Search Results

Search found 3251 results on 131 pages for 'firewall'.

Page 14/131 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • See configured rules even when inactive

    - by Bryan
    Hello, I'm wondering if it's possible to get UFW to list the configured firewall rules even when it's not enabled. I only have ssh access to the server at this time, and I don't want to enable UFW if there's not a rule configured allowing ssh. However, since UFW is currently not enabled, I just get an "inactive" message when I run "ufw status". Is there a special flag I can use or even some config file I can look at to see what rules are configured even when the firewall is disabled?

    Read the article

  • Server Firewall preventing sending of email [migrated]

    - by Jo Fitzgerald
    The firewall on my VPS appears to be preventing my site from sending email. It was working fine until the end of last month. My hosting provider (Webfusion) has been next to useless. I am able to send email if I open INPUT ports 32768-65535, but not if these ports are closed. Why would this be? I have the following rules in my firewall: # sudo iptables -L Chain INPUT (policy DROP) target prot opt source destination VZ_INPUT all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination VZ_FORWARD all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination VZ_OUTPUT all -- anywhere anywhere Chain VZ_FORWARD (1 references) target prot opt source destination Chain VZ_INPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpts:32768:65535 ACCEPT udp -- anywhere anywhere udp dpts:32768:65535 ACCEPT tcp -- localhost.localdomain localhost.localdomain ACCEPT udp -- localhost.localdomain localhost.localdomain Chain VZ_OUTPUT (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ACCEPT udp -- anywhere anywhere The VPS is running Plesk 10.4.4 (please ask if you require further technical information to help me)

    Read the article

  • Adjust iptables

    - by madunix
    cat /etc/sysconfig/iptables: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d X.0.0.Y -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp -s X.Y.Z.W --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s M.M.M.M --dport 3306 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT I have the above following IPtables on my linux web server(Apache/MySQL), I want to have the following: Block any traffic from multiple IP's to my web server IP1:1.2.3.4.5, IP2:6.7.8.9 ..etc Limiting one host to 20 connections to 80 port, which should not affect non-malicious user, but would render slowloris unusable from one host. Limit MYSQL port 3306 access on my server only to the following IP range A.B.C.D/255.255.255.240 Block any ICMP traffic.

    Read the article

  • Configure Windows Firewall for SQL Server 2008 Database Engine in Windows Server 2008 R2

    I have installed SQL Server 2008 Developer Edition on Windows Server 2008 R2 and I am unable to get connect to SQL Server 2008 Instance from SQL Server 2008 Management Studio which is installed on another remote server. As I am new to Windows Server 2008 R2 it would be great if you can let me know the step by step approach to enable the default port of SQL Server 2008 in Windows Firewall for user connectivity.

    Read the article

  • curl to itself behind firewall

    - by xtreaming
    I have a server A which is configured behind a firewall and has 30.x.x.x public adress and 172.x.x.x internal address. I'm trying to make a php Curl call from a script located on that server, to the 30.x.x.x external IP of that server but the curl call cannot be resolved. It seems that server A does not have a route to that IP. Did you encounter any similar situations? Any chance to solve it through static routes?

    Read the article

  • Firewalling gateways and IDS's

    - by Scott Davies
    Hi, For IDS, I plan to have a Win 2008 server running on the gateway with the majority of roles disabled. I plan to firewall the Internet connection, but I'd also like to install Snort to work as an IDS. However, I am guessing that regardless of the Snort install of the promiscuous Winpcap driver, I won't be able to monitor ports that the firewall blocks. My thinking is that chain of flow is: Internet-Firewall on Win 2008-Winpcap-Snort-internal network Is there a way to still monitor services that the firewall will block (i.e. TCP 445 SMB) ? Perhaps run the data through Snort and then through the firewall ? Thanks

    Read the article

  • How to relax firewall for UDP connections/ports for a specific IP address?

    - by Gnanam
    Hi, My server is Red Hat Enterprise Linux Server release 5. iptables version is v1.3.5. I want to allow all UDP connections / port for the IP address 192.168.0.200. This IP address is configured in my eth0. So basically I want to set it up the same as my local loopback (127.0.0.1) UDP traffic. What is the iptable command to allow all UDP connections / ports for IP 192.168.0.200?

    Read the article

  • How do you implement NAT-T passthrough on a Juniper SRX series Firewall?

    - by Chris
    We have 3 juniper SRX-100 firewalls, they are configured like so: FW1 - FW2 - INTERNET - FW3 We would like to create an IPSEC tunnel between FW3 and FW1 passing through FW2 preferably using NAT-T. Is this possible? FW1 and FW2 have some strict access rules only allowing 1 port connected (it's a DMZ with a server in) so we can't just create a route based vpn between FW1 and FW2 to forward the traffic (otherwise all traffic will be forwarded) We know the tunnel is fine because we have managed to test it between FW1 and FW3 (without FW2 in the middle) so we know that the issue is to do with the 'passthrough' on FW2. Essentially, the question is - What options do we need to select on FW2 to enable it to pass through the IPSEC traffic straight to FW1? Many thanks in advance

    Read the article

  • Remote host: can tracert, can telnet, can*not* browse: what gives?

    - by MacThePenguin
    One of my customers of the company I work for has made a change to their Internet connection, and now we can't connect to them any more from our LAN. To help me troubleshoot this issue, the network guy on the customer's site has configured their firewall so that a HTTPS connection to their public IP address is open to any IP. I should put https://<customer's IP> in my browser and get a web page. Well, it works from any network I've tried (even from my smartphone), just not from my company's LAN. I thought it may be an issue with our firewall (though I checked its rules and it allows outbound TCP port 443 to anywhere), so I just connected a PC directly to the network connection of our provider, bypassing out firewall completely, and still it didn't work (everything else worked). So I asked for help to our Internet provider's customer service, and they asked me to do a tracert to our customer's IP. The tracert is successful, as the final hop shown in the output is the host I want to reach. So they said there's no problem. :( I also tried telnet <customer's IP> 443 and that works as well: I get a blank page with the cursor blinking (I've tried using another random port and that gives me an error message, as it should). Still, from any browser of any PC in my LAN I can't open that URL. I tried checking the network traffic with Wireshark: I see the packages going through and answers coming back, thought the packets I see passing are far less than they are if I successfully connect to another HTTPS website. See the attached screenshot: I had to blur the IPs, anyway the longer string is my PC's local IP address, the shorter one is the customer's public IP. I don't know what else to try. This is the only IP doing this... Any idea what could I try to find a solution to this issue? Thanks, let me know if you need further details. Edit: when I say "it doesn't work" I mean: the page doesn't open, the browser keeps loading for a long time and eventually shows an error saying that the page cannot be opened. I'm not in my office now so I can't paste the exact message, but it's the usual message you get when the browser reaches its timeout. When I say "it works", I mean the browser loads and shows a webpage (it's the logon page for the customers' firewall admin interface: so there's the firewall brand's logo and there are fields to enter a user id and a password). Update 13/09/2012: tried again to connect to the customer's network through our Internet connection without a firewall. This is what I did: Run a Kubuntu 12.04 live distro on a spare laptop; Updated all the packages I could and installed WireShark; Attached it to my LAN and verified that I couldn't open https://<customer's IP>. Verified that the Wireshark trace for this attempt was the same as the one I've already posted; Verified that I could connect to another customer's host using rdesktop (it worked); Tried to rdesktop to <customer's IP>, here's the output: kubuntu@kubuntu:/etc$ rdesktop <customer's IP> Autoselected keyboard map en-us ERROR: recv: Connection reset by peer Disconnected the laptop from the LAN; Disconnected the firewall from the Extranet connection, connected the laptop instead. Set its network configuration so that I could access the Internet; Verified that I could connect to other websites in http and https and in RDP to other customers' hosts - it all worked as expected; Verified that I could still traceroute to <customer's IP>: I could; Verified that I still couldn't open https://<customer's IP> (same exact result as before); Checked the WireShark trace for this attempt and noticed a different behaviour: I could see packets going out to the customer's IP, but no replies at all; Tried to run rdesktop again, with a slightly different result: kubuntu@kubuntu:/etc/network$ rdesktop <customer's IP> Autoselected keyboard map en-us ERROR: <customer's IP>: unable to connect Finally gave up, put everything back as it was before, turned off the laptop and lost the WireShark traces I had saved. :( I still remember them very well though. :) Can you get anything out of it? Thank you very much. Update 12/09/2012 n.2: I followed the suggestion by MadHatter in the comments. From inside the firewall, this is what I get: user@ubuntu-mantis:~$ openssl s_client -connect <customer's IP>:443 CONNECTED(00000003) If I now type GET / the output pauses for several seconds and then I get: write:errno=104 I'm going to try the same, but bypassing the firewall, as soon as I can. Thanks. Update 12/09/2012 n.3: So, I think ISA Server is altering the results of my tests... I tried installing Wireshark directly on the firewall and monitoring the packets on the Extranet network card. When the destination is the customer's IP, whatever service I try to connect to (HTTPS, RDP or SAProuter), I can only see outbound packets and no response packets whatsoever from their side. It looks like ISA Server is "faking" the remote server's replies, that's why I get a connection using telnet or the openSSL client. This is the wireshark trace from inside our LAN: But this is the trace on the Extranet network card: This makes a bit more sense... I'll send this info to the customer's tech and see if he can make anything out of it. Thanks to all that took the time to read my question and post suggestions. I'll update this post again.

