the touch screen, but when I touch something on the screen it will not work. Any suggestions?

  • How to separate non metric fields in Fact tables

    Hi All,    I am having metric fields along with some non metric fields  in fact tables(All the fields has to be present in fact table only). Is it possible to group all non aggregated fields and aggregated fields in the same fact tables. Please advis

  • Trying to update iphone 4 to IOS 7 says i need to update itunes and its already updated

    Im trying to update my Iphone 4 to IOS 7 and it keeps telling me I need to update my Itunes I have the most current version of Itunes and that is as far as my update will take me...how do I get past this??

  • My itunes stores are not work

    my itunes store

  • LDB  GET PERNR

    does not LDB filter the data based on selection screen fields ??? suppose i have a employee currently in personnel area 'A' , where as he was in 'B' previously, but when i give 'B' as selection criteria i am getting both A and B records in infotype p