Centralized AV update

I do not need a solution (just sharing information)

Dear All,

We are currently working in a project where we need to deploy, Centralized AV update to 50 Servers (winSvr 2012) and 20 Workstation (Win8). Our current architecture as below;

L3 network (no internet access): Client Server and Workstations n

L3 network (no internet access): SEPM 

L3.5 DMZ (no internet access) : No SEPM instance

L4 (business netwrk with internet connection): SEPM 

 We need your help to advice the best practice and any sample architecture on how to deploy centralize AV update from L4 down to L3 clients. 

Regars,

Naragas

0

Related:

gateway user using SAML Authentication fails to connect with following error displayed 'internal server error 43531'

We were able to see following logs on ADC:

Based on these logs, we were able to see, that after SAML being processed, traffic is suppose to hit the VPN session policy configured on ADC by administrator.

However it hits a default session policy policy = SETVPNPARAMS_ADV_POL” and gets discarded.


Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default AAATM Message 4013 0 : “ns_aaa_saml_parse_assertion: parsing the begg tag: AuthnContextClassRef>urn:oasis ”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default AAATM Message 4014 0 : “parsing end of tag /AuthnContextClassRef></AuthnC ”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default AAATM Message 4015 0 : “parsing end of tag /AuthnContext></AuthnStatement ”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default AAATM Message 4018 0 : “assertion end tag seen, remaining data: </samlp:Response> ”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default AAATM Message 4027 0 : “SAMLSP: Trying to detect Assertion replay for sessionid _0aad6cdd-81a5-438e-9a69-fd3fb4044600 assertionid _0aad6cdd-81a5-438e-9a69-fd3fb4044600”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default AAATM Message 4028 0 : “SAMLSP resumeNotification; entry not found, dht_error 6”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default SSLVPN Message 4029 0 : “last factor groups are grpnames: 0 <>, grpnames1: 0 <>”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default SSLVPN Message 4030 0 : “In vpnsession_adv_policyeval : Calling action-trigger for policy = SETVPNPARAMS_ADV_POL”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default SSLVPN REMOVE_SESSION_DEBUG 4031 0 : Sessionid 1 – User testusr@test.com – Client_ip 111.11.1.1 – Nat_ip “Mapped Ip” – Vserver_ip 10.49.104.111 – Errmsg “session removed due to internal error”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default SSLVPN Message 4032 0 : “sslvpn_delete SSID 1, f, 0”

Sep 23 10:25:18 <local0.debug> 10.49.77.235 09/23/2019:00:25:18 GMT VPX01-DMZ 0-PPE-0 : default SSLVPN Message 4033 0 : “SSID 1 remove session PE : 0, owner : 1, ref : 0, exp : 0”

In our case, session policy was binded to aaa group. However Azure was not sending group information to ADC in assertions. Hence session policy was not being hit.

Related:

  • No Related Posts

Add FTP instead UNC path in patch management “Download from staging location” in

I need a solution

We have to NS server one is in DMZ zone and having internet and another on LAN which don’t having internet access. All the ports are blocked expected 80 & 443 also UNC port 445 not allow between both zone but there is possibilities for FTP & SFTP Server. I have download the patches on DMZ server and now import these patches on internal NS.I request you to please help me to configure FTP or SFTP setting in patch management Core Services settings for import the all patches from DMZ server. 

0

Related:

Moving to new SEPM server, new IP, new name and new domain…

I need a solution

Our MS 2008 server SEPM 14 RU1 MP2 server is coming to its end, we will be moving to a new 2016 server with a new IP, new name and new domain.  We are in a large Gov’t enterprise, hence being dictated to move to the new domain for the new server.  Obviously there will be much pain in the firewall rules, trusts, etc.  I have been down that road before, it’s ugly but can and will be done.  My question is this, which method would be best to migrate over,  setting up the new server as a Replication Partner, or new Site Partner?  The database is already on a newer server, so that will remain as it is.  We will also have to migrate our DMZ server, but that will be a separate nightmare of firewall rules and etc. to deal with.  Any advise or thoughts on the best method for the SEPM move is appreciated.

0

Related:

Re: DMZ connect to a node not to the SC

Hi smeura,

There are some applications that don’t work well with with SmartConnect because of the IP change. I don’t have enough information about your environment to give you advice here, but you could open up a ticket with Isilon for a deeper dive.

There is some information here https://support.emc.com/docu58740 regarding SmartConnect and DMZ but I can’t say whether or not it is applicable to your situation.

SmartConnect usage in isolated network environments

SmartConnect is, effectively, a limited implementation of a custom DNS server: it answers only for the SmartConnect zone names or aliases configured on it. To use SmartConnect in an isolated network environment where no DNS infrastructure is available (such as a DMZ), configure your client systems to use the SmartConnect service IP address as the primary DNS server. Configuring your client systems this way helps to ensure that:

• Requests to connect to Isilon clusters with SmartConnect zone names will succeed.

• The isolated network benefits from SmartConnect features, such as load-balancing and rerouting traffic to prevent unavailable nodes, will work as expected in a normal, non-isolated deployment.

Related:

Discover Server in DMZ?

I need a solution

Hello!

We are running 15.0 in a two tier environment with multiple Netwrork Monitor servers as well as Endpoint and Network Discover servers.

We have a need to perform discover scans in our DMZ but due to current configurations and internal ‘rules’ we cannot scan the DMZ with our current ‘internal’ discover servers.

I assume there is a way to stand up a Discover server in our DMZ for scanning but report back into the internal console? I have been coming up short on my searching on finding clear information on how to set this up properly any information or links to guides most welcome!

Thanks, 

Jennifer

0

Related:

Re: FTP files to DataDomain?

Hi

We have a DD620 sitting in our internal network, and we have servers in our DMZ zone that do some local backups using SQL.

I am trying to figure out a good way to automate sending those backup files to DataDomain without granting too much access out of the DMZ zone.

I thought FTP would be nice, its simple, I wouldn’t think it as dangerous as forwarding SQL..

But FTP only seems to allow gathering files from the internal OS, and not from any of the actual shares.

I thought I had to just be missing something, but I can’t find anything even in documentation..

So is there any way to FTP files onto the CIFS shares of the DD?

I’m open to any other suggestions if anyone has any other ideas!


Thanks!

Related:

Invalid Authentication Form (invalid_auth_form)

I need a solution

Dear All,

I have a strange situation with reverse proxy on BlueCoat ProxySG…

I have 2 adapters – one connected to LAN another to DMZ.

I have rules configured with reverse_proxy and rules for OWA publication.

I’ve tested the rules when clients comes to DMZ interface – all is fine. When I add internal IP to the proxy service (which intercept SSL traffic from 443 port), I’ve got strange situation. If connected to the OWA with IE after entering credentials I’ve got an error (see below) if connect through google chrome all is fine…

Could help with ideas, what can be wrong?

Invalid Authentication Form (invalid_auth_form) 

  
 The submitted authentication form is invalid. The form data must contain the username, password and valid original request information.   
  

 Transaction ID: 83dcaa5ef44b47aa-0000000000172382-000000005bee6a1d  

0

Related: