Access outside the firewall APEX

Similar Questions

• located outside the firewall Web server

  Excuse me guys, I didn't know where to ask this question.

  I was a form that would send an email when you click on send,.

  but this requires a SMTP on your webserver right

  I had a quick conversation with this Department and I was told that I could not at present

  because the web server has no SMTP because it was outside the firewall.

  We have a mail server to the INSIDE of the firewall (I don't know a lot of combat and firewall servers)

  but since it is inside and the web server on the side of ther of the firewall could not get to the mail server and so he could not send emails.

  They say that it is possible to open an smtp on the web server, but that he would make us vulnerable to spam or virus attacks, and we would be blocked.

  which is something we don't really want to, last time that's happened that it costs a lot of money to repair.

  I ask you, you know for sure

  how we could send this form emails to a specific e-mail (it would also be a specific e-mail title as is the same as always, it's a form)

  I was thought mybe that SMTP can be assigned to only send emails with this title and those specified e-mails.

  or is there a way that form could access the mailservber we have inside the firewall to send emails?

  Or is there a way to protect computers against sending spam / virus.

  Because the firewall filter information from the smtp Protocol, if we go around to the firewall with it.

  IM really lost in all of this, but I'm looking for solutions

  IM reading right now o webbout firewalls, but if someone is experienced with this kind of stuff

  Please share some light

  Thanks to you all!

  Only 2 ways that you can solve this problem.

  1. set up something like recaptcha ( http://www.google.com/recaptcha ) and say that the it Department you take reasonable measures to ensure the spam is reduced to the minimum.  And talk about them, there are things such as the anti-spam filters hardware like these of Barracuda ( http://www.barracudanetworks.com/ns/products/spam_overview.php ), which can also be used to reduce the spam in addition to the anti-spam software filters, which can also be installed.  If they have these in place already and are still worried, tell them they are being paranoid.

  2. do not send forms to an e-mail address.  Send to an administration Web page.  This would require setting up an administrative area and a database store applications and, yet, some measures of basic security for the appropriate data types are entered, and then you can respond through this type of system.

  Personally, I would recommend method 1.  There is no reason at this time, why there no moderate protection against spam and viruses.

• View and redirect USB - Office at initialization outside the firewall

  I've been painting these forums looking for a solution to this problem.  I can connect to my Windows 7 Professional VM without problems via the secure SSL protocol, but after login on the USB tab at the top, it says "initialization of the office."

  Now I have seen and read a lot of posts here, and I am sure that this has something to do with my router/firewall physics.  I put a Client computer on the same local network (inside the firewall) and it loads and works very well, complete with USB Redirection so I know that the actual configuration is fine.  However, when I do the same thing from a computer outside my firewall, it gets stuck.

  After reading the other posts here, I forwarded your port 32111 to my server from view, and that did not solve the problem.  I even went as far as to put the server on DMZ and always the same result.

  So to summarize-, it works very well from a computer on the same local network, but when coming out from the local network, it does not.

  Ports, go to the server to display:

  80, 443, 4172, 32111.

  Could really use a few suggestions here.

  OK, so it seems that your environment from view behind a NAT. Tunneling is probably necessary here (see http://pubs.vmware.com/view-50/topic/com.vmware.view.installation.doc/GUID-0FC59EB4-45DA-4B3C-A611-F6B5597E9F0C.html), you must make sure it is on, then make sure your connection to the server can also obtain the MV Office on port TCP 32111.

• The accessibility of the Web APEX is consistent?

  I am referring to the Web Content Guidelines of the accessory (http://www.w3.org/TR/WCAG20/).
  
  For most of the projects of governance, the requirement is that any application is supported - the accessibility of the web. This means, it doesn't have to be unencumbered, but that of alternatives not indicated if any user has some disadvantage (disability or some options turned off, etc.) and cannot use a special function.
  
  I would like to know if anyone has experience with the type of action must be taken to ensure that an ApEX application is «supported web accessibility» Y at - there no official statement on this subject and the Apex Oracle?
  
