Solved

Service Group syntax

Posted on 2004-08-26
3
426 Views
Last Modified: 2008-03-06
Quick and easy for someone to check.........

please see the following

name x.x.x.x OracleServer1
name x.x.x.x OracleServer2
name x.x.x.x OracleServer3
name x.x.x.x OracleServer4
name x.x.x.x OracleServer5
name x.x.x.x OracleServer6
object-group network Oracle_11i-Printers
  network-object 172.16.1.94 255.255.255.255
object-group network Oracle_Server_Cluster
  description Servers for the Oracle 11i Financial System
  network-object OracleServer1 255.255.255.255
  network-object OracleServer2 255.255.255.255
  network-object OracleServer3 255.255.255.255
  network-object OracleServer4 255.255.255.255
  network-object OracleServer5 255.255.255.255
  network-object OracleServer6 255.255.255.255  
object-group service ports tcp
  port-object eq 80
  port-object eq 515
  port-object eq 1521
  port-object eq 1522
  port-object eq 1525
  port-object eq 1527
  port-object eq 1535
  port-object eq 1536
  port-object eq 7000
  port-object eq 7005
  port-object eq 7015
  port-object eq 7035
  port-object eq 7777
  port-object eq 8000
  port-object eq 8005
  port-object eq 8015
  port-object eq 8035
  port-object eq 8800
  port-object eq 8805
  port-object eq 8815
  port-object eq 8835
  port-object eq 9000
  port-object eq 9005
  port-object eq 9015
  port-object eq 9035
  port-object eq 9100
  port-object eq 15000
  port-object eq 15005
  port-object eq 15015
  port-object eq 15035
static (inside,outside) x.x.x.x 172.16.1.94 netmask 255.255.255.255 0 0
access-list outbound permit tcp 172.16.0.0 255.255.0.0 object-group Oracle_Server_Cluster object-group Ports
access-list inbound permit tcp object-group Oracle_Server_Cluster object-group Oracle_11i-Printers eq 9100
access-list inbound permit tcp object-group Oracle_Server_Cluster object-group Oracle_11i-Printers eq 515


Before I upload this have I got the syntax right for the ports service group?

Pete






0
Comment
Question by:Pete Long
  • 2
3 Comments
 
LVL 36

Expert Comment

by:grblades
ID: 11902227
It looks correct apart from this line :-
access-list outbound permit tcp 172.16.0.0 255.255.0.0 object-group Oracle_Server_Cluster object-group Ports
You haven't specified the destination network and you have a capital 'p' in 'ports'.
I think you might mean:-
access-list outbound permit tcp 172.16.0.0 255.255.0.0 object-group Oracle_Server_Cluster any object-group ports
0
 
LVL 57

Author Comment

by:Pete Long
ID: 11906732
OK hang on

access-list outbound permit tcp 172.16.0.0 255.255.0.0 object-group Oracle_Server_Cluster object-group Ports
                                                                                         ^^^^^^^^^^^^^^^^^^

destination network as per

object-group network Oracle_Server_Cluster

or am I being numb? (this is not unusual)


fair one on the "P" though LOL
0
 
LVL 36

Accepted Solution

by:
grblades earned 500 total points
ID: 11908324
Sorry my mistake. It should be the following (just the ports word corrected)

access-list outbound permit tcp 172.16.0.0 255.255.0.0 object-group Oracle_Server_Cluster object-group ports
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Split tunnel and locally reroute the traffic 3 37
Rule Iptables 1 60
Firewall Analyzer Reporting Software 4 56
linux juniper redhat why use for firewalls 8 89
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question