Мобильное приложение Сбербанк Онлайн не работает из корпоративной сети находящейся за firewall-ом
Мобильное приложение Сбербанк Онлайн использует:
1.
2.
Пример правила на cisco asa:
Мобильное приложение Сбербанк Онлайн использует:
1.
Порты 4433, 4477 - необходимо открыть доступ по этим портам на домен Сбербанка третьего уровня online.sberbank.ru и все домены выше домена третьего уровня *.online.sberbank.ru, например, geo.online.sberbank.ru, node0.online.sberbank.ru, node1.online.sberbank.ru, node2.online.sberbank.ru.2.
Порты 443, 80 – по этим портам у мобильного приложения должен быть свободный доступ в интернет.Пример правила на cisco asa:
object network LAN#network #app
subnet 10.0.0.0 255.255.255.0
!
object-group service SBER-ONLINE-PORT
port-object eq 4433
port-object eq 4477
!
access-list ACL-INPUT extended permit tcp object LAN any object-group SBER-ONLINE-PORT
Настройка EtherChannels между Cisco ASA (Failover Active-Standby) и L3 switches (StackWise/VSS/vPC)
If you use the ASA in an Active/Standby failover deployment, then you need to create separate EtherChannels on the switches in the StackWise/VSS/vPC, one for each ASA. On each ASA, a single EtherChannel connects to both switches. Even if you could group all switch interfaces into a single EtherChannel connecting to both ASA (in this case, the EtherChannel will not be established because of the separate ASA system IDs), a single EtherChannel would not be desirable because you do not want traffic sent to the standby ASA
Т.о создаем на коммутаторах для каждой Cisco ASA свой PortChannel согласно рисунку
#cisco #asa #network
If you use the ASA in an Active/Standby failover deployment, then you need to create separate EtherChannels on the switches in the StackWise/VSS/vPC, one for each ASA. On each ASA, a single EtherChannel connects to both switches. Even if you could group all switch interfaces into a single EtherChannel connecting to both ASA (in this case, the EtherChannel will not be established because of the separate ASA system IDs), a single EtherChannel would not be desirable because you do not want traffic sent to the standby ASA
Т.о создаем на коммутаторах для каждой Cisco ASA свой PortChannel согласно рисунку
#cisco #asa #network
Syslog configure on network equipment
HP / HUAWEI:
HP / HUAWEI:
info-center enableQTECH:
undo info-center logfile enable
info-center source default channel 2 log level warnings
info-center source default channel 4 log level warnings
info-center loghost 10.10.10.10
info-center timestamp loghost no-year-date
logging 10.10.10.10 level warningsCISCO:
logging onARUBA:
logging origin-id hostname
logging host 10.10.10.10
logging history warnings
logging buffered warnings
logging trap warnings
logging 10.10.10.10ZYXEL:
logging origin-id hostname
logging severity warning
syslog#network #cisco
syslog type system
syslog type interface
syslog type switch
syslog type aaa
syslog type ip
syslog type system facility 7
syslog type interface facility 7
syslog type switch facility 7
syslog type aaa facility 7
syslog type ip facility 7
syslog server 10.10.10.10 level 6