    Read the article

  • Blocked connections passing through firewall. What is wrong?

    - by Kiranu
    In our company we have a small business router (Cisco RV082) on which we are using its standard configuration (block all incoming traffic). We also have an SMTP relay configured (using WS2008R2) so that our internal applications can send email through google apps (which requires authentication). The thing is that the server was being used to send spam. We fixed the problem by only allowing the server to relay email from our internal IP address range (10.0.0.0/16). My concern is that there was a way by which external IPs connected to the network and that underlying problem has not been fixed, but I cannot imagine how these machines connected. Any thoughts?

    Read the article

  • Why would I need a firewall if my server is well configured?

    - by Aitch
    I admin a handful of cloud-based (VPS) servers for the company I work for. The servers are minimal ubuntu installs that run bits of LAMP stacks / inbound data collection (rsync). The data is large but not personal, financial or anything like that (ie not that interesting) Clearly on here people are forever asking about configuring firewalls and such like. I use a bunch of approaches to secure the servers, for example (but not restricted to) ssh on non standard ports; no password typing, only known ssh keys from known ips for login etc https, and restricted shells (rssh) generally only from known keys/ips servers are minimal, up to date and patched regularly use things like rkhunter, cfengine, lynis denyhosts etc for monitoring I have extensive experience of unix sys admin. I'm confident I know what I'm doing in my setups. I configure /etc files. I have never felt a compelling need to install stuff like firewalls: iptables etc. Put aside for a moment the issues of physical security of the VPS. Q? I can't decide whether I am being naive or the incremental protection a fw might offer is worth the effort of learning / installing and the additional complexity (packages, config files, possible support etc) on the servers. To date (touch wood) I've never had any problems with security but I am not complacent about it either.

    Read the article

  • Does my dd-wrt installation support firewall logging?

    - by SpikeX
    I would like to log firewall events. I know this is possible with dd-wrt, but a lot of the documentation I've read states that this isn't possible with a micro installation of dd-wrt (based on BusyBox). I have a Netgear WNDR3700v2 router, and it does have BusyBox installed on it, but I don't know if the dd-wrt build is a micro build or not. How can I find this out, or how can I find out if my router supports firewall logging or not? Currently, if I enable all firewall logging (setting everything to "Enabled" and/or "High" gives me back blank firewall logs - but syslogd is working because I can view other system log messages).

    Read the article

  • What ports do I allow over my internal firewall interface?

    - by blsub6
    I have a Cisco ASA that I have VPN tunnels to connect my internal Windows network. I ran into some trouble logging into my domain so I unblocked all the ports on that internal interface. On a previous question posted here, the general consensus was that I should be blocking ports on my inside interface but my question is: what ports should I unblock? I've tried unblocking ports 88, 139, 135, 389, and 445 and Windows logins still give me problems. Is there some MS documentation somewhere that tells me what I need to unblock to allow Windows logins and other things?

    Read the article

  • Would there be any problems with DEP turned off?

    - by IneedHelp
    I recently moved to a fresh Windows 8 x64 system and I learned that my favourite firewall (JPF - Jetico Personal Firewall) doesn't get along with Win8x64 (CRITICAL_STRUCTURE_CORRUPTION errors), but I can not do without JPF, so I kind of tried everything I could think of (test mode, debugging, various system changes), but I was still getting blue screens because of the firewall driver/software. I know for sure that it is the firewall that is causing the problems because I get blue screens as soon as I install it and they stop when I uninstall it. I Also tested it thoroughly on virtual computers. Anyway, I have discovered that by completely turning DEP off by using this command: bcdedit.exe /set {current} nx AlwaysOff the firewall would not cause blue screens anymore. So my question is, what could go wrong with DEP completely turned off? Note: I do not care much about hardware/windows security, I keep myself secured by using sandboxes and virtual computers (and I also have backups), so I'm not concerned with viruses and root kits or whatever people are freaking out about.

    Read the article

  • How to block internet access for wine applications?