  I have my doubts about the use of
  * Icons = > may depend on the theme, but is always a text alternative for the included icons?
  * JavaScript = > APEX Will still work if JavaScript is disabled?
  * Cookies = > I think apex may work with sessions of the url instead of using cookies. Has anyone ever tried?
  * ...?
  
  _ applications based on the overview of the requirements of the W3C for browser
  
  Noticeable
  
  -Provide non-text content text alternatives.
  -Provide captions and alternatives for audio and video content.
  -Make content adaptable; and make it available to assistive technologies.
  
  -Use sufficient contrast to make things easy to see and hear.
  
  Operable
  
  -Make all the keyboard of accessible features.
  -Give users enough time to read and use content.
  -Do not use the content, causing convulsions.
  -Help users navigate and find content.
  
  Understandable
  
  -Make the text readable and understandable.
  -Make content appear and operate predictably.
  -Help users avoid and correct mistakes.
  
  Robust
  -Maximize compatibility with current and future technologies.
  
  Published by: W. Sven on September 11, 2009 11:54

  Sven,

  I did some 508 complaint with APEX development in the past, and it is really very easy.

  The mechanism of the apex model makes it easy to make your 508 compliant applications. The only thing to keep in mind when creating applications is that less is more; You may need are reluctant to use jQuery or other frameworks based on JavaScript, because they usually give screen readers a moment difficult.

  The directives that you posted are a good start. There are also a lot of information available online, more precisely at http://www.section508.gov/

  Another thing - we were able to get a couple of disclaimers with some of the more complex pages that we have built, as they were not for all users, but only for a select few users admin.

  I hope this helps!

  -Scott-

  http://spendolini.blogspot.com
  http://sumnertech.com

• Cisco router access outside the local network interface

  Hi all!

  I have Cisco router 892 (c890-universalk9 - mz.154 - 3.M4.bin) with firewall area and based on routing strategies.

  Everything works fine, but now I need to have the ability to access external router interface IP LAN addresses.

  For example, I PAT 192.168.4.1 port 8443 to the outside interface IP (93.93.93.2 for example) and I need to check LAN 93.93.93.2:8443.

  ! PAT:

  IP nat inside source static tcp 192.168.4.1 8443 93.93.93.1 - extensible 8443 SDM_RMAP_1 road map

  ! DynNat to the internet:

  IP nat inside source overload map route SDM_RMAP_1 interface GigabitEthernet0

  ! Routing policy

  SDM_RMAP_1 allowed 10 route map
  corresponds to the IP 101
  match interface GigabitEthernet0

  ! ACL 101 for routing policy

  access-list 101 deny ip 192.168.3.0 0.0.0.255 192.168.111.0 0.0.0.255
  access-list 101 deny ip 192.168.3.0 0.0.0.255 172.16.192.0 0.0.0.255
  access-list 101 deny ip 192.168.3.0 0.0.0.255 172.16.177.0 0.0.0.255
  access-list 101 deny ip 192.168.3.0 0.0.0.255 172.16.61.0 0.0.0.255
  access-list 101 deny ip 192.168.3.0 0.0.0.255 172.17.19.0 0.0.0.255
  access-list 101 deny ip 192.168.4.0 0.0.0.255 192.168.111.0 0.0.0.255
  access-list 101 deny ip 192.168.3.0 0.0.0.255 host 172.16.194.100
  access-list 101 deny ip 192.168.3.0 0.0.0.255 10.0.0.0 0.255.255.255
  access-list 101 deny ip 192.168.4.0 0.0.0.255 10.0.0.0 0.255.255.255
  access-list 101 deny ip 192.168.4.0 0.0.0.255 host 172.31.255.1
  access-list 101 deny ip 192.168.4.0 0.0.0.255 host 172.16.194.100
  access-list 101 permit ip 192.168.3.0 0.0.0.255 any
  access-list 101 permit ip 192.168.4.0 0.0.0.255 any

  ! ACL on the external interface:

  plug-in software component gi0 extended IP access list
  allow an ip
  allow icmp a whole

  ! External interface

  interface GigabitEthernet0
  Description $ETH - WAN$
  IP 93.93.93.1 255.255.255.240
  IP access-group gi0-in in
  NAT outside IP
  IP virtual-reassembly in
  EXTENT of the Member's area network security
  IP tcp adjust-mss 1452
  automatic duplex
  automatic speed
  card crypto SDM_CMAP_2

  ! Inside DMZ interface vlan:

  interface Vlan4
  IP 192.168.4.254 255.255.255.0
  IP nat inside
  IP virtual-reassembly in
  security of the members of the DMZ
  IP tcp adjust-mss 1452

  ! Allow outbound traffic to DMZ to Internet:

  Allow_All_ACL-DMZ extended IP access list
  allow an esp
  permit tcp host 192.168.4.1 host 192.168.111.2 eq 1521
  refuse the 192.168.4.0 ip 0.0.0.255 192.168.111.0 0.0.0.255
  refuse the 192.168.4.0 ip 0.0.0.255 172.17.19.0 0.0.0.255
  allow icmp 192.168.4.0 0.0.0.255 any
  ip licensing 192.168.4.0 0.0.0.255 any

  ! Allow incoming traffic from the Internet to DMZ:

  WAN_DMZ_ACL extended IP access list
  allow tcp any a Workbench
  permit tcp any any eq ftp
  permit tcp any any eq 990
  permit tcp everything any 51000 53000 Beach
  permit tcp any any eq 995
  permit tcp any any eq 465
  permit tcp any any eq www
  permit any any eq 443 tcp
  allow icmp a whole
  allow an esp
  permit any any eq non500-isakmp udp
  host ip 212.98.162.139 permit 192.168.4.0 0.0.0.255
  IP 81.30.80.0 allow 0.0.0.255 any
  IP 192.168.111.0 allow 0.0.0.255 192.168.4.0 0.0.0.255
  IP 172.17.19.0 allow 0.0.0.255 192.168.4.0 0.0.0.255
  host ip 172.16.194.100 permit 192.168.4.0 0.0.0.255
  host ip 172.31.255.1 permit 192.168.4.0 0.0.0.255
  permit ip host 172.31.255.1 172.17.193.100
  refuse an entire ip

  ! Focus on the area of firewall:

  type of class-card inspect entire game DMZ_WAN_CLASS
  match the group-access name DMZ Allow_All_ACL

  type of class-card inspect entire game WAN_DMZ_CLASS
  match the name of group-access WAN_DMZ_ACL

  type of policy-card inspect DMZ_WAN_POLICY
  class type inspect DMZ_WAN_CLASS
  inspect
  class class by default
  drop

  type of policy-card inspect WAN_DMZ_POLICY
  class type inspect WAN_DMZ_CLASS
  inspect
  class class by default
  drop

  the DMZ security

  
  area WAN security

  Security WAN_DMZ of the pair area source destination WAN DMZ
  type of service-strategy inspect WAN_DMZ_POLICY
  destination of DMZ_WAN source DMZ area pair WAN security
  type of service-strategy inspect DMZ_WAN_POLICY

  Maybe someone can help me to make Cisco to allow ports outside LAN using a NAT?

  I did this on Mikrotik easily = |

  It is due to the fact that they do not allow "hair pinning" by default, once this is configured, it will work.

  Martin

• nested ESXi vHost, networking, the nested virtual machines cannot access outside the world.

  
  My Datacenter configured as follows:

  1. physical switch connected to 3 physical server.

  vCenter Server IP: 192.168.10.10

  two physical hosts ESXi: IP: 192.168.10.11/12.

  2. my laptop connected to the physical network, IP: 192.168,10.100.

  3. my two physical hosts configured with a Standard vSwitcher0, VMNIC0, portgroup MYLAN uplink vLan ID = 162, vmk0 vLan ID = 162.

  4. I created two nested ESXi vHost on the two physical host, assigned 192.168.10,101/102 IP, gateway 192.168.10.1

  5 standard vSwitch0 on two vHost, only NETWORK VM portgroup with ID vLan by default = 0.

  6. I have create computer virtual the virtual server nested and assigned to the VM using VM NETWORK, also assigned the IP address: 192.168.10.201, gateway 192.168.10.1

  But my VM, I cannot ping 192.168.10.1, also I can not ping the virtual machine (x.x.x.201) from my laptop.

