To conform to the configuration script config-firewall-access hardening
We try to work on the hardening of ESXi 5 setting ID config-firewall-access. With the Client vSphere, VMware hardening guide says "for each permit to serve (for example ssh, vSphere Web Access, http client), select 'Firewall', select 'Allow only connections from the networks' and offer a range of allowed IP addresses.". Naturally, we want to this script, but I am new to PowerCLI scripting so not okay. Anyone could lead to a code to conform to this setting?
There is a link to the guide at http://communities.VMware.com/docs/doc-19056 .
Welcome to the VMware VMTN communities!
The following script PowerCLI will select "Allow only connections from networks" and set the range of IP addresses allowed to 192.168.0.0/24 and will be also defined the permit IP address 192.168.1.2 to all permit services on all hosts in your environment.
$spec = New-Object VMware.Vim.HostFirewallRulesetRulesetSpec
$spec.allowedHosts = New-Object VMware.Vim.HostFirewallRulesetIpList
$spec.allowedHosts.ipAddress = New-Object System.String[] (1)
$spec.allowedHosts.ipAddress[0] = "192.168.1.2"
$spec.allowedHosts.ipNetwork = New-Object VMware.Vim.HostFirewallRulesetIpNetwork[] (1)
$spec.allowedHosts.ipNetwork[0] = New-Object VMware.Vim.HostFirewallRulesetIpNetwork
$spec.allowedHosts.ipNetwork[0].network = "192.168.0.0"
$spec.allowedHosts.ipNetwork[0].prefixLength = 24
$spec.allowedHosts.allIp = $false
$VMHost = Get-VMHost |
ForEach-Object {
if ($_)
{
$FirewallSystem = Get-View -Id $VMHost.ExtensionData.ConfigManager.Firewallsystem
$FirewallSystem.FirewallInfo.RuleSet |
Where-Object {$_.Enabled} |
ForEach-Object {
if ($_)
{
$FirewallSystem.UpdateRuleset($_.Key, $spec)
}
}
}
}
To generate the lines in the script that begin with $spec I used VMware project Onyx. It is a very simple tool that allows you to do something in the vSphere client and generate the code corresponding PowerCLI. Like a macro recorder. You can use Onyx to generate the HostFirewallRulesetRulesetSpec specific to your environment.
Best regards, Robert
Tags: VMware
Similar Questions
-
Windows Vista can not launch problem of checkers: try to re-launch your game. If the problem persists, it may be network with the server problems or a problem with the configuration of your firewall. Please check your firewall settings by visiting the Open Ports FAQ.
Original title: launch of the problems of checkers:
Hello
If you have not yet tried to disable the antivirus/firewall software, then try the following steps to disable them.
Disable the anti-virus software: http://windows.microsoft.com/en-US/windows-vista/Disable-antivirus-software
Enable or disable Windows Firewall: http://windows.microsoft.com/en-US/windows-vista/Turn-Windows-Firewall-on-or-off
IMPORTANT: Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you do not disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network during the time that your antivirus software is disabled, your computer is vulnerable to attacks
-
All,
I installed oracle bi application for 11.1.1.7.1 AIX 7.1 server. My process of BI applications configuration is to launch a mistake in the part configuration ODI. Detailed error is pasted below. I perform software only installation as with AIX, you must select Install only software for OBIEE and OLIVIER and configure BIAPPS later.
I saw two others archived son who discusses this error, and it seems that it is events expected for deployments of AIX error. And both of them say that it is ok to continue the Setup process and make this ODI configuration for later.
However, the instructions on how to do this from one of the thread is fragmentary or incomplete. If you guys have run into that, can you please guide on how you have been able to solve this problem? The location for 2 OTN discussion is stuck here as well.
Re: OLIVIER 11.1.1.7.1 install the mistake out to ODI configuration
Error:
configure_odi: problem invoking WLST - Traceback (innermost last):
configure_odi: file ' < userpath > / Oracle/Middleware/Oracle_BI1/bifoundation/install/configure_odi.py ", line 261, in?
configure_odi: file ' < userpath > / Oracle/Middleware/Oracle_BI1/bifoundation/install/configure_odi.py ", line 206, in _configureOdiDwIntegration
configure_odi: at sun.reflect.NativeConstructorAccessorImpl.newInstance0 (Native Method)
configure_odi: to sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:56)
configure_odi: to sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:39)
configure_odi: to java.lang.reflect.Constructor.newInstance(Constructor.java:527)
configure_odi:
configure_odi: java.lang.Exception: java.lang.Exception: update of the database of the DW_FILE server failed with return code: 1
configure_odi:
java.lang.Exception: java.lang.Exception: WLST Script task failed with status 1
at oracle.as.install.biapps.biappsconfig.standard.ODIConfigTask.doExecute(ODIConfigTask.java:65)
at oracle.as.install.bi.biconfig.standard.AbstractProvisioningTask.execute(AbstractProvisioningTask.java:70)
at oracle.as.install.bi.biconfig.standard.StandardProvisionTaskList.execute(StandardProvisionTaskList.java:66)
at oracle.as.install.bi.biconfig.BIConfigMain.doExecute(BIConfigMain.java:113)
at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:375)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:88)
at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:105)
at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:96)
at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:186)
at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:86)
at java.lang.Thread.run(Thread.java:738)
Caused by: java.lang.Exception: WLST Script task failed with status 1
at oracle.as.install.bi.biconfig.standard.WLSTScriptTask.doExecute(WLSTScriptTask.java:119)
at oracle.as.install.biapps.biappsconfig.standard.ODIConfigTask.doExecute(ODIConfigTask.java:62)
... 12 more
RP
So, that's what we were doing to solve this problem:
1 let the Configuration process continue with the error. All other tasks should complete successfully.
2. install the ODI studio on a client computer, WIndows/Linux.
3. manually the program installation/editing file server and data server technology tab.
RP
-
What is "Error of Privoxy" Privoxy (oooooobo) fatal error: could not check the configuration file ':(error number 2) Config.Txt.
I always get this message in a long horizontal area on my desk top once I restart and turn on my computer.
Thank you
"Privoxy" is a 3rd party is no program not part of Windows XP. You can go to
Panel-> Add/Remove programs
and remove this program. If you still think that you need this program, try reinstalling it on Sourceforge
<>http://sourceforge.NET/projects/ijbswa >HTH,
JW -
Script for the Configuration DVSwitch
Hello
Someone at - it a script for the information of VDS on the level of the host which nic is connected to what uplink?
Also to remove all Exchange created in the VDS switch for the host and then recreate the exchanges as they were after the connection to the host to a vCenter diff?
Also any script to copy the resource through VCenter pools?
Thank you
Suraj Rawat
The following script will export information of VDS for uplink, the port they are in and what Teddy is used by node ESXi.
$report = {foreach ($dvSw in Get-VDSwitch)
foreach ($esx in (Get-View-id $dvSw.ExtensionData.Summary.HostMember)) {}
$proxy = $esx.Config.Network.ProxySwitch | where {$_.} {DvsUuid - eq $dvSw.ExtensionData.Uuid}
$pnicTab = @ {}
$proxy. Spec.Backing.PnicSpec | %{
$pnicTab.Add ($_.) UplinkPortKey, $_. PnicDevice)
}
$proxy. UplinkPort |
Select @{N = "vdSwitch"; {E = {$dvSw.Name}}.
@{N = "$vmhost"; E = {$esx. Name}},
@{N = "vNIC"; E = {$pnicTab [$_]} Key]}},
@{N = "Uplink"; E={$_. Value}},
@{N = 'Port'; E={$_. Key}}
}
}
$report | Export Csv C:\dvSw-Uplink.csv - NoTypeInformation - UseCulture
-
Hello
Below for the output of my blade IBM HS22., are there any problems with the configuration of the path.
List of paths esxcli storage nmp
SAS.5005076b08b7aaa4 - sas.a9501097faba7a - naa.600508e0000000007abafa971050a900
The Runtime name: vmhba0:C1:T1:L0
Feature: naa.600508e0000000007abafa971050a900
Full device name: FREE Serial Attached SCSI (naa.600508e0000000007abafa971050a900) drive
Group status: Active
Table priority: 0
Storage Array Type Config path: ATAS VMW_SATP_LOCAL does not support the configuration of the path.
Path selection policy path Config: {current: Yes; favorite: Yes}FC.2fff0000c900009f:2ffd0000c900009f - fc.500507680100 b b 680 680:500507680130 - naa.60050768018105afc000000000000df0
The Runtime name: vmhba2:C0:T3:L2
Feature: naa.60050768018105afc000000000000df0
Full device name: disk of IBM Fibre Channel (naa.60050768018105afc000000000000df0)
Group status: Active
Table priority: 0
Storage Array Type Config path: ATAS VMW_SATP_SVC does not support the configuration of the path.
Path selection policy path Config: {current: Yes; favorite: Yes}Kind regards
Surya
Hi Surya,
No, it's not any problem with the configuration of your path.
It only means that this policy does not allow additional configuration.
I.e. with fixed NMP, you would be able to configure a preferred path allowing you to manually distribute the i/o load.
Your current configuration does not offer this option.
Kind regards
Ralf
-
Update the Configurator panels via the Script?
Can I update via script/jsx panels? I don't see no callback function to do so. If there is an option please point me in the right direction.
Thank you
Gregor
The content of the Panel cannot be updated programtically except for the content of the HTML widget. You can program in HTML with HTML/JavaScript widget to update the content and also can invoke to run Photoshop or InDesign ExtendScript. See "HTML sample Panel" that you can download on the home page when you open the Configurator 3.1.1.
Another option is to use the Extension Builder to program in ActionScript.
-
Error in the configuration of RMAN script for physical Standby creation
Version of database - Oracle Database 11g Enterprise Edition Release 11.2.0.1.0
I do creating waiting using physics 'RMAN duplicate script.
The standby db is in nomount State.
But when you connect to the primary database of standby DB to run the RMAN script on the backup server, I get the below error: -.
[oracle@manu ~] $ rman target sys/oracle@orcl auxiliary sys/oracle@ORCL_STBY path = duplicate.trc
Recovery Manager: release 11.2.0.1.0 - Production on Fri Jan 18 13:13:11 2013
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
RMAN-00571: ===========================================================
RMAN-00569: = ERROR MESSAGE STACK FOLLOWS =.
RMAN-00571: ===========================================================
RMAN-00554: initialization of the package manager internal collection failed
RMAN-04005: target database error:
ORA-01031: insufficient privileges
I checked a few password file is to say things as db and Eve tnsnames.ora and listener.ora primary in both primary and standby, everything seems perfect.
Can someone help me find the real problem?
All tips/ideas would be very appreciated
Published by: 918868 on January 18, 2013 12:25 AM
Published by: 918868 on January 18, 2013 12:27 AMHello;
I don't know I would use sqlplus to solve a problem of RMAN. At the end of the day, you still have to use RMAN to connect.
You can debug by taking:
rman target sys/oracle@orcl auxiliary sys/oracle@ORCL_STBY trace=duplicate.trcAnd then just try:
rman target sys/oracle@orclAssuming this works, you can refine the RMAN connection problem.
Connection string your RMAN:
rman target sys/oracle@orcl auxiliary sys/oracle@ORCL_STBY trace=duplicate.trcIs different from the ones I use:
rman target sys/password@PRIMARY auxiliary / OR rman target=sys/password@primary auxiliary=sys/password@standbyIn addition, you must have a static entry on the side of the day before, so you have something to connect to:
Example of
LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = )(PORT = 1521)) ) ) SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (global_dbname = STANDBY_DGMGRL.hostname) (ORACLE_HOME = /u01/app/oracle/product/11.2.0.2) (sid_name = STANDBY) ) (SID_DESC = (global_dbname = STANDBY.hostname) (ORACLE_HOME = /u01/app/oracle/product/11.2.0.2) (sid_name = STANDBY) )The listener must be restarted to see this entry.
The tnsnames.ora will also the entries for two databases as both sides need to connect.
Keys to success
1. new Eve started NOMOUNT on new password file. (So the watch is a current master password renames and then the database started in NOMOUNT use it)
2. hard coded listener on the new standby server.
3 fix the tnsnames.ora files.
4 fix the command duplicate.Best regards
mseberg
-
"Not able to write to the configuration file" when config editor in the admin tab
Hi guys,.
I have install OBIEE 10.3.3.4 on a GNU / linux RH (with OS user obiee) and Oracle Application Server 10.1.3.1 on the same box (with OS user oraias).
When I want to change some settings in the admin tab of BI publisher (administrator/administrator under the name of login/pass) and click "apply."
I get the error "could not write to the configuration file. Once I changed the configuration to 777 properties, the error is still there. And I also try to change the SECURITY MODEL to the MEO, but still no use.
I did a test, for example, when I change something in the admin - JDBC - Oracle BIEE and apply then I got the error. If I update xmlp/DataSource/datasources.xml manually, the change can be seen after that I opened the admin of page - JDBC - Oracle BIEE. That means I have find the right file and the file access properties is ok.
Other parameters such as the Scheduler Configuration, I had the same error when apply. But the "Test connection" and "Installation diagram" function.
Can someone give me some advice on this? Thank you
Scott
Published by: Typhoon on March 20, 2009 12:59 AMIn what way is your xmlp? You are absolutely sure that the user of the OAS (oraias) can write to this file? If you have used another user for OBIEE then your will need to change the owner of the file or put them in the same group, and change the file permissions.
-
I'm looking to install a way to backup the configuration of my C370. Currently, I know how to do it manually via the GUI. Is it possible to automate this process and it backs up through the CLI? I was searching through the CLI yesterday, but I couldn't find what would save the config on the command. I guess if I could find the command that I could set up a job through our Kiwi CatTools to do. I would like to know if anyone knows how to do this, or if you have found another way to do this effectively.
Thank you
Mike
Hi Mike,.
There are actually two ways to do this.
You can save the configuration of the CLI by using the saveconfig command. You can load a configuration file using the loadconfig command. I would like to run these commands first, just so that you can see the process. Basically, you can script something around these commands that could do the job.
We also have a section of Nice knowledge base that covers this topic as well. The approach is a little differnet but the results are the same.
How can I schedule or automate the backup of the file of configuration XML from my device? Where he lives? How to do a scheduled backup of the configuration of a Windows system file?
Environment:
-ESA with AsyncOS 6.x or later.
-A designated host for the introduction and the storage of backups.NOTES:
Familiarity with the BONES of script and forecasts of the tasks is necessary to understand and implement these tasks safely. Please understand that many of these concepts are beyond the scope of the IronPort customer support and these sample scripts are certainly not taken in charge. Although these steps have been successfully tested, this article is mainly for purposes of demonstration and illustration.
The configuration file dynamically generated during the use of the recording or email of the CLI or GUI configuration tools. To have an effective backup, it is best to "unmask" passwords, which allows you to place a ground form of passwords for local administrative accounts in the device configuration file. For this reason, we can not simply copy a flat file "running Setup" of the device. This method allows us to access the device first, issue a command to dynamically build the current configuration, and either save or mail a copy of this file somewhere remotely, without any intervention from the user. Once this is done, we can then repeat or schedule this task to occur on a regular basis.
Quickly and automatically save the configuration with the passwords exposed files:
(1) generate a SSH key pair to use. Verify that you can access your device via SSH without having to enter a password. Details on this operation is provided in article #283.
(2) create script to connect to the device, save the config and copy (or by mail). Two simple examples written in BASH:
Example #1: Saving the configuration to a specific host
#! / bin/bash
# This saves the config and then he copies locally via SCP in a directory called backup/config-ironport
HOSTNAME = test.com
USER name = admin
FILENAME = "ssh $USERNAME@$HOSTNAME "saveconfig Yes"|" grep xml | cut f 3 - d "" ' "
SCP $USERNAME@$HOSTNAME:./configuration/$FILENAME./ironport/config-backups /.Example #2: Emailing an email address configuration
#! / bin/bash
# This sends the config to MAILDEST
HOSTNAME = MX.test.com
USER name = admin
[email protected] / * /.
SSH $USERNAME@$HOSTNAME 'mailconfig $MAILDEST Yes.NOTE: this similar logic can be applied in any scripting language OS such as VB scripts or batch for Windows. These scripts are intended as examples only rudimentary.
(3) use cron or or scheduling tool to start work on a regular basis. Services like cron or Task Scheduler in Windows are easy tools that can be used to automate simple jobs like that. For example, the * NIX CRON configuration file follows this format:
minute (0-59), hour (0-23, 0 = midnight), day (1-31), month (1-12), day of the week (0-6, 0 = Sunday), command
So a good example to run this script every day at 02:00 would look like:
00 02 * /location/your_script.shOtherwise, here is another method to automate a backup of the configuration.
How to do a scheduled backup of the configuration of a Windows system file?
With the following procedure, you can save the configuration on a regular basis of a Windows system file.
1 install the emulator of terminal 'PuTTY' under C:\
2. create a text file with the following line and name it "send_config.txt" and place it under C:\ (Change of [email protected] / * / to the email address you want the configuration file must be sent to)
mailconfig [email protected] / * /.
3. create a text file with the following lines and name it "send_config_batch.bat" and place it under C:\
(Change the "hostname" for the host name can be resolved or IP address of your device and the "password" to your real password for the admin account).C:\putty.exe-SSH hostname-l - pw admin and password C:\send_config.txt m
output
4. Add "send_config_batch.bat" to the scheduled task window.The Configuration file will be sent to the address specified in the "send_config.txt".
I hope this helps!
Christopher C Smith
CSE
Cisco IronPort customer -
Hi all, I'm about to replace an existing a new ASA 5510 firewall. The environment is pretty simple, just an external and internal interface. I put in correspondence configs as much as possible, but I'd like to see if there are obvious problems. I am concerned mainly with my NAT statements. Nothing in the following config (sterilized) seems out of place? Thank you!!
------------------------------------------------------------
ASA 4,0000 Version 5
!
ciscoasa hostname
enable the encrypted password xxxxxxxxxx
XXXXXXXXXX encrypted passwd
names of
!
interface Ethernet0/0
nameif outside
security-level 0
IP 40.100.2.2 255.255.255.252
!
interface Ethernet0/1
nameif inside
security-level 100
IP 10.30.0.100 255.255.255.0
!
interface Ethernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
nameif management
security-level 100
IP 192.168.1.1 255.255.255.0
management only
!
boot system Disk0: / asa844-5 - k8.bin
passive FTP mode
permit same-security-traffic inter-interface
network of the 10.10.0.78 object
Home 10.10.0.78
Nospam description
network of the 10.10.0.39 object
Home 10.10.0.39
Description exch
network of the 55.100.20.109 object
Home 55.100.20.109
Description mail.oursite.com
network of the 10.10.0.156 object
Home 10.10.0.156
Description
network of the 55.100.20.101 object
Home 55.100.20.101
Description
network of the 10.10.0.155 object
Home 10.10.0.155
Ftp description
network of the 10.10.0.190 object
Home 10.10.0.190
farm www Description
network of the 10.10.0.191 object
Home 10.10.0.191
farm svc Description
network of the 10.10.0.28 object
Home 10.10.0.28
Vpn description
network of the 10.10.0.57 object
Home 10.10.0.57
Description cust.oursite.com
network of the 10.10.0.66 object
Home 10.10.0.66
Description spoint.oursite.com
network of the 55.100.20.102 object
Home 55.100.20.102
Description cust.oursite.com
network of the 55.100.20.103 object
Home 55.100.20.103
Ftp description
network of the 55.100.20.104 object
Home 55.100.20.104
Vpn description
network of the 55.100.20.105 object
Home 55.100.20.105
app www description
network of the 55.100.20.106 object
Home 55.100.20.106
app svc description
network of the 55.100.20.107 object
Home 55.100.20.107
Description spoint.oursite.com
network of the 55.100.20.108 object
Home 55.100.20.108
Description exchange.oursite.com
ICMP-type of object-group DM_INLINE_ICMP_1
response to echo ICMP-object
ICMP-object has exceeded the time
ICMP-unreachable object
Exchange_Inbound tcp service object-group
EQ port 587 object
port-object eq 993
port-object eq www
EQ object of the https port
port-object eq imap4
DM_INLINE_TCP_1 tcp service object-group
port-object eq www
EQ object of the https port
object-group service DM_INLINE_SERVICE_1
will the service object
the purpose of the tcp destination eq pptp service
the DM_INLINE_NETWORK_1 object-group network
network-object, object 10.10.0.190
network-object, object 10.10.0.191
the DM_INLINE_NETWORK_2 object-group network
network-object, object 10.10.0.156
network-object, object 10.10.0.57
DM_INLINE_TCP_2 tcp service object-group
port-object eq www
EQ object of the https port
object-group service sharepoint tcp
port-object eq 9255
port-object eq www
EQ object of the https port
outside_access_in list extended access permit icmp any any DM_INLINE_ICMP_1 object-group
outside_access_in list extended access permit tcp any object 10.10.0.78 eq smtp
outside_access_in list extended access permit tcp any object object 10.10.0.39 - Exchange_Inbound group
outside_access_in list extended access permit tcp any object-group DM_INLINE_NETWORK_2-group of objects DM_INLINE_TCP_1
outside_access_in list extended access permit tcp any object 10.10.0.155 eq ftp
outside_access_in list extended access allowed object-group DM_INLINE_SERVICE_1 any object 10.10.0.28
outside_access_in list extended access permit tcp any object-group DM_INLINE_NETWORK_1-group of objects DM_INLINE_TCP_2
outside_access_in list extended access permit tcp any object 10.10.0.66 object-group Sharepoint
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
management of MTU 1500
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm-649 - 103.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (exterior, Interior) static source everything any static destination 55.100.20.109 10.10.0.78
NAT (exterior, Interior) static source everything any static destination 55.100.20.108 one-way 10.10.0.39
NAT (inside, outside) static source 10.10.0.39 one-way 55.100.20.109
NAT (exterior, Interior) static source everything any static destination 55.100.20.101 10.10.0.156
NAT (exterior, Interior) static source everything any static destination 55.100.20.102 10.10.0.57
NAT (exterior, Interior) static source everything any static destination 55.100.20.103 10.10.0.155
NAT (exterior, Interior) static source everything any static destination 55.100.20.104 10.10.0.28
NAT (exterior, Interior) static source everything any static destination 55.100.20.105 10.10.0.190
NAT (exterior, Interior) static source everything any static destination 55.100.20.106 10.10.0.191
NAT (exterior, Interior) static source everything any static destination 55.100.20.107 10.10.0.66
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 40.100.2.1 1
Route inside 10.10.0.0 255.255.255.0 10.30.0.1 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.1.0 255.255.255.0 management
http 10.10.0.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Telnet timeout 5
SSH 10.10.0.0 255.255.255.0 inside
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
source of NTP server outside xxxxxxxxxx
WebVPN
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the pptp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:40cee3a773d380834b10195ffc63a02f
: end
Hello
You do nat (exterior, Interior), I'm going to do inside, outside but the configuration is always good.
The ACL configuration is fine, Nat is fine, so you should have problems,
Kind regards
Julio
-
Possibility to check/compare the configuration on the Ironport changes?
Hello
We have 2 devices of Ironport S370 and several directors of the devices.
Does anyone know of a tool that could help us audit/compare the changes made by each Director? Replaces the political categories and custom specific URL access.
Thank you!
This script can help you: it creates the configuration file, it transfers by FTP and sends the diff between the latest two files from your email config:
#! / bin/bash
ironporthost = "192.168.42.42".
ironportuser = "admin".
ironportpass = "password"configdir = "/ home/backup/ironport.
"emailalert ="[email protected] / * /"
EmailSubject = "Ironport Config Diff.pathtosshpass = "/ usr/bin '.
pathtossh = "/ usr/bin '.
pathtolftp = "/ usr/bin '.
pathtomail = "/ usr/bin '.# create the new configuration file
${pathtosshpass} / sshpass Pei ' ${ironportpass} "${pathtossh} / ssh-l ' ${ironportuser}" ${ironporthost} "saveconfig 0".# fetch configuration files
CD ${configdir}
${pathtolftp} / lftp u ' ${ironportuser} "," ${ironportpass} "EI" mget EI/configuration / * xml & output "${ironporthost}# Send diff of the last 2 files
files ='ls t *.xml | head - 2 '
configdiff = "$files diff.echo ${configdiff} | ${pathtomail} / mail-s "${emailsubject}" ${emailalert}
-
Restore the configuration of the AIP-SSM20?
Hi there
I have a small problem here - we are in the phase inupgrading of our Firewall to a set of 5510 with SSM10 to a set of 5520 with SSM20 - and I expected, it was quite simple just restore the current configuration of the SSM10 on the SSM20'- and weel - looks too so when I copy everything my server configuration ftp in backup-config and then load the backup current config with deletion - but when I look at by the After he was replaced in the configuration of the network?
I use the version 7.04 (E4) the kernel he...
The anyoine there have attempted to backup and restore the complete configuration - without problems?
If I copy the restored configuration back and do a diff on them the difference lies in the service host section:
2V2
< !="" current="" configuration="" last="" modified="" wed="" jun="" 22="" 23:42:31="">
---
> ! Current configuration changed the sea Mar 30 15:03:54 2011
8 C 8
< ! ="" signature="" update ="" s573.0 ="">
---
> ! Update of the signature S561.0 2011-04-20
34 c 34
< service="">
---
> service host
36 c 36, 38
< host-ip="">
---
> host-ip x.x.x.42/24,x.x.x.1
> host name of fw_pri Internet service provider
> telnet-option enabled
a 37, 40, 54
> dns primary server enabled
> address 8.8.8.8
> output
> dns server secondary disabled
> dns server service disabled
> output
> time-zone settings
> offset 60
> standard time - GMT + 01:00 area name
> output
> ntp-option enabled-ntp-no authenticated
> ntp server - 193.162.145.130
> output
> automatic update
> cisco-server disabled
is this a known issue?
best regards /ti
we are in the phase inupgrading our firewalls from a set of 5510 with SSM10 to a set of 5520 with SSM20 - and I expected it was quite simple just to restore the current config from the SSM10 on the SSM20'es
Fix. You should be able to restore a backup of configuration of the sensor of the AIP-SSM-10 on a module of sensor AIP-SSM-20 without much trouble, although hardware-wise that the AIP-SSM-20 are more able/powerful, there is no difference in the interface (or quantity) naming conventions, etc. that was displayed in the configuration.
I expected it was quite simple just to restore the current config from the SSM10 on the SSM20'es - and weel - it also looks so when I first copy the config from my ftp-server to the backup-config and then load the backup to current config with erase - but when I afterwards look in the network configuration it has been replaced?
I'm not sure that I followed exactly the procedure that you tried, but you should be able to back up the current configuration of the AIP-SSM-10 sensor module to a remote server, and then copy from the remote server to sensor AIP-SSM-20 module. Example:
AIP-ssm-10 # copy current config
AIP-ssm-20 # copy current-config /erase
NOTE: The parameter/erase applies only to the current config. If specified for the current-configdestination, the configuration of the source is applied to the default configuration of the system. If it is not specified for the current-configdestination, the configuration of the source is merged with the current config. Maybe that is part of the confusion?
-
We have an obligation to change the search option to search QD on the field in the Configuration item on a specific call screen.
By default, all our leaders tend to have the default value 'Client' on the field Configuration point QD. This is the case after that they took the customer on the call screen, when they enter the CI field and press ENTER, it refreshes automatically just the IC, where the selected customer is the owner of the aircraft.
However, on a screen specific IPK call status, we want the search Configuration option to point QD to always change the option "Config Item Title', not 'customer '.
No idea how to change this option only if you are using this specific screen and the default value remains the same for all the other forms of appeal?
Thanks for any help,
Ian
Hey Ian!
Appearently, you can take full control over the default search with a custom script menu item. This is an example how to do this in the Custom_InCallDetails.js file:
function CustomLoad() { var ciqd = da.BTN_ITEM_REFQD; if(ciqd){ var etp = da.ENTITY_TYPE; if(etp && etp.value=='7') ciqd.DefaultMenu = "CITYPEQUICK" else ciqd.DefaultMenu = "CUSTQUICK"; } }(change the number 7 to the entity type Ref you need)
Unfortunately this change script default for a user permanently. So if he had put any custom value before it is crushed.
If you need to keep the default values personalized search menu, maybe you need further customization to store the user selected value in a wrapper environment and set the value to return if necessary (just an idea).
Best regards, Gytis
-
Cannot change the entry door of the Linux guest OS by the perl script customization
Default gateway Linux can be changed using script (modified from vmclone.pl) below.
Someone at - it gives help on this?
#!/usr/bin/perl -w # # Copyright (c) 2007 VMware, Inc. All rights reserved. # use strict; use warnings; use FindBin; use lib "$FindBin::Bin/../"; use VMware::VIRuntime; use XML::LibXML; use AppUtil::VMUtil; use AppUtil::HostUtil; use AppUtil::XMLInputUtil; $Util::script_version = "1.0"; sub check_missing_value; my %opts = ( vmhost => { type => "=s", help => "The name of the host", required => 1, }, vmname => { type => "=s", help => "The name of the Virtual Machine", required => 1, }, vmname_destination => { type => "=s", help => "The name of the target virtual machine", required => 1, }, filename => { type => "=s", help => "The name of the configuration specification file", required => 0, default => "../sampledata/vmclone.xml", }, customize_guest => { type => "=s", help => "Flag to specify whether or not to customize guest: yes,no", required => 0, default => 'no', }, customize_vm => { type => "=s", help => "Flag to specify whether or not to customize virtual machine: " . "yes,no", required => 0, default => 'no', }, schema => { type => "=s", help => "The name of the schema file", required => 0, default => "../schema/vmclone.xsd", }, datastore => { type => "=s", help => "Name of the Datastore", required => 0, }, ); Opts::add_options(%opts); Opts::parse(); Opts::validate(\&validate); Util::connect(); clone_vm(); Util::disconnect(); # Clone vm operation # Gets destination host, compute resource views, and # datastore info for creating the configuration # specification to help create a clone of an existing # virtual machine. # ==================================================== sub clone_vm { my $vm_name = Opts::get_option('vmname'); my $vm_views = Vim::find_entity_views(view_type => 'VirtualMachine', filter => {'name' =>$vm_name}); if(@$vm_views) { foreach (@$vm_views) { my $host_name = Opts::get_option('vmhost'); my $host_view = Vim::find_entity_view(view_type => 'HostSystem', filter => {'name' => $host_name}); if (!$host_view) { Util::trace(0, "Host '$host_name' not found\n"); return; } # bug 449530 my $disk_size = get_disksize(); if($disk_size eq -1 || $disk_size eq "") { $disk_size = 0; my $devices = $_->config->hardware->device; foreach my $device (@$devices) { if (ref $device eq "VirtualDisk") { $disk_size = $disk_size + $device->capacityInKB; } } } if ($host_view) { my $comp_res_view = Vim::get_view(mo_ref => $host_view->parent); my $ds_name = Opts::get_option('datastore'); my %ds_info = HostUtils::get_datastore(host_view => $host_view, datastore => $ds_name, disksize => $disk_size); if ($ds_info{mor} eq 0) { if ($ds_info{name} eq 'datastore_error') { Util::trace(0, "\nDatastore $ds_name not available.\n"); return; } if ($ds_info{name} eq 'disksize_error') { Util::trace(0, "\nThe free space available is less than the" . " specified disksize or the host" . " is not accessible.\n"); return; } } my $relocate_spec = VirtualMachineRelocateSpec->new(datastore => $ds_info{mor}, host => $host_view, pool => $comp_res_view->resourcePool); my $clone_name = Opts::get_option('vmname_destination'); my $clone_spec ; my $config_spec; my $customization_spec; if ((Opts::get_option('customize_vm') eq "yes") && (Opts::get_option('customize_guest') ne "yes")) { $config_spec = get_config_spec(); $clone_spec = VirtualMachineCloneSpec->new(powerOn => 1,template => 0, location => $relocate_spec, config => $config_spec, ); } elsif ((Opts::get_option('customize_guest') eq "yes") && (Opts::get_option('customize_vm') ne "yes")) { $customization_spec = get_customization_spec (Opts::get_option('filename')); $clone_spec = VirtualMachineCloneSpec->new( powerOn => 1, template => 0, location => $relocate_spec, customization => $customization_spec, ); } elsif ((Opts::get_option('customize_guest') eq "yes") && (Opts::get_option('customize_vm') eq "yes")) { $customization_spec = get_customization_spec (Opts::get_option('filename')); $config_spec = get_config_spec(); $clone_spec = VirtualMachineCloneSpec->new( powerOn => 1, template => 0, location => $relocate_spec, customization => $customization_spec, config => $config_spec, ); } else { $clone_spec = VirtualMachineCloneSpec->new( powerOn => 1, template => 0, location => $relocate_spec, ); } Util::trace (0, "\nCloning virtual machine '" . $vm_name . "' ...\n"); eval { $_->CloneVM(folder => $_->parent, name => Opts::get_option('vmname_destination'), spec => $clone_spec); Util::trace (0, "\nClone '$clone_name' of virtual machine" . " '$vm_name' successfully created."); }; if ($@) { if (ref($@) eq 'SoapFault') { if (ref($@->detail) eq 'FileFault') { Util::trace(0, "\nFailed to access the virtual " ." machine files\n"); } elsif (ref($@->detail) eq 'InvalidState') { Util::trace(0,"The operation is not allowed " ."in the current state.\n"); } elsif (ref($@->detail) eq 'NotSupported') { Util::trace(0," Operation is not supported by the " ."current agent \n"); } elsif (ref($@->detail) eq 'VmConfigFault') { Util::trace(0, "Virtual machine is not compatible with the destination host.\n"); } elsif (ref($@->detail) eq 'InvalidPowerState') { Util::trace(0, "The attempted operation cannot be performed " ."in the current state.\n"); } elsif (ref($@->detail) eq 'DuplicateName') { Util::trace(0, "The name '$clone_name' already exists\n"); } elsif (ref($@->detail) eq 'NoDisksToCustomize') { Util::trace(0, "\nThe virtual machine has no virtual disks that" . " are suitable for customization or no guest" . " is present on given virtual machine" . "\n"); } elsif (ref($@->detail) eq 'HostNotConnected') { Util::trace(0, "\nUnable to communicate with the remote host, " ."since it is disconnected" . "\n"); } elsif (ref($@->detail) eq 'UncustomizableGuest') { Util::trace(0, "\nCustomization is not supported " ."for the guest operating system" . "\n"); } else { Util::trace (0, "Fault" . $@ . "" ); } } else { Util::trace (0, "Fault" . $@ . "" ); } } } } } else { Util::trace (0, "\nNo virtual machine found with name '$vm_name'\n"); } } # It returns the customization spec as per the input XML file sub get_customization_spec { my ($filename) = @_; my $parser = XML::LibXML->new(); my $tree = $parser->parse_file($filename); my $root = $tree->getDocumentElement; my @cspec = $root->findnodes('Customization-Spec'); # Default Values my $computername = "compname"; #my $timezone = 190; #my $userpassword; my $domain; my $ipAddress; my @gateway; my $subnetMask; my @dnsServerList; foreach (@cspec) { if ($_->findvalue('Virtual-Machine-Name')) { $computername = $_->findvalue('Virtual-Machine-Name'); } if ($_->findvalue('Domain')) { $domain = $_->findvalue('Domain'); } if ($_->findvalue('ipAddress')) { $ipAddress = $_->findvalue('ipAddress'); } if ($_->findvalue('gateway')) { @gateway = split (',',$_->findvalue('gateway')); } if ($_->findvalue('subnetMask')) { $subnetMask = $_->findvalue('subnetMask'); } if ($_->findvalue('dnsServerList')) { @dnsServerList = split (',',$_->findvalue('dnsServerList')); } } # globalIPSettings my @dnsSuffixList = [$domain]; my $customization_global_settings = CustomizationGlobalIPSettings->new(dnsServerList => \@dnsServerList, dnsSuffixList =>@dnsSuffixList); my $customization_identity_settings = CustomizationIdentitySettings->new(); # identity # my $password = # CustomizationPassword->new(plainText=>"true", value=> $userpassword); $computername my $cust_fixname = CustomizationFixedName->new (name => $computername); my $cust_linuxprep = CustomizationLinuxPrep->new(domain => $domain, hostName => $cust_fixname, hwClockUTC =>"false", timeZone =>"Asia/Shanghai"); # nicSettingMap my $customization_fixed_ip = CustomizationFixedIp->new(ipAddress => $ipAddress); my $cust_ip_settings = CustomizationIPSettings->new(ip => $customization_fixed_ip, dnsDomain => $domain, gateway => \@gateway, subnetMask => $subnetMask); my $cust_adapter_mapping = CustomizationAdapterMapping->new(adapter => $cust_ip_settings); my @cust_adapter_mapping_list = [$cust_adapter_mapping]; # customization spec my $customization_spec = CustomizationSpec->new (identity=>$cust_linuxprep, globalIPSettings=>$customization_global_settings, nicSettingMap=>@cust_adapter_mapping_list); # options=>$CustomizationOptions); return $customization_spec; } #Gets the config_spec for customizing the memory, number of cpu's # and returns the spec sub get_config_spec() { my $parser = XML::LibXML->new(); my $tree = $parser->parse_file(Opts::get_option('filename')); my $root = $tree->getDocumentElement; my @cspec = $root->findnodes('Virtual-Machine-Spec'); my $vmname ; my $vmhost ; my $guestid; my $datastore; my $disksize = 4096; # in KB; my $memory = 256; # in MB; my $num_cpus = 1; my $nic_network; my $nic_poweron = 1; foreach (@cspec) { if ($_->findvalue('Guest-Id')) { $guestid = $_->findvalue('Guest-Id'); } if ($_->findvalue('Memory')) { $memory = $_->findvalue('Memory'); } if ($_->findvalue('Number-of-CPUS')) { $num_cpus = $_->findvalue('Number-of-CPUS'); } $vmname = Opts::get_option('vmname_destination'); } my $vm_config_spec = VirtualMachineConfigSpec->new( name => $vmname, memoryMB => $memory, numCPUs => $num_cpus, guestId => $guestid ); return $vm_config_spec; } sub get_disksize { my $disksize = -1; my $parser = XML::LibXML->new(); eval { my $tree = $parser->parse_file(Opts::get_option('filename')); my $root = $tree->getDocumentElement; my @cspec = $root->findnodes('Virtual-Machine-Spec'); foreach (@cspec) { $disksize = $_->findvalue('Disksize'); } }; return $disksize; } # check missing values of mandatory fields sub check_missing_value { my $valid= 1; my $filename = Opts::get_option('filename'); my $parser = XML::LibXML->new(); my $tree = $parser->parse_file($filename); my $root = $tree->getDocumentElement; my @cust_spec = $root->findnodes('Customization-Spec'); my $total = @cust_spec; if (!$cust_spec[0]->findvalue('Virtual-Machine-Name')) { Util::trace(0,"\nERROR in '$filename':\n computername value missing "); $valid = 0; } if (!$cust_spec[0]->findvalue('Domain')) { Util::trace(0,"\nERROR in '$filename':\n domain value missing "); $valid = 0; } if (!$cust_spec[0]->findvalue('ipAddress')) { Util::trace(0,"\nERROR in '$filename':\n ipAddress value missing "); $valid = 0; } if (!$cust_spec[0]->findvalue('gateway')) { Util::trace(0,"\nERROR in '$filename':\n gateway value missing "); $valid = 0; } if (!$cust_spec[0]->findvalue('subnetMask')) { Util::trace(0,"\nERROR in '$filename':\n subnetMask value missing "); $valid = 0; } if (!$cust_spec[0]->findvalue('dnsServerList')) { Util::trace(0,"\nERROR in '$filename':\n dnsServerList value missing "); $valid = 0; } return $valid; } sub validate { my $valid= 1; if ((Opts::get_option('customize_vm') eq "yes") || (Opts::get_option('customize_guest') eq "yes")) { $valid = XMLValidation::validate_format(Opts::get_option('filename')); if ($valid == 1) { $valid = XMLValidation::validate_schema(Opts::get_option('filename'), Opts::get_option('schema')); if ($valid == 1) { $valid = check_missing_value(); } } } if (Opts::option_is_set('customize_vm')) { if ((Opts::get_option('customize_vm') ne "yes") && (Opts::get_option('customize_vm') ne "no")) { Util::trace(0,"\nMust specify 'yes' or 'no' for customize_vm option"); $valid = 0; } } if (Opts::option_is_set('customize_guest')) { if ((Opts::get_option('customize_guest') ne "yes") && (Opts::get_option('customize_guest') ne "no")) { Util::trace(0,"\nMust specify 'yes' or 'no' for customize_guest option"); $valid = 0; } } return $valid; } __END__You get errors? I also recommend to check the customer that has been deployed, for linux guests, there is a log file of the customization specification and I want to say its somewhere in/var/log/vmware, but I don't remember the exact name of the file. You can see what happened in and if there is no error. Also, I assume that you have looked at the list of taken guestOSes supported for customization of comments?
Maybe you are looking for
-
The display on my 2008 Macbook Pro went dark. Can I connect to a Mac monitor no?
View on 2008 MacBook Pro has been dark. I can connect the computer to a Mac monitor no?
-
I myself bought a s1800-214 for parts. The problem is that it hangs at the openingscreen where the logo toshiba by pressing F12 to choose startdevice appears.I installed a successful new bios, but it did not work.You can see the post to begin the che
-
HP Pavilion 15-n270sa: cannot turn on WiFI using as supposed to action on HP Pavilion keys
Hello I recently downgraded my laptop for Windows 7 Pro Windows 8.1 because of problems with internet. When you have completed the installation I was not able to use my work as supposed to keys when I need to turn on my WiFi Fn + f12 keys. The driver
-
My computer has windows vista and IE 8 I'm have trouble on all websites freezes and hang ups this isall time!. original title: hangupand freezes!
-
HP Envy 17 t - 1000 PROBLEM video
Hello My graphics card is ATI Mobility Radeon HD 5800 And I installed all the drivers (Think so..) and I have this message sistem "display driver stopped responding and has recovered / Display driver AMD driver stopped responding and has successfully