    - by YSN
    Hello! Is it possible to prevent specific wine applications or any wine application from accessing the internet? When using certain apps under Windows, they were trying to access the internet from time to time without any obvious reason. I was able to prevent that behaviour with a personal firewall back then. Unfortunately I did not find an application level firewall in Ubuntu up to now. This is especially annoying when I am abroad using data-roaming with my 3G modem. Is there a way to prevent my wine-apps sending or receiving data without my knowledge. Thanks in advance! YSN

    Read the article

  • How to deploy an application with firewall permissions on Mac?

    - by user264878
    I've bundled a jar file as a mac application using jar bundler. I'm now trying to create an installer for this app so that: 1) The application will be placed in the applications folder 2) The application is added to the list of permissible apps in Mac Application Level Firewall Also, I have several example files I would like to include with this application - what is the best way to make these available to the user. Someone suggested I have the mpkg file launch a dmg file which would contain these files, but this seems circuitous. Thanks

    Read the article

  • Firewall error when running Pando Media Booster (for League of Legends) in wine

    - by Matt2
    When I'm downloading League of Legends using Pando Media Booster in wine, I get an error when starting it: Connection Error Your system is currently not allowing access to our servers. Check your Firewall and/or security software sttings to allow PMB.exe to run. Reluctantly, I disabled ufw, but to no avail. The terminal displays the following multiple times: fixme:msvcp90:_Locinfo__Locinfo_ctor_cat_cstr (0x33fcf8 1 C) semi-stub fixme:dbghelp:EnumerateLoadedModulesW64 If this happens, bump the number in mod fixme:wininet:InternetAttemptConnect Stub fixme:oleacc:CreateStdAccessibleObject 0x4f00bc -4 {618736e0-3c3d-11cf-810c-00aa00389b71} 0xc252d18 fixme:oleacc:CreateStdAccessibleObject 0x3700c0 -4 {618736e0-3c3d-11cf-810c-00aa00389b71} 0xc252958 fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:uxtheme:BeginBufferedPaint Stub (0x1c28 0xcde880 0 (nil) 0xc2f6fe8) fixme:uxtheme:EndBufferedPaint Stub ((nil) 1) fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:uxtheme:EndBufferedPaint Stub ((nil) 1) fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:InternetAttemptConnect Stub fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:InternetAttemptConnect Stub fixme:wininet:InternetAttemptConnect Stub fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:advapi:RegisterEventSourceW ((null),L"BugSplat"): stub fixme:advapi:ReportEventW (0xcafe4242,0x0001,0x0000,0x00000001,(nil),0x0003,0x00000000,0x33f224,(nil)): stub err:eventlog:ReportEventW L"Pando_Win" err:eventlog:ReportEventW L"Pando" err:eventlog:ReportEventW L"-1" fixme:advapi:DeregisterEventSource (0xcafe4242) stub fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:wininet:CommitUrlCacheEntryInternal entry already in cache - don't know what to do! fixme:advapi:RegisterEventSourceW ((null),L"BugSplat"): stub fixme:advapi:ReportEventW (0xcafe4242,0x0001,0x0000,0x00000001,(nil),0x0003,0x00000000,0x33f224,(nil)): stub err:eventlog:ReportEventW L"Pando_Win" err:eventlog:ReportEventW L"Pando" err:eventlog:ReportEventW L"-1" fixme:advapi:DeregisterEventSource (0xcafe4242) stub Any idea what's going on here? Is there a better place to put this question?

    Read the article

  • How to transition to Comcast with static IP address

    - by steveha
    I have my own email server in my house, on a static IP address. I have had business DSL for over a decade, but I also now have Comcast business Internet. I want to transition from the DSL to the Comcast, and I have some questions. I have a domain name, my own mail server, and a firewall (a PC with two network interfaces, running Devil-Linux). I need to make sure I understand how to set up the Comcast cable box, and how to set up my firewall. First, do I need to change any settings in the cable box? Currently I have only used the cable box by plugging in a laptop, with the laptop doing DHCP. I think I can leave the box alone but I would like to make sure. Second, I'm not sure I understand the instructions Comcast gave me for setting up the firewall. My DSL provider gave me the following information: static IP address, net mask, gateway, and two DNS servers. Comcast gave me: static IP address, routable static IP address, net mask, and two DNS servers, and told me to put the "static IP address" as the "gateway" on the firewall. Is this just Comcast-speak here? Does "routable static IP address" mean the same thing as "static IP address" in my DSL setup, the end-point address that I should publish in the DNS MX records for my email server? Or should I publish the "static IP address", and Comcast will then route all its traffic over the cable box? My plan is: first, I'm going to configure another firewall, so I have one firewall for the DSL and one for the Comcast (rather than madly editing settings to switch back and forth). Then I will publish the new Comcast static IP address as a backup email server address in the DNS MX records, wait a while to let it propagate, and then switch my home over from the DSL to the Comcast. Then I'll change DNS to make that the primary mail address and the DSL the secondary, let that go a while and make sure it seems reliable. Then I'll remove the DSL from the DNS MX records completely, and finally shut down the DSL service. (I thought about keeping the DSL as a backup, but the reason I'm leaving DSL is that it has become unreliable; and I have heard that Comcast business Internet is reliable.) Final question, any advice for me? Anything you think might be useful, helpful, or educational. Thanks.

    Read the article

  • Trouble using remote desktop when connected via Cisco VPN

    - by Kyle B.
    I just setup my Cisco VPN and everything appears to be working fine. I opened the 'remote desktop' application and am unable to connect to my work desktop machine. When I disable Windows Firewall, I am able to connect, but not when Firewall is enabled. Is there a specific settings inside Windows 7 Firewall that should I be enabling or disabling for this to work without having to shut down the entire system? I can post this in superuser.com instead if you feel it belongs there, but posted here due to it being related to VPN and Firewall. Thanks, Kyle

    Read the article

  • How to transition to Comcast with static IP address [migrated]

    - by steveha
    I have my own email server in my house, on a static IP address. I have had business DSL for over a decade, but I also now have Comcast business Internet. I want to transition from the DSL to the Comcast, and I have some questions. I have a domain name, my own mail server, and a firewall (a PC with two network interfaces, running Devil-Linux). I need to make sure I understand how to set up the Comcast cable box, and how to set up my firewall. First, do I need to change any settings in the cable box? Currently I have only used the cable box by plugging in a laptop, with the laptop doing DHCP. I think I can leave the box alone but I would like to make sure. Second, I'm not sure I understand the instructions Comcast gave me for setting up the firewall. My DSL provider gave me the following information: static IP address, net mask, gateway, and two DNS servers. Comcast gave me: static IP address, routable static IP address, net mask, and two DNS servers, and told me to put the "static IP address" as the "gateway" on the firewall. Is this just Comcast-speak here? Does "routable static IP address" mean the same thing as "static IP address" in my DSL setup, the end-point address that I should publish in the DNS MX records for my email server? Or should I publish the "static IP address", and Comcast will then route all its traffic over the cable box? My plan is: first, I'm going to configure another firewall, so I have one firewall for the DSL and one for the Comcast (rather than madly editing settings to switch back and forth). Then I will publish the new Comcast static IP address as a backup email server address in the DNS MX records, wait a while to let it propagate, and then switch my home over from the DSL to the Comcast. Then I'll change DNS to make that the primary mail address and the DSL the secondary, let that go a while and make sure it seems reliable. Then I'll remove the DSL from the DNS MX records completely, and finally shut down the DSL service. (I thought about keeping the DSL as a backup, but the reason I'm leaving DSL is that it has become unreliable; and I have heard that Comcast business Internet is reliable.) Final question, any advice for me? Anything you think might be useful, helpful, or educational. Thanks.

    Read the article

  • Watchguard firebox: public IP addresses behind firewall with as much usable IP addresses as possible

    - by martinezpt
    Our ISP assigned us 16 public IP addresses that we want to assign to hosts behind a Watchguard firebox x750e. The IP addresses are: x.x.x.176/28 of which x.x.x.177 is the gateway. The hosts will be running software that needs to be directly assigned the public IP address so 1:1 NAT is not an option. I found this document that gives examples on how to assign public IP addresses to hosts behind the firewall, using an optional interface: http://www.watchguard.com/help/configuration-examples/public_IP_behind_XTM_configuration_example_(en-US).pdf However, I can't implement scenario 1 as it won't allow me to use the same subnet on both interfaces. As for scenario 2, splitting the address range into 2 subnets will decrease the usable hosts on the optional interface to 5 (8 - network - broadcast - optional interface ip). I'm convinced that there must be a better way to address this problem and maximize the number of usable IP addresses but I'm not very familiar with this specific firewall. Are there any suggestions on how to keep the hosts behind the firewall with public IP addresses while maximizing the usable IP addresses? thanks

    Read the article

  • Block web browsing by older browsers

    - by Eamon
    Given the vulnerabilities in older versions of IE, I want to enforce a rule that only the latest IE or Firefox is used to browse the web. I can't ensure that everyone's PC is up to date, so is there a firewall that will let me write a rule to restrict the version of the browser that can make requests through the firewall? Our current firewall is from Watchguard

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >