YouTube Problems behind TMG Firewall

Similar Messages

• ACE problem - bridge mode - behind a firewall

  Hello
  We are having problems with one of you ACE context, this implementation was done by a supplier and I am trying to troubleshoot it.
  The clients and the servers are on different subnets, there is a Nokia firewall in the middle. The firewalls are setup on a cluster.
  Connecting to port 7072 is taking at least 30 seconds. If I move the server into the VLAN in front of the ACE, the connection is instant. So it does indicate a problem on the ACE.
  The client IP is .99.11.
  The VIP is .100.62 and the server node is .100.12.
  Running the capture command I can see the following behavior:
  1. The client initiates the connection to the ACE Vip
  2. At the same time it looks like a second connection is initiated from the client to the server node
  Please see attachment.
  Is this a normal situation where the connection is duplicated?
  Does this interface setup look correct?
  Is the bridge mode the correct setup in this scenario?
  interface vlan 10
  bridge-group 2
  no normalization
  mac-sticky enable
  access-group input PERMITALL
  service-policy input VLAN10-INTER-MMPM
  no shutdown
  interface vlan 15
  bridge-group 2
  no normalization
  access-group input PERMITALL
  no shutdown
  interface bvi 2
  ip address 192.168.100.7 255.255.255.192
  alias 192.168.100.6 255.255.255.192
  peer ip address 192.168.100.8 255.255.255.192
  no shutdown
  ip route 0.0.0.0 0.0.0.0 192.168.100.1
  Many thanks,
  Damian

  Thanks for replying James,
  I am sure I configured the capture only for VLAN10 which is in the VIP side.
  But you are right, it looks like is showing both VLAN10 and VLAN15. So that is one of my theories out of the window! :)
  This is a new installation, still on the testing stage. So it would be good time to make changes.
  Do you normally implement a routed setup behind a firewall? Rather than a bridged….
  It is quite a small setup:
  • Traffic is coming from a separate local subnet
  • Traffic is not coming from the internet so it does not required a NAT
  • We need 1 VIP listening on two ports
  • The backend servers are four Linux boxes
  Thanks again,
  Damian

• Flash Chart Performance Problem behind Firewall

  I am running into an issue with running Flash based charts behind a firewall.
  Database: 11.1.0.6
  Apex: 3.1.2.00.02 (Using Oracle HTTP Server via Oracle Application Server)
  Flash: 3.1.2.00.02
  I have a page the displays a 2D Line graph with three data series. When I run the report directly against my app server (URL: [http://ecydblcyorwq06/public/f?p=128:11]
  where ecydblcyorwq06 is my app server) the chart displays just fine. In
  order for the public to access this page they must go through our
  firewall called fortress. So they start by accessing the system from [https://fortress.wa.gov/ecy/wplcsreports/,] which then maps to my application (128:1). The URL becomes [https://fortress.wa.gov/ecy/wplcsreports/public/f?p=128:1].
  When I try to run the chart through fortress it never renders. I just
  get the "Loading Data...Please Wait" progress bar. The progress bar
  moves very slowly and never returns the chart.
  My dads.conf looks like
  <Location /public>
  SetHandler                  pls_handler
  Order                       deny,allow
  Allow                       from all
  AllowOverride                  None
  PlsqlDatabaseUsername        APEX_PUBLIC_USER
  PlsqlDatabasePassword         xxxxxxxx
  PlsqlDatabaseConnectString  database_server:1521:my_sid     SIDFormat
  PlsqlAuthenticationMode       Basic
  PlsqlDefaultPage                  f?p=wplcs_online:permit_search
  PlsqlDocumentTablename     wwv_flow_file_objects$
  PlsqlDocumentPath             docs
  PlsqlDocumentProcedure     wwv_flow_file_mgr.process_download
  PlsqlNLSLanguage            AMERICAN_AMERICA.AL32UTF8
  </Location>My Apache httpd.conf file looks like:
  <VirtualHost *>
  ServerName wplcsreports
  RewriteEngine On
  RewriteRule ^/$ /public/f?p=wplcs_online:permit_search [R]
  DocumentRoot /www/pls/apex
  #RewriteLog "E:\product\10.1.3.1\OracleAS_1\Apache\Apache\logs\rewrite.log"
  #RewriteLogLevel 9
  Port 80
  </VirtualHost>The Apache access logs have a couple entries like this:
  198.239.146.15 - - --30/Sep/2008:10:49:30 -0700--
  "GET
  /i/flashchart/2DLine.swf?XMLFile=http://wplcsreports/public/apex_util.flash?p=128:11:5145826667904515:FLOW_FLASH_CHART_R4278912739418628_en-us
  HTTP/1.1" 304 -
  198.239.146.15 - - --30/Sep/2008:10:59:02 -0700--
  "GET
  /i/flashchart/2DLine.swf?XMLFile=http://wplcsreports/public/apex_util.flash?p=128:11:761140423223754:FLOW_FLASH_CHART_R4278912739418628_en-us
  HTTP/1.1" 200 80216Is there something that I need to do from the configuration standpoint
  to make the chart work across the firewall? Do I need to do something
  with the Virtual host definition so that the XML file works properly?
  Tony

  Alright, I have modified my DAD to include the following line:
  PlsqlCGIEnvironmentList HTTP_HOST=fortress.wa.gov/ecy/wplcsreports:80
  I restarted the OHS and how I get an XML error in the chart region.
  XML Loading Failed: http://fortress.wa.gov/ecy/wplcsreports/public/apex_util.flash?p=128:11:......The thing I noticed here is that the failed URL is not HTTPS, but HTTP instead. I am guessing this is the current problem. So I went back to my httpd.conf file and tried to add the request_method directive to my virtual host definition, but this just caused the OHS restart to fail.
  httpd.conf
  <VirtualHost *>
  ServerName wplcsreports
  RewriteEngine On
  RewriteRule ^/$ /public/f?p=wplcs_online:permit_search [R]
  DocumentRoot /www/pls/apex
  #RewriteCond %{REQUEST_METHOD} ^TRACE
  Port 80
  </VirtualHost>So how do I force the XML file loading to be under the HTTPS protocol?
  Tony

• Essbase-behind-the-firewall problem

  The essbase server (6.2) is behind the firewall. All the needed ports are open (according to support recomendations). I can log on, start and use the first application, but after i start the second one (no matter which) and try to save the outline or retrive the data in SS Add-In essbasey displays consecutive error messages:1) Invalid login id - please login again2) Invalid login id - request [EssGetClientSettings] failes3) Invalid login id - request [adListObjs] faied.Thus i can only use 1 application at a time %((.Please help.Alex

  The Excel Essbase addin was not designed to work nice with firewalls.. The new Essbase Spreadsheet Services was, however, designed to work through a firewall. Additionally, our product, ActiveOLAP for Essbase 2.0, was also designed to work through a firewall as well (and features a nearly exact Excel interface w/o using any Excel components (and without any Microsoft licensing issues).Tim TowApplied OLAP, Inc

• Connect Oracle 10g client to the Oracle 10g database behind a firewall

  I need to connect an Oracle 10g client to the Oracle 10g database (windows server 2003 box) behind a firewall. I ran into this problem: Port redirection. Port redirection requires the Oracle client to connect to the database using a different port (usually a randomly selected TCP port) than the default or originally configured one. If there is no firewall between the server and the client, port redirection will not affect the actual connection. However, if port redirection does occur with the server behind a firewall, the client will be likely to suffer from a connectivity failure. The reason is simple: the newly assigned port based on port redirection is often blocked by the firewall. Such failures are not uncommon on Windows platforms.
  I don't know how to stablished an unique TCP port.
  I Enabled USE_SHARED_SOCKET on the Oracle database server, windows registry. Acording to what I read,that will force the server machine to share its port 1521 and thus all clients will stay on that port when connecting to the database. Noticeably, port redirection will not occur with USE_SHARED_SOCKET enabled, but that's true in oracle 8 or oracle 9. In oracle 10g this solution doesn't work.
  I will apreciate any help about this. Please!
  Thanks in advanced.

  Three solutions in order of preference
  1 Use Connection Manager on the server (only installed using a Custom Install). This will tunnel all traffic through a single port. It will also allow you to configure allowable nodes
  2 Set up shared server to use a fixed port. Disadvantage: shared server has overhead and the number of connections is limited
  3 Use shared_sockets. Disadvantage: when you stop the listener everyone is disconnected.
  Sybrand Bakker
  Senior Oracle DBA

• RPC-XML and JMXBeans works behind a firewall?

  Hi,
  i�m studing Java and have a question, RPC-XML and JMXBeans is possible to run this tecnologies in Internet??
  for example, if i have a J2EE server or a RPC-XML server and it is public for Internet, somebody can access to my services from his officce or house?
  JMXBeans i think that have some types of communications, as rmi, jndi or ldap but i dont know thar it works fine behind a firewall
  Sorry for my poor English, i�m studing it too

  Behrang Saeedzadeh <[email protected]> writes:
  If you are going through a firewall then you are best off using http
  tunneling for you client communication assuming the performance is
  acceptable. If you do this then you should have no problems. For an
  authenticating firewall with tunneled t3 you may need to provide
  credentials to get through. If you are using wlclient.jar then you may
  need to raise a support call since we don't currently support proxy
  auth with tunneling.
  andy
  Hi all
  I'm developing a Swing application that connects to an application server and uses EJBs for communicating with the server.
  My application works fine, now that it's not behind a firewall. Can my application also connect to the server when the client is behind a firewall? What if the client is behind a firewall that requires authentication?
  If the answer to the above questions is no, could someone please tell me what do I have to do in order to guarantee that my application also works behind a firewall (or an authenticating firewall.)
  Best Wishes,
  Behrang S.--

• JMXBeans and RPC-XML works behind a firewall???

  Hi,
  i�m studing Java and have a question, RPC-XML and JMXBeans is possible to run this tecnologies in Internet??
  for example, if i have a J2EE server or a RPC-XML server and it is public for Internet, somebody can access to my services from his officce or house?
  JMXBeans i think that have some types of communications, as rmi, jndi or ldap but i dont know thar it works fine behind a firewall
  Sorry for my poor English, i�m studing it too

  Behrang Saeedzadeh <[email protected]> writes:
  If you are going through a firewall then you are best off using http
  tunneling for you client communication assuming the performance is
  acceptable. If you do this then you should have no problems. For an
  authenticating firewall with tunneled t3 you may need to provide
  credentials to get through. If you are using wlclient.jar then you may
  need to raise a support call since we don't currently support proxy
  auth with tunneling.
  andy
  Hi all
  I'm developing a Swing application that connects to an application server and uses EJBs for communicating with the server.
  My application works fine, now that it's not behind a firewall. Can my application also connect to the server when the client is behind a firewall? What if the client is behind a firewall that requires authentication?
  If the answer to the above questions is no, could someone please tell me what do I have to do in order to guarantee that my application also works behind a firewall (or an authenticating firewall.)
  Best Wishes,
  Behrang S.--

• Portal Installation from behind the Firewall

  Hi
  I'm tryin to install portal but my db is behind the firewall , how to aolve this problem ???? i cant use tns connect string
  here is what i have in my tnsnames.ora
  IDB =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = tcp)(PORT = 1610)(HOST = 192.168.0.2))
  (ADDRESS = (PROTOCOL = tcp)(PORT = 1521)(HOST = 172.16.10.49))
  (CONNECT_DATA =
  (SID = dolphin)
  (SOURCE_ROUTE = yes)
  )

  Hi
  My firewall support SQL , because I can connect to my database from 9ias server outside the firewall but my problem is only with Portal Installation , because I cant use tns connect string , I can only use the server name and the port , and I can only connect using tns connect string because
  I have added to entries one for my firewall
  and the other one is for db ...
  any help please

• Server behind TMG to grab updates from WSUS server

  Hey Guys,
  The last topic I created about grab superseeded updates from WSUS, is what this is stil about cause I can't accept this installing updates manually as a answer. So I went ahead an did even more research on this.
  To keep it simple I went ahead and adjusted the Local Group Policy / Computer Conf / Admin Templates / Windows Comp / Windows Update / Specify an intranet Microsoft update server (http://172.16.3.3:8530)
  Allowed a Rule through TMG to allow by directional traffic of TCP 8530 between the server lan (172.16.8.x <-> 172.16.3.3)
  When I click check for updates its good I can see the established connection using netstat on port 8530.
  As soon as I click download updates, it tries to grab from internet based Servers... i can see the SYN_SENT right away and I can see the blocked http traffic on the TMG.
  So I went ahead and set the GPO setting and removed the port allocation behind it (http://172.16.3.3) Doing a netstat after clicking check for updates showed connection attempt to 172.16.3.3 via http, So I added the protocol to the allow rule between the
  servers, and sure enough it changed to established, and I see the allow through the TMG. However this now gives an error when i click on check for updates...
  There has to be a way for me to get this dang server to get updates from our WSUS server on the other side of the TMG firewall.. but how?! what am I doing wrong?!
  *NOTE* with the port specified in the local GPO of 8530, I can access http://wsus/selfupdate/wuident.cab perfectly fine. I ran wuauclt /detectnow and no errors reported in the WindowsUpdate.log file
  *NOTE* The Wsus server is setup to cache all update to a local dir, attempted to see the files in there but all contained random string .cab files, wish they would just contain just the KBnumber and the msu files for easier verification of updates available
  in the cache.

