SQL Appplication errors



  • Hi,

    We have a NS5GT router setup and working correctly on our LAN/WAN interfaces and all internet and LAN traffic/applications are working fine except our mission critical SQL based (informix) application.

    I have read through various posts here but can anyone suggest some things to try.

    Can send our config file if that helps.

    regards - glen



  • What is IP of SQL devices?  Also try the following command:

    unset alg sql

    See if that helps.



