Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Software Firewalls

19K

Solutions

19K

Contributors

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello dear community,
Ineed  to upgrade firewall checkpoint from 77.20 to 77.50
I would like feedback on this subject and if there are any script to automate this operation because I have a lot of firewall in different countries, and also how log time for interrupting service in upgrade
Thank you for advance
0
Introducing the WatchGuard 420 Access Point
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

In the example below, I see that I am listening on port 8080 (www) and then I have the mapped port of 63. I have a questions about that 63. Can that be any number I make up? Or is this supposed to be structured in certain way? I am using ASA 9.4 and above. Also, if I am listening on port 8080 what do I need the 63 for?

(config#)Object network WEB-SERVER
(config-network-object)# host 172.10.150.100
(config-network-object)#nat (inside,outside) static 1.1.1.1 service tcp www 63

Open in new window

0
I am interested in installing Sophos XG firewall home edition on a PC. the following link has been given to me by Sophos as a link for the free download.

Link for Sophos XG firewall home Edition

I am somewhat nervous however as the site issues a warning to the effect that any existing operating system will be erased when installing the product. I understand this bit I am not sure what will happen if I click the Get Started button on the Sophos web site.
I would hope that an image file would be downloaded that I could burn to a CD/DVD and then use to install the product on a PC with no OS on it.
I wish to be assured that clicking on the Get Started button won't result in the XG firewall being installed on my PC and wiping out the my PC.
0
I've got a 5545x that I'm configuring for remote access VPN.  I've done a few 5506's but this is my first 5545.

I initially started with AnyConnect. I could get the client connected, but I couldn't get a ping response.  The client statistics showed control data was being exchanged.  Client data was being sent, but not received.

I wiped and reconfigured and got the exact same results.   Then I tried configuring IPSec for the legacy VPN Client because I can always get that to work. :-)

Exact same results.  Client connects fine but no data.  "show cry ipsec sa" shows pkts decap are increasing but pkts encaps are not.  

I figure that I'm just missing something and I've been looking at it for so long that I'm just not seeing it. Hoping someone can look at this and see a typo or a missing statement that I'm missing.

I've stripped out all the non-essentials and sanitized the output.  If I got overzealous with the stripping and cleaning, let me know and I'll repost.

Thanks.

Don

P.S.  I've added a bunch of... junk that I don't usually have while throwing things at this to see if something sticks.


ip local pool RA_VPN_POOL 192.168.255.1-192.168.255.62 mask 255.255.255.192
ip local pool AnyConnect_VPN_Pool 192.168.255.129-192.168.255.254 mask 255.255.255.192
!
object network VPN-Nets
 subnet 192.168.255.0 255.255.255.0
!
object-group network Inside-Networks
  network-object 10.10.0.0 255.255.0.0
 network-object 192.168.0.0 255.255.0.0
!

Open in new window

0
For some reason, I can't change the setting of the interface e1 from 100full to auto.
I update the internet speed from 30mbps to 100mbps (Cable provider).
I am not getting 100mbps out from the pix501, if I connect the computer directly to the modem, I can get the 100mbps.

Looking around for a solution, someone recommended to set both interfaces (e0 and e1) to auto. E0 is already set to auto, but e1 I can't change it to auto. The pix 501 give me a message "int e1 can only be set 100full".
Why I can't change it?
Hope someone can help.
thanks for any suggestions to my issue....


PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
0
I have a user that is abusing their privileges and would like to block services internally. A user wished to have the Dish Network application installed on their laptop to use while traveling. There has been reports that the use was using the application in the office while on the network. I wish to block services to this application while on the internal network. I currently have Palo Alto firewalls on the network. How do i block this service from my internal network?
0
Mark Rutte once quoted “The annual cost of cybercrime to the global economy is more than $4 and to his surprise, the numbers have raised to $450 billion last year only. As this number is on a continuous rise, it is very much important to keep a security check on the mobile app security issue.
0
Dear, we have a public server. how can we block remote desktop service to its public IP address? and allow only to its local IP?

I tried in Firewall advance setting, set the scope, but did not help.
0
I am new to PA firewalls and wonder what's other's opinions compare to Ciscos please.  I heard they are user-friendly but security guys hate them.  They can be very pricey as well.
Thanks in advance!
0
Hi Team,
 
            I need a data tracker software free tool.I want to find which IP address/machine/user use upload/download amount of data.
I need a software tool for this monitoring.So can you please suggest me best tool free version.
0
Free Tool: ZipGrep
LVL 10
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Inherited computers from another IT company that have Trend Micro Security Agent installed on them without the uninstall password, does anyone know how to go about changing the password to uninstall. It's causing network issues.
0
I am running ubuntu 14, using the built in FTP server.
When I try to connect to it, it connects, but I get this error below

Status:      Connection established, waiting for welcome message...
Status:      Logged in
Status:      Retrieving directory listing...
Status:      Server sent passive reply with unroutable address. Using server address instead.
Command:      LIST
Error:      Connection timed out after 20 seconds of inactivity
Error:      Failed to retrieve directory listing

Yes, I know I can change the setting in filezilla to active mode and then it would work, but that does not solve my problem.  I have a computer running a script FTP'ing files to my linux box, and it stopped working.
The only thing I did yesterday is disable and enable the firewall on the linux box, and it almot seems since then, it stopped working.

I'm thinking the problem is on the linux box?
0
I am using Linux, trying to connect to my ftp server using service-U in a remote data center.  I have an always on vpn connection to the data center. From a windows box, I can ftp just file to the server,  it from the Linux box, I keep on getting this error message.


First it says:
Connected to 10.2.x.x
421, service not available, remote server has closed connection

So I looked at the logs on my ftp connection and I didnt see any connection attempt.

Is this a Linux issue or my firewall, I'm thinking it's my firewall.
0
Hello Team,

I used to have my vpn tunnels using sonicwall to sonicwall. Some of my remote offices are hiding behind a natted static public ip address and the wan interface of the sonicwall has a private ip address assigned. When using sonicwall to sonicwall a public vpn tunnel can still be accomplished in this scenario when specifying the PEER IKE IP (private ip of the wan interface) on the sonicwall on the other site along with the public ip. This is refereed to as NAT Traversal.

Now we're moving to Checkpoint in our primary site where all our remote offices connect to, so we need to have a checkpoint to sonicwall VPN and so far it works fine except on the sites that are using NAT Traversal. How can we apply this same PEER IKE IP concept in the checkpoint connecting to the sonicwall with a private ip address in the WAN interface.

Thank you.
0
Been trying to upgrade the ios on ASA 5525s from 8.6 to 9.44. To do so there is first the need to upgrade to 9.04 and than to 9.44 but when the upgade to 9.0 was done a lot of config on the asa went missing; including nat rules, object network and access list entries etc. Any ideas why it happened.

Kind regards
0
We currently use OpenVPN, as well as L2TP over IPSec VPN on our Linux servers (CentOS 6.x mostly). Both VPN servers are running properly. However, while each of the physical servers have several IPs assigned to them, the VPN is always able to run on one IP address only.

What we need:

A user connects to our server (either via OpenVPN or via L2TP over IPsec VPN), the server picks a random server IP address instead of just one for all users.

Basically, what we need is a server side IP address rotation for the VPN.
0
Hi,

forgot windows 10  laptop password on old laptop to get into laptop. How do i reset or get into this old laptop. please advise
0
Hi,

I really need a help and guidance on how to go about setting up a wifi hotspot at our Cafe. We have regular customers which comes every morning to have cup of coffee and little snack. Normally, customers comes while they have their coffee for about 10 to 20 minutes and then go.

I would like to offer a Free Wifi to all my customers who comes to my cafe for coffee for 10 or 20 minutes.

I should be able to print out a wifi voucher which they can use to access the internet on their mobile phones or laptop. But usually it'll be just a mobile phone. The internet will be stricted ONLY to checking emails online and or Facebook - nothing else. It should not allow them to download softwares, torrents, since we dont have unlimited data to our ISP.

Remember, that after 20 minutes, the voucher should die out. And it can only works to one mobile phone.

Anyway's that is the plan and i hope i can get answers on how to proceed and going forward.

Thank you and i look forward to comments.

Kindest,
Bakaka
0
I've been asked to turn on logging for code ASA-6-302014.  According to Cisco it's the Teardown TCP connection.
I have logging enabled and have set notifications  for syslog ID 302014.  I can't seem to get ASA-6-302014 to show in my log files, but I get ASA-5-302014.  Is this the same thing?

Our ASA is a 5520 8.2(1) 

Thanks,

Eric
0
Cyber Threats to Small Businesses (Part 2)
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Dear All,
         Recently I configured TMG firewall as a proxy I make all the rules & every thing is working fine. If I login to TMG server and ping any public ip’s or any domain like google.com etc. I am able to ping but on client computer If provide them internet via TMG then are able to access but not able to ping any public ip or domain like google.com
         So please need your support to enable ping
       

Thanks in advance




Regards,
0
Hi,

moto 4g plus android makes noise while taking photo. how to mute while taking photo. please advise
0
In Palo Alto Networks there is a test sec policy command that will let me know whether the traffic from source A to dest B for port C will pass or be denied. i.e. test sec policy 10.10.10.100 to 10.10.20.100:80 ALLOW (or DENY). Is there a similar function within VMWare NSX?
0
Hello,

If I have ASA active/standy and I want to upgrade the iOS version on the primary, do I need to also upgraded on the standby or will it do it on its own.
0
How do i allow a third party IP Address or domain.com  to come thru my firewallD for Centos 7.  I need a step by step explanation how to do this.  This is the situation, I have a site builder module installed on my control panel. When i access it, it takes me to the third party company where i do the site creation. Once the site is completed, i have to publish it to a domain on my server. The only way to do this is allow the third parties ip address access so i can publish the content to a domain on my system. Please Help
0
hi ASA 9.1 (4)

make an audio call through ASA - weird on rare occasion i can hear audio. - then same call majority of times no audio.
the call is made from tablet inside lan  to phone on inside on LAN- it goes out ASA through to internet and back in through asa.
sip and h323 and skinny inspect ON. - Ive tried turning off makes no difference.

ports for audio open  8500-8598 UDP - how can it be a port issue if it works on occasion? unless some dynamic port happening?
is it something to do with NAT ?

thanks
0

Software Firewalls

19K

Solutions

19K

Contributors

Software firewalls, also known as host-based firewalls, provide a layer of software on one host that controls network traffic in and out of that single machine. Most operating systems now include firewall software, but many available software firewalls include central distribution, antivirus systems and disaster recovery.