  The last topic I created about grab superseeded updates from WSUS, is what this is stil
  A LINK to that post would be most helpful as I am absolutely clueless about what this post is about.
  Allowed a Rule through TMG to allow by directional traffic of TCP 8530 between the server lan (172.16.8.x <-> 172.16.3.3)
  The correct implementation for TMG is to create a Web Publishing Rule for the WSUS Server and ALLOW passthru of the client identity.
  When I click check for updates its good I can see the established connection using netstat on port 8530.
  As soon as I click download updates, it tries to grab from internet based Servers... i can see the SYN_SENT right away and I can see the blocked http traffic on the TMG.
  So I went ahead and set the GPO setting and removed the port allocation behind it (http://172.16.3.3) Doing a netstat after clicking check for updates showed connection attempt to 172.16.3.3 via http, So I added the protocol to the allow rule between the
  servers, and sure enough it changed to established, and I see the allow through the TMG. However this now gives an error when i click on check for updates...
  I see that you've specified a PRIVATE IP Address as the target of the WSUS server (172.16.3.3), so the first set of questions revolves around why there's a TMG server involved in the first place, where this "WSUS Client" is located with respect to the
  TMG interfaces, and where the WSUS Server is located with respect to the TMG interfaces. Maybe all of this is in the original post... wherever that might be. I'm going to assume that you're *routing* traffic through the TMG from one private network to another
  private network, most likely from the DMZ to the WSUS server in the Internal LAN. (Just an educated guess.)
  The second set of questions... is 172.16.3.3 the IP Address of the WSUS Server on the Internal LAN, or is that the address of the DMZ Interface on the TMG. Configured correctly, it should be the former.
  Third set of questions.... always a question I ask because it invariably sheds amazing insights into other network issues.... Why are you configuring the policy with an IP Address, rather than the hostname of the WSUS server?
  There has to be a way for me to get this dang server to get updates from our WSUS server on the other side of the TMG firewall.. but how?!
  Properly configure a Web Publishing Rule. It's that simple. I have a WSUS server "published" to the DMZ so I can patch my DMZ servers and it works perfectly.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Issues with accessing forms applications behind a firewall & caching proxy

  We have web enabled an forms application and has the following set-up at server end.
  Machine no 1. Oracle Forms Server 6i with patch level 1 listening on HTTP/Port 80 on a windows NT box.
  Machine no 2. Apache Webserver. listening on HTTP/Port 80
  Both the machines are behind a firewall which allows only HTTP on port 80.
  At clients end we have
  1. a firewall which allows only HTTP on port 80.
  2. a caching proxy server
  The client machine connects through the caching proxy server.
  When the client connects the applet gets downloaded and initialised, the form server log shows the following
  -Forms Server Log-----
  [09/27/00 15:01:09 India Standard Time]::LISTN: Connection Request [ConnId=13, Addr=194.120.163.251:16278]
  [09/27/00 15:01:09 India Standard Time]::RUNFORM Client Connected [ConnId=13, PID=188]
  at the same time at the client side we get a FRM-92050 error: Failed to connect to server fs.formserver.com:80
  Please help
  Thanks
  null

  Thanks Henrique.
  This is not very promising but it confirms there is a potential issue
  How did you manage to solve the problem, allowing the NW server/application to perform direct accesses?
  Adalbert

• YouTube Problem With Flash

  Ever since I downloaded the latest Flash version...Version:
  9,0,115,0 I cannot upload videos to YouTube. When I get to the
  upload page and click UPLOAD it just sits on connecting forever.
  And if I let it sit there for an hour or so it will eventually say
  there is a problem with the Flash Player. Any idea on how to solve
  this?

  Hi!
  I'm able to see version (9.xxxxxx...something - the newest -
  today updated).
  Have horror with flash-based chat. I read in one topic here
  in IE problem is not! But i somehow can't login to this service
  with IE I had. Now I'm trying to download newer version and will be
  checking with it. Futhermore after this check I'll try how it looks
  in Fedora (if You Adobe support it - have no idea of this!)
  Not only I have this problem. I try on some polish forums and
  users write they are experiencing sample problems.
  My YouTube problem isn't with uploading (once I tried I felt
  too). It freezes on some place and not move even a little. I really
  can't remember what happen in a day, when it started but I fell it
  takes too long to be a problem with YouTube.
  People say it's Flash.
  P.S. sorry for my english

• Got help fixing my youtube problem, now that is working.  In the process of making the fix, lost my aol set up. Re installed it, but cannot access the icon. How do i get my AOL back?

  Got help fixing my youtube problem, now that is working.  In the process of making the fix, lost my aol set up. Re installed it, but cannot access the icon. How do i get my AOL back?

  If it's an application, it should be in the Applications folder. If in doubt, double click on the hardrive icon to open it up, then press Command+F (find) and in the window that comes up for what you want to find, type in AOL and it should appear. You can either drag it to the Dock for easy access or make an alias of that, and drag that alias to the Dock. Oh, and just so's you know, this forum is for Desktop macs only. We may be able to answer your question about a MacBook Pro. Same kind of animal, but different breeds.
  good luck
  John b

• How can I put my program behind a firewall or make it more secure?

  I have a client server program and I was reading through my notes. I had jotted down a recommendation to put it behind a firewall. However, I do not know how to do this in Java at all or even where to begin. How do I even create a firewall in Java?
  I'm also not sure if this is the security I need.
  This program is already running inside a network limited only to certain users. However, this particular program is limited only to two users. Also, the client runs on Unix and Windows machines accesible by many users in our project. I would not know how to create a firewall for just this program and just these two users.
  Right now my program is sorta like the basic client/server program examples given in the Java tutorials. It verifies the IP address of the client but like I said before anyone can be logged into that IP but only two users should be allowed to run the commands.
  Would a firewall even work in this case?

  However, I do not know
  how to do this in Java at all or even where to begin.
  How do I even create a firewall in Java? You don't.
  I'm also not sure if this is the security I need.I don't think so.
  I would not know how to create a firewall for just this
  program and just these two users.A firewall is not for restricting access to particular users of a network. It's for keeping unauthorized people out of the network entirely. What you should do is secure the server (how to do this depends on probably many factors), and use a username and password in the client app to control access. The client contacts the server, passing the credentials, and the server either grants or denies access. It's possible you would want to hash and salt the password, depending on how secure it needs to be.

• Problem with IPV6 Firewall since firmware 7.6.1

  I have problem with IPV6 Firewall (port forwarding using a HE tunnel) since firmware 7.6.1 upgrade,  IPV6 oubound is working, but ports are not forwarding to my local IPV6 adress, have used IPV6 Firewall, and it worked before
  Ant sugesttions, solutions?

  Go back one firmware version into release 7.6
  I had similar problems with an IPv6 tunnel not working anymore after the 7.6.1 upgrade.
  When I 'rolled' back to 7.6, my IPv6 tunnel came back working.
  I also use the old Airport Express application on my OS/X, the new one with the globe on the black screen is missing IPv6 tabs in the application..

• Problems with TMG MRS Service

  Is anyone experiencing any issues with the TMG MRS Service today? We're getting a lot of time out/errors causing a lot of sites to show up as unknown. These are the errors we've been seeing since about 9am this morning (UTC):
  The failure is due to error: The remote endpoint was not reachable.
  The failure is due to error: The remote endpoint is unable to process the
  request due to being overloaded.

  Still seeing errors against 10.ds.mrs.microsoft.com - the MRS site with the IIS8.5 holding page.  Its slow to load in a browser, we get occasional, but regular, nslookup failures against it.  We have been unable to trap any further details in TMG
  Diagnostic Logging, but a Connectivity Test with detailed pathping gave us the following:
  Time reported by the Microsoft Forefront TMG Firewall Service: 4.052 seconds
  Testing https://10.ds.mrs.microsoft.com:443
  Category: Connectivity error
  Error details: 64 - The specified network name is no longer available.
  whereas the same test for 10.ts.mrs.microsoft.com gives us...
  Time reported by the Microsoft Forefront TMG Firewall Service: 0.273 seconds
  HTTP response: 200 OK.
  The test successfully completed for this URL.
  It really looks like a DNS resolution issue against the 10.ds.mrs.microsoft.com MRS server (94.245.112.72 in the UK).  Changing our ISP DNS forwarders hasn't helped, and we don't see DNS failures for other queries.
  We're going to try switching the order of the MRS servers in the TMG "Microsoft Reputation Service Sites" object, within the Domain Name Sets group....