  I can ping my vHost nested two of my laptop, can also connect to the console of the virtual computer through my vHost nest.

  my virtual world, my network is configured as it IS (external swith marking).

  my world physical host, my network is configured as a VST (virtual switch tagging).

  My Setup must in principle be correct, but it does not work.

  I am a newcomer to the world of VMWare nested.   I'm appreciated for any suggestions and help.

  The vSwitch on the physical host must be configured to allow the promiscuous mode and forged passes.

• Placing the VCS-E Starter Pack outside a firewall

  I have what I want, it's a quick question. My client has not bought the DNI option for their VCS Starter Pack. So that means I have to assign a public IP address. In addition, the way that their firewall is set up I have to consider putting the VCS outside the firewall. Therefore, in the wild as they say. I read solutions where the VCS-E (and I guess the Starter Pack follows suit) is essentially a safety device.

  I wonder if people have done this before and if anyone had any ideas on how secure (or insecure) prospective configuration is?

  -Bill

  Hi William!

  Nice to see you here again, how are you?

  I wouldn't recommend that. In addition, either get the DNI put it in a DMZ with a private ip address

  or simply in a DMZ with a public ip address, which works very well also.

  Even if you so not a real DMZ as long as you have access to the router, you might

  being able only allow traffic to the ports required by an access list.

  In particular, management should be blocked here, there may still be bugs in the different

  components (such as the ssh server, web-server,...) or the password is hacked,...

  then why keep it open to the public.

  This is a list of open ports on a starter by default quite Pack vcs:

  tcp        0      0 192.168.1.100:5060     0.0.0.0:*               LISTEN      4863/app
  tcp        0      0 192.168.1.100:5061     0.0.0.0:*               LISTEN      4863/app
  tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      6140/httpd
  tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      4180/epmd
  tcp        0      0 0.0.0.0:4372            0.0.0.0:*               LISTEN      4134/beam.smp
  tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      3610/sshd
  tcp        0      0 192.168.1.100:2776     0.0.0.0:*               LISTEN      4863/app
  tcp        0      0 192.168.1.100:1720     0.0.0.0:*               LISTEN      4863/app
  tcp        0      0 192.168.1.100:2777     0.0.0.0:*               LISTEN      4863/app
  tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      6140/httpd
  udp        0      0 192.168.1.100:123      0.0.0.0:*                           5395/ntpd
  udp        0      0 0.0.0.0:123             0.0.0.0:*                           5395/ntpd
  udp        0      0 0.0.0.0:161             0.0.0.0:*                           3629/snmpd
  udp        0      0 0.0.0.0:4371            0.0.0.0:*                           4134/beam.smp
  udp        0      0 192.168.1.100:500      0.0.0.0:*                           3636/racoon
  udp        0      0 192.168.1.100:5060     0.0.0.0:*                           4863/app
  udp        0      0 192.168.1.100:1719     0.0.0.0:*                           4863/app
  udp        0      0 192.168.1.100:2776     0.0.0.0:*                           4863/app
  udp        0      0 192.168.1.100:2777     0.0.0.0:*                           4863/app
  udp        0      0 192.168.1.100:3478     0.0.0.0:*                           4863/app
  

  I wonder why we a VCS nonclustered needs some of these listening services on the ethernet interface (beam, empd, racon,...), but yes, this is one more reason why I don't keep without a firewall :-)

  A way of conscience highly not taken in charge and not reboot and upgrade can also be

  Connect to the zone as root and use the iptables linux unerlaying to allow the necessary

  and block off everything else. (iptables is a firewall tool for most versions of linux)

  You will find a lot of resources on internet, it was just a first success through google:

  http://edgis-security.org/operating-system-and-software/iptables-tutorial-series-01-Introduction/

  Guess something more userfirendly come in X7.2, Andreas post it here:

  https://supportforums.Cisco.com/message/3653700#3653700

  Another thing worth noting is that for the upcoming X7.2 release for the  VCS, we are looking at including a basic built-in firewall on the VCS  itself which could also be used to only permit access to certain  services from certain hosts or subnets. It is however not currently  certain whether or not this feature will actually make it into X7.2, so  you will just have to wait and see.

  But even in this case I recommend to use a firewall, right from the start.

  Martin

• block access to the local asa firewall vpn accounts

  I'm looking for the local accounts on the firewall and would like to make sure that users who have local accounts for vpn do not have for the firewall itself through asdm, telnet, ssh to the management.

  Is the only aaa on the firewall command

  the ssh LOCAL console AAA authentication

  With this command, if I change the local account setting to 'NO ASDM, SSH, Telnet or access Console' (see attached screenshot) will that still allow users to vpn in and access the network because they have to take off but any what potential access to the firewall?

  Thank you

  Hello

  Yes, if you select the option "No., ASDM, SSH, TELNET or Console access" allows to block only the admin access to the firewall. Here's the equivalent CLI for this option:

  myASA(config-username) # type of service?

  the user mode options/controls:
  Admin user is authorized to access the configuration prompt.
  NAS-prompt user is allowed access to the exec prompt.
  remote user has access to the network.

  If you use this option you will be on the third option in the above list that is remote access. Users will have the option of VPN in but no admin (asdm, ssh, telnet or console)

  Thank you

  Waris Hussain.

• WVC210 DYDNS AND PROBLEMS WITH ACCESS TO THE WEB

  I have 2 Configuration for WVC210 cameras on dydns of deleted I can't see them on the web. I can access via the local network using the ip address and port or the dyndns name and port. The router has listed as a virtual server and I even put one of them is like DNZ (outside the firewall of the router), the port check tools show a port opened from a remote location. And I can ping. But I can't connect to the camera. Also, I was able to view a WVC54GCA camera with the same configuration. Any ideas?

  I can get both of these cameras no problem... just not able to connect but the login box comes right to the top as soon as I hit him enter after you put the URL...

• CANNOT BE RESET, TURN ON THE FIREWALL

  I have a HP Pavilion dv7 notebook with Windows 7 64 bit.  Last week after I was attacked by a virus called Win 7 I installed a Super Anti Spyware Free Edition virus removal program.  The problem disappeared, but even that my ability to access to the firewall. I tried a few different options on the Microsoft site as try to find it in the services menu, it wasn't there.  I tried to save a sequence of repair in Notepad, and then as administrator of the desktop that does not work either.  An error code is displayed every time that I try to reset the firewall. Error - 0 x 80070424

  Now I have to keep jumping around various user accounts on the computer because the same virus/malware keeps trying to pop up.  He keeps trying to make me buy the full version, even if it seems to be nothing wrong with the computer according to other programs.  I Googled it and it's a scam to make you pay for something, you don't need.

  I need help... I am vulnerable here!

  Hello

  Considering this looks like quite a bad infection and you already have what looks like a degree of corruption in the operating system, I would simply reset the laptop to factory Conditions - this will perform a quick format on your hard drive at the beginning of the process to effectively remove all malware.

  The whole process is detailed in the document at the link below.

  http://support.HP.com/us-en/document/c01895783

  Once this process is complete, a good (and free) antivirus solution is offered by Microsoft and is available for download at the following link.

  http://Windows.Microsoft.com/en-us/Windows/products/security-essentials

  Kind regards

  DP - K

• Is there a firewall means a single VM away from the Internet while still giving access to the LAN?

  I'm trying to find a way, if possible, to partition a simple VM away from the WAN (Internet) while allowing access to a subnet of the class-C using VMWare Workstation and outside the computer virtual guest himself?

  Install a 2nd NETWORK card is not my preferred option.  Home & comments are windows.

  I am currently configuring the MS Loopback map with the host firewall rules, but can't seem to figure out the trick to get this installation work.

  If anyone has any suggestions?

  Thanks in advance...

  If you have administrator access to the router that provides your connection to the Internet, you could give a fixed IP address to the virtual machine and set a rule of access on the router to only allow access to IP addresses on the local subnet.

• Duration of the apex - can we have access to the "Public Services" link Avaialbe in IDE

  Currently using Apex 3.2-11 GR 2

  The Production Server has only "Apex RUNTIME". All developer access is not allowed.

  But the requirement is a Manager to open a session in the IDE of the Apex and click "Utilities" and click reports Apex in the only case of "Apex runtime" on production. This is necessary for the Manager to see and monitor due to security requirements.

