Search Results

Search found 3466 results on 139 pages for 'firewall traversal'.

Page 13/139 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • IPSEC tunnel Fortinet Transparent Mode to inside Fortinet firewall in NAT Mode does not respond to i

    - by TrevJen
    I have 2 fortinet firewalls (fully patched); fw1 is providing an IPSEC tunnel in transparent mode. beneath this firewall is a fw2, a NAT firewall with a VIP address that has been confirmed to work. This configuration is required for my customers who want to connect to a public address space inside of the tunnel, in order to prevent cross over in IP space. This configuration works great for traffic going outbound to the remote side of the tunnel, but not inbound. While sniffing the traffic, I can see the inbound traffic going out of the fw1, but it is never seen at the fw2. Cust Net > 10.1.1.100 | | | FW1 >TRANSPARENT IPSEC | | | FW2 EXT >99.1.1.1.100-VIP | FW2 NAT >192.1.1.100-NAT

    Read the article

  • Is it possible to have an external server with in a companies firewall?

    - by Jonathan
    Hi guys, I am sure this is server admin 101,but I am unsure of the answer and would love some help. I am a software developer I have built an application for a client and am currently hosting it successfully on SliceHost. We are now coming out of Beta and the client wants to have the application within their Firewall, but they do not want to deal with headache of hosting and maintaining the server. Is there a way I can recommend that we put our server at SliceHost within their Firewall? Is that an easy thing to do? If that is not possible, what should I recommend to my client? Thanks! Jonathan

    Read the article

  • iptables: allowing incoming for 192.168.1.0/24 allowed incoming for all?

    - by nortally
    The internal side of my ISP router has three devices: ISP router 128.128.43.1 Firewall router 128.128.43.2 Server 128.128.43.3 Behind the Firewall router is a NAT network using 192.168.100.n/24 This question is regarding iptables running on the Server. I wanted to allow access to port 8080 only from the NAT clients behind the Firewall router, so I used this rule -A Firewall-1-INPUT -s 192.168.100.0/24 -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT This worked, but UNEXPECTEDLY ALLOWED GLOBAL ACCESS, which resulted in our JBOSS server getting compromised. I now know that the correct rule is to use the Firewall router's address instead of the internal network, but can anyone explain why the first rule allowed global access? I would have expected it to just fail. Full config, mostly lifted from a RedHat server: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :Firewall-1-INPUT - [0:0] -A INPUT -j Firewall-1-INPUT -A FORWARD -j Firewall-1-INPUT -A Firewall-1-INPUT -i lo -j ACCEPT -A Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A Firewall-1-INPUT -m comment --comment "allow ssh from all" -A Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A Firewall-1-INPUT -m comment --comment "allow https from all" -A Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A Firewall-1-INPUT -m comment --comment "allow JBOSS from Firewall" ### THIS RESULTED IN GLOBAL ACCESS TO PORT 8080 ### -A Firewall-1-INPUT -s 192.168.100.0/24 -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT ### THIS WORKED -A Firewall-1-INPUT -s 128.128.43.2 -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPt ### -A Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT

    Read the article

  • Why should I use Firewall Zones and not just Address Objects?

    - by SRobertJames
    I appreciate Firewall Address Objects and Address Groups - they simplify management by letting me give a name to a group of addresses. But I don't understand what Firewall Zones (LAN, WAN, DMZ, etc.) do for me over Address Groups. I know all firewalls have them, so there must be a good reason. But what do I gain by stating a rule applies to all traffic from LAN Zone to WAN Zone which comes from LAN Address Group to WAN Address Group? Why not just mention the Address Groups?

    Read the article

  • Windows Firewall: How to allow traffic on port 8080?

    - by Chadworthington
    I am trying to configure team Foundation Server so that 1) it is accessible from within my Home Network 2) and then make the Web site access accessible via the Internet I have a problem with point 1: When I access http://192.168.1.106:8080/tfs/web/ locally from 192.168.1.106, it works. When I access the same web site from another PC in my home network, the abive URL works only if I turn of the Firewall on 192.168.1.106. Can someone please tell me specifically how to allow traffic on port 8080 without turning off Windows Firewall? It seems that the exceptions that I specify are intended for listing programs on the box that need to communicate out. Is IIS the program that I need to make the exception? How do I specify that port 8080 traffic should be allowed for web site traffic on this port? I hope to have success with pt. 2 later but I figure (1) should be done first. I expect issues.

    Read the article

  • How can I debug Cisco Firewall ASA "Dispatch Unit" very high CPU utilisation from ASDM?

    - by Andy
    I have recently had my first firewall installed so I am very new to this whole situation. I am finding that Dispatch unit is becoming overloaded and it would appear to be the reason I get serious bouts of lag on my server. The firewall has had little configuration apart from me blocking all the ports in "Access Rules" and allowing only the ones the server needs and from where it needs them. I guess what I am after is assistance with locating the issues causing "Dispatch Unit" to take up all the CPU Regards --Edit-- With ASDM statistics I found that packets inbound (peak of 70-100k/sec from <1k/sec normal), traffic inbound (peak of 40-50kbits/sec from <1kbits/sec normal) and CPU all peak at the same time so I am pretty sure it is an attack of some sort but as a beginner with ASA I am not sure how to resolve

    Read the article

  • Is it possible to have an external server within a company's firewall?

    - by Jonathan
    Hi guys, I am sure this is server admin 101, but I am unsure of the answer and would love some help. I am a software developer I have built an application for a client and am currently hosting it successfully on SliceHost. We are now coming out of Beta and the client wants to have the application within their firewall, but they do not want to deal with headache of hosting and maintaining the server. Is there a way I can recommend that we put our server at SliceHost within their Firewall? Is that an easy thing to do? Their specific requirements are: For my application to authenticate against their Active Directory, and Only allow access to the application from within their network If that is not possible, what should I recommend to my client?

    Read the article

  • Winamp trashed its local media library database when I blocked it on my firewall -- Is this supposed to happen?

    - by Hamster
    Frankly, I don't see a compelling reason why Winamp needs to be using my network, as all I do is listen to songs from my local media. However, it appears to exact revenge when I try to ensure it can't on my firewall by completely eradicating my media library list (which includes all my song ratings and such). I was not able to recover this data, as I hadn't exported the database prior, and the actual database file was completely wiped. My other playlists and the actual media itself appear not to be effected, though. Is this supposed to happen, by chance? Edit: I wasn't able to get it to replicate this behavior with a different firewall+Winamp version. Hmm.

    Read the article

  • Is it effective installing firewall within same machine which offering service?

    - by Eonil
    I'm a starting a small service practically. And I have single server currently. No money to purchase separated/dedicated firewall equipment now. Is it effective installing firewall software on same machine which offering internet service? My server will offer HTTP, NFS, and SSH, and custom made server software on a several ports. (edit) All services (except NFS) should be open to internet. Not internal services. I guess my machine (virtualized within Xen) is connected to the internet directly because I can connect to my machine SSH with only IP address. (edit) NFS is not open to internet. Sorry for my mistake. NFS will be served via SSH only.

    Read the article

  • Which firewall ports do I need to open in order for a domain trust to work?

    - by Massimo
    I have two Active Directory domains in two different forests; each domain has two DCs (all of them Windows Server 2008 R2). The domains are also in different networks, with a firewall connecting them. I need to create a two-way forest trust between the two domains and forest. How do I configure the firewall to allow this? I found this article, but it doesn't explain very clearly which traffic is required between DCs, and which traffic (if any) in needed instead between domain computers in one domain and DCs for the other one. I'm allowed to permit all traffic between the DCs, but allowing computers in one network to access DCs in the other one would be a little more difficult.

    Read the article

  • Windows 7 is blocking ports

    - by Caleb1994
    I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

    Read the article

  • Windows 7 is blocking ports

    - by Caleb1994
    I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

    Read the article

  • How to modify preorder tree traversal algorithm to handle nodes with multiple parents?

    - by poldo
    I've been searching for a while now and can't seem to find an alternative solution. I need the tree traversal algorithm in such a way that a node can have more than 1 parent, if it's possible (found a great article here: Storing Hierarchical Data in a Database). Are there any algorithms so that, starting from a root node, we can determine the sequence and dependencies of nodes (currently reading topological sorting)?

    Read the article

  • DNS lookups failing somewhere between firewall and router

    - by TessellatingHeckler
    we have a setup of ADSL line - Cisco 837 ADSL router - Zyxel ZyWall 35 firewall/NAT - Switch == Intel load balanced NICS in a server. It has been fine for years, suddenly DNS resolution stopped working on the server. No changes that I know of, so I can't work backwards from there. It was configured with the ISP's DNS servers, neither network device does DNS relaying. Wireshark shows the request go out but nothing comes back. The server networking stack seems OK though, because if we query an internal DNS server on a remote site, that works. I can logon to the Cisco, and DNS resolves OK from the command line. I can logon to the ZyWall, and DNS does not resolve from the command line. So the problem seems to be the firewall, patch cable or router, yes? On the router: interface Ethernet0 ip address aaa.bbb.ccc.ddd 255.255.255.ddd ip tcp adjust-mss 1450 hold-queue 100 out On the firewall: DNS server set to 8.8.8.8 (Google's), DNS traffic allowed LAN-WAN. What else should I look for? Update: Following This guide I've got traffic logging on the Cisco. I have also got access to a public DNS server which I can run tcpdump on to see things from the other side. And as per the below comments, I've tested with Dig and see that DNS over TCP works, and over UDP does not. Currently: DNS request from the server using TCP shows up in the firewall log, and in the Cisco log, and in tcpdump on the DNS server, the answer comes back, it works fine. DNS request from the server using UDP shows up in the firewall log, and in the Cisco log, does NOT show in tcpdump on the DNS server, times out. DNS request from the cisco (using UDP) does show up in tcpdump on the DNS server, answer received, works fine. Ping requests from the server and the cisco to the DNS server show up in tcpdump on the DNS server. DNS request from the server using UDP does show up on the firewall. Summary: TCP seems fine throughought. UDP works over the ADSL and to the Cisco, and it works from the server to the Cisco, but it doesn't cross the Cisco properly, it seems. I did see the Cisco showing as connected at 10Mb/full-duplex internally, and the firewall showing as 100Mb/full-duplex externally. I have forced the firewall to 10Mb and rebooted both devices. That seemed to help get UDP traffic (server-firewall-cisco) instead of (server-firewall), but did not fix it. Update: Sanitized Cisco config: version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname cisco ! logging queue-limit 100 enable secret 5 {password} enable password 7 {password} ! ip subnet-zero ip domain name example.org ip name-server {nameserver_IP} ! ! ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! interface Ethernet0 ip address {Inside_public_IP} 255.255.255.248 ip tcp adjust-mss 1460 hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface Dialer1 ip unnumbered Ethernet0 encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent no cdp enable ppp chap hostname {ADSL_Username} ppp chap password 7 {ADSL_Password} ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 no ip http server no ip http secure-server ! access-list 23 permit {IP} dialer-list 1 protocol ip permit no cdp run snmp-server enable traps tty ! {con, vty} end

    Read the article

  • pfsense log file retention

    - by Colin Pickard
    We have a pfSense firewall in our datacentre. By default, pfSense is only storing 500K of firewall filter logs, which is only a few hours for us. How can I increase this? pfSense uses clog rather than the usual BSD newsyslog. I only want the log for debugging firewall rules, not compliance or anything, and the firewall has 100GB of spare disk space, so I'd rather have the logs on the firewall itself than set up a syslog server.

    Read the article

  • pfsense log file retention

    - by Colin Pickard
    We have a pfSense firewall in our datacentre. By default, pfSense is only storing 500K of firewall filter logs, which is only a few hours for us. How can I increase this? pfSense uses clog rather than the usual BSD newsyslog. I only want the log for debugging firewall rules, not compliance or anything, and the firewall has 100GB of spare disk space, so I'd rather have the logs on the firewall itself than set up a syslog server.

    Read the article

  • Why does the Mac OS X firewall dialog recurringly pop-up and disappear by itself (without letting me

    - by Chris W. Rea
    From time to time, I'll be on my Macbook using a program that accesses the network – whether Firefox, or Sony's Reader Library – really, it seems like it could happen with any program that accesses the network – and for no reason that I can discern so far (that is, it happens intermittently) the OS X firewall dialog pops up to ask me the question: Except it doesn't actually let me click anything before it disappears! That is: the dialog pops up, ... then goes away by itself a second later, then pops up again, ... then goes away by itself a second later, etc. It happens a few times before stopping. It wouldn't be so maddening to be interrupted if I could just be allowed to click "Allow" and make the darn thing go away for good. In Security preferences I have the firewall turned "On", and I would like to keep it that way. Has anybody seen this problem, found the source, and figured out a solution or workaround? Thank you.

    Read the article

  • How to set up port forwarding and firewall settings for torrents using Transmsission on Mac OSX 10.5

    - by Liz
    I have picked up bits of advice here and there on the internet and got someway through this tortuous exercise (after it took 18 hours to download the first torrent I tried yesterday - magnet-link for a film). Where I have got stuck is with configuring the firewall on the Netgear Router but I am not sure if I have caused the problem myself by something else I have done configuring the Mac System Preferences for Security or Networking. I have been following the sections of these instructions that seem to apply, although they are written for a different OSX version (don't know which one, but the screen shots do not match what I see) and I am not wanting to set up my Mac as a server and attending to the parts that apply to port forwarding for Netgear rather than LinkSys: http://homepage.mac.com/car1son/static_port_fwd_intro.html I have been trying to follow these instructions: Instructions for DG834, DG834G, DG824M, FR114W, FM114P, FR114P, FR328S, FVL328, FVS328, FVS338, FVX538, FWAG114, FWG114P, or FVS318v3 These routers do port forwarding by assigning port numbers to a "service" associated with the application you want to run. "Rules" are set for particular services. Rules block or allow access, based on various conditions such as the time of day and the name of the service. To Create a New Inbound or Outbound Rule 1. Submit the router's address in an Internet browser. (The default is 192.168.0.1). 2. Enter the router's username and password. 3. From the main menu, click Security > Rules. 4. Click Add for inbound or outbound traffic, as appropriate to the application you are planning to run. 5. Select the Service. The services the router knows about are listed in the drop down. If the service you want is not listed, add it as described in the next section. 6. Select the Action, for example ALLOW always. 7. For Send to LAN Server, enter the IP address of the local server. Note that this is also the IP address the computers on your LAN will access. 8. For WAN User choose Any, or limit access to particular IP addresses. 9. For Log selection it is reasonable to turn logs on, especially at the beginning when you are unsure of the result of the changes you are making. Later, you may want to set logs to "Never" for performance reasons. 10. Click Apply. As noted in user manual for some models: * Consider using the Dynamic DNS feature on the Advanced menu, so that external users can find your network when the DHCP lease is renewed by your ISP. * If your own LAN server uses DHCP, and your IPs change on rebooting, consider using the Reserved IP Address feature in the LAN IP menu. To Add a Service for These Routers 1. Click Security > Services > Add Custom Service. 2. Enter any name you choose for the service. 3. Select whether the service is to use TCP or UDP. If you are unsure, select both. 4. Enter the lowest port number used by the service. 5. Enter the highest port number used. If the service uses only one port number, enter the same number. 6. Click Apply. There is no "Security - Rules" submenu in the Netgear page, so I have been trying to access "Security - Firewall Rules". I can access everthing else in the Netgear settings as Admin but I cannot get the "Firewall Rules" section to open up. (I am not 100% sure I will know exactly what to do if and when I do get it opened up!) I haven't managed to find though searching the internet any instructions that would seem to apply specifically to what I am trying to achieve, so would be very grateful if someone could either point me in the right direction or give me some advice directly. Best wishes, Liz

    Read the article

  • Would a typical corporate firewall block a Java applet having the following behaviour

    - by auser
    I'm thinking of developing a proxy-like program to forward ports on a remote PC to a local PC (for example SSH). Assume that both local and remote PCs are running behind typical firewalls (i.e. consumer broadband router firewall, Windows firewall or corporate firewalls). The program will be a Java program which the user will run on both the remote and local PC. The remote client will periodically poll a central server to determine whether there are pending client connections. A session could be initiated as follows: The local client contacts the central server and request the current connection details for a specific remote client. The central server responds with the remote server's last received IP address and port. The next time the remote server polls the central server, the client's IP address and port are returned. The remote server initiates a connection to the local client using the IP address and port returned by the central server and listens for a response on a random port. The remote server will pass the value of the port it's listening on to central server. Goto 1, if client fails to connect to server. Would this work or will a typical firewall block the interactions.

    Read the article

  • What happened to my "Predefined rules" in Windows Firewall? How can I get them back?

    - by Cheeso
    Windows Firewall Advanced Settings in Windows 7 , has predefined rule sets. When I click the "Add Rule..." button in my Windows 7 Ultimate install, it looks like this: But, on a machine I have that runs Windows 7 Home Premium, when I click "Add Rule...", the "predefined rules" option is greyed out. Like this: Is this expected? Does Win7 Home Premium NOT have predefined rules? How can I get the rules back?

    Read the article

  • What anti-virus & firewall (with IDS) should I use for a windows server machine?

    - by Eran Betzalel
    I want one product to cover for Anti-virus & Firewall purposes. The product should also be lightweight and of course designed for windows server. Any suggestions? Note: I don't need an enterprise solution for the clients - only for the server. BTW, I currently using Symantec SEP, but it's too heavy (during weekly scans) for the server to handle and is not designed for server purposes.

    Read the article

  • How does Azureus get my firewall to open a port (Debian Linux)?

    - by Norman Ramsey
    I downloaded Azureus (a bittorrent client) for Debian Linux, and I notice that Azureus got my firewall (a Verizon wireless base station) to open a TCP and UDP port forwarding for it, without my having to do anything. My base station is password protected, and I'm alarmed at the idea that any random application can open ports without my knowing about it. Can somebody explain to me what is going on and how it is possible that Azureus can create this port-forwarding rule without any authentication?

    Read the article

  • What is the best Web Application Firewall for IIS?

    - by user30850
    What is the best Web Application Firewall(WAF) for IIS? What makes it better than the others? How useful is it at blocking attacks against poorly written code, otherwise known as an Intrusion Prevention System (IPS)? WAFs are required by the PCI-DSS, so if I have to get one, then it should the best one.

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >