Hi,

I have an allow rule based on Source Ip address in the BM3.9 access
rules. The rule is the same as on the BM3.8 server. When the proxy is
set to the BM3.8 server the access rules are honored and the server
whose source IP is in the rule can access the internet. When I change
the proxy to the new BM3.9 server I get the SSL sign on page of the
bordermanager server.

Has the mechanism of access rules changed between BM3.8 and 3.9 in
regard to allowing certain IP addresses access to the internet ?

The rule is created as follows (copied from XML backup file)

<AccessRule AccessType="HTTP" Action="1" Direction="0" License=""
Log="1" RuleLocation="" RuleName="Allow BES server all HTTP"
RuleNumber="45080a39" Current_RuleName="Rule:45080a39">
<URL Comparison="equals" Type="Configured" Value="Any" />
<SourceIPaddrList Comparison="equals" Value="192.168.10.215">
<IPaddr endAddr="0.0.0.0" startAddr="192.168.10.215"
subnet="0.0.0.0" />
</SourceIPaddrList>
</AccessRule>


--
Regards,

Hen
------------------------------------------------------------------------
hennys's Profile: http://forums.novell.com/member.php?userid=233
View this thread: http://forums.novell.com/showthread.php?t=345047

Hi,

hennys wrote:
>
> Has the mechanism of access rules changed between BM3.8 and 3.9 in
> regard to allowing certain IP addresses access to the internet ?

No, but you most likely don't have "authenticate only when user attempts
to access a restricted page" set on the 3.9 server.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

In article <hennys.3gc922@no-mx.forums.novell.com>, Hennys wrote:
> Has the mechanism of access rules changed between BM3.8 and 3.9 in
> regard to allowing certain IP addresses access to the internet ?
>
No, it has not changed. This isn't a rule issue at all - it's a proxy
authentication issue. On the 3.8 server, you have 'Authenticate only
when user attempts to access a restricted page' enabled. You don't
have that on the 3.9 server, so it is attempting to authenticate when
the server accesses the proxy. If you make the change, that access
rule will allow the server to use the proxy without authenticating.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***

You are right,

On the bm3.8 the setting 'Authenticate only when user attempts to
access a restricted page' is enabled and on the BM3.9 it is not.

I tried to change the BM3.9 so this is also the case on the 3.9 server,
but each time I get the message 'Failed to apply changes.' in
iManager.

Also I can see on the proxy console that the server is not reading its
updated configuration.

Is there a way to solve the failed to apply changes, or to force the BM
server to reread the configuration anyway?

Regards,
Hen

phxazcraig;1646908 Wrote:
> In article <hennys.3gc922@no-mx.forums.novell.com>, Hennys wrote:
> > Has the mechanism of access rules changed between BM3.8 and 3.9 in
> > regard to allowing certain IP addresses access to the internet ?
> >
> No, it has not changed. This isn't a rule issue at all - it's a proxy
> authentication issue. On the 3.8 server, you have 'Authenticate only
> when user attempts to access a restricted page' enabled. You don't
> have that on the 3.9 server, so it is attempting to authenticate when
> the server accesses the proxy. If you make the change, that access
> rule will allow the server to use the proxy without authenticating.
>
> Craig Johnson
> Novell Support Connection SysOp
> *** For a current patch list, tips, handy files and books on
> BorderManager, go to 'Craig Johnson Consulting - BorderManager,
> NetWare, and More' (http://www.craigjconsulting.com) ***


--
Regards,

Hen
------------------------------------------------------------------------
hennys's Profile: http://forums.novell.com/member.php?userid=233
View this thread: http://forums.novell.com/showthread.php?t=345047

Hi,

hennys wrote:
>
> You are right,
>
> On the bm3.8 the setting 'Authenticate only when user attempts to
> access a restricted page' is enabled and on the BM3.9 it is not.
>
> I tried to change the BM3.9 so this is also the case on the 3.9 server,
> but each time I get the message 'Failed to apply changes.' in
> iManager.

Are you using the latest BM snapins for iManager? Can you try a
different iManager (e.g iManager mobile?) Where is your iManager
running, and if on Netware, are there any errors in the logger screen?

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Hi,

Tried 2 different iManagers on linux and one on netware. All three are
reporting failed to apply changes.
On netware the logger screen shows no abnormal or error messages.

It looks to me as if the bordermanager server is not receiving a signal
to refresh. The changes made are sticky in imanager.

Kind regards,

Hen


mrosen;1647496 Wrote:
> Hi,
>
> hennys wrote:
> >
> > You are right,
> >
> > On the bm3.8 the setting 'Authenticate only when user attempts to
> > access a restricted page' is enabled and on the BM3.9 it is not.
> >
> > I tried to change the BM3.9 so this is also the case on the 3.9
> server,
> > but each time I get the message 'Failed to apply changes.' in
> > iManager.
>
> Are you using the latest BM snapins for iManager? Can you try a
> different iManager (e.g iManager mobile?) Where is your iManager
> running, and if on Netware, are there any errors in the logger screen?
>
> CU,
> --
> Massimo Rosen
> Novell Product Support Forum Sysop
> No emails please!
> 'Untitled Document' (http://www.cfc-it.de)


--
Regards,

Hen
------------------------------------------------------------------------
hennys's Profile: http://forums.novell.com/member.php?userid=233
View this thread: http://forums.novell.com/showthread.php?t=345047

Hi,

hennys wrote:
>
> Hi,
>
> Tried 2 different iManagers on linux and one on netware. All three are
> reporting failed to apply changes.

Works perfectly fine here. Can you manage other aspects of the Proxy
from these iManagers succesfully?

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Hi,

Access rules can be edited and refreshed without any problem. It seems
only the proxy settings are not refreshed correctly.

QUOTE=mrosen;1647659]Hi,

hennys wrote:
>
> Hi,
>
> Tried 2 different iManagers on linux and one on netware. All three
are
> reporting failed to apply changes.

Works perfectly fine here. Can you manage other aspects of the Proxy
from these iManagers succesfully?

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
'Untitled Document' (http://www.cfc-it.de)


--
Regards,

Hen
------------------------------------------------------------------------
hennys's Profile: http://forums.novell.com/member.php?userid=233
View this thread: http://forums.novell.com/showthread.php?t=345047

Hi,

hennys wrote:
>
> Hi,
>
> Access rules can be edited and refreshed without any problem. It seems
> only the proxy settings are not refreshed correctly.

I'm pretty much out of ideas, sorry. All I can suggest is to try yet
another iManager and make sure it's patched up to date. If possible,
even on the BM server itself.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de