  The "Utilities" option is available during the installation of the apex is "runtime" only mode? Whatever it is dynamically switchable to a specific user connection to allow them to access these reports of object? Other suggestions on how these reports are available directly outside the Apex would also help.

  Thank you!

  citing the book Oracle Application Express 3.2

  When the APEX is first installed, we can choose whether to install the APEX or APEX Runtime Environment complete development environment. This can be changed later by running the SQL scripts provided with the installation of the APEX. We can convert from a development environment complete APEX for an APEX runtime environment by running script SQL apxdevrm.sql that helps the user SYS with SYSDBA role. We can also convert a runtime environment to a full development environment by running SQL apxdvins.sqlscript. Conversion of the environment leave our unchanged applications, and they can be run using the same exact URL.

  Thank you

  Tony Miller

  Software LuvMuffin

• cannot access the internet through firefox, IE is ok, checked the firewall settings and network

  Have used firefox for ages w / no problem - this morning, firefox will not have internet access - modem and the router are fine, inernet explore what access very well. Firefox is configured to use the system, not considered proxy settings 'no proxy', has not worked, checked windows and Mcaffey firewalls, not found something that should be blocked. Have restarted/rebooted everything

  This has happened

  Each time Firefox opened

  This moringing - last successfully used there - 3: 00 children asks that they "did nothing...". »

  User Agent

  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152 .NET CLR 3.5.30729)

  They did something with firefox 3.6.8, which upsets the McAffee Firewall currently. Since the upgrade, I get the firewall Alerts pop ups. If you click on the block (which could have your children), then Firefox will be blocked completely.

  If you dig in the McAffee Firewall tools-> program authorities, you will likely find that Firefox listed as "blocked."

  On my machine, the entry is for 'Free' only and I now get alerts. I think they will disappear if I switch it to "Full". But I'm reluctant to do this, why a browser should accept incoming connections, why this change has been made and what benefit is it for us as users?

• Tengo problemas con mi equipo no me already access mi red inalámbrica me pide activate the firewall of windows comohago by activarla

  Tengo problemas con mi equipo no me already access mi red inalámbrica me pide activate the firewall of windows comohago by activarla

  Hello

  Sorry, this forum is in English only.

  Please select the language icon at the bottom of this page English and select your native language from the popup list to view the forums in the language of your choice.

  If you can't find the language of your choice, support for international sites additional options can be found by clicking on the following link:

  http://support.Microsoft.com/common/international.aspx

  Concerning

• We get an error "NETWORK CONNECTION ERROR, make sure a firewall is not blocking access to the printer.

  * Original title: printer error...

  I was printing with a printer wireless for months and now all of a sudden I'm getting an error, NETWORK CONNECTION ERROR and then readings make sure that a firewall is not blocking access to the printer.   I checked and it is not blocked...  I did a session of disorder and it reads no problems found.   Can someone please...

  Hello

  1. what version of Windows is installed on the computer?

  2. What is the brand and model of the printer?

  3. you have any non-Microsoft firewall installed on the computer?

  4. what security software is installed on the computer?

  5 have have there been recent changes made on the computer before the show?

  Please follow the steps below and check if that helps.

  Method 1: Run troubleshooting network printer and check.

  http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-network-printer-problems

  Method 2: Select the file and printer sharing

  http://Windows.Microsoft.com/en-us/Windows-Vista/enable-file-and-printer-sharing

  Method 3: I suggest to change firewall security settings, or disable the security software on the system and try to access the printer.

  Note: make sure that you enable the antivirus software, other security and firewall after the test programs.

  For more information, see the articles and check out them.

  Understanding Windows Firewall settings

  http://Windows.Microsoft.com/en-us/Windows-Vista/Understanding-Windows-Firewall-settings

  Enable or disable Windows Firewall

  http://Windows.Microsoft.com/en-us/Windows-Vista/turn-Windows-Firewall-on-or-off

  Allow a program to communicate through Windows Firewall

  http://Windows.Microsoft.com/en-us/Windows-Vista/allow-a-program-to-communicate-through-Windows-Firewall

  Let us know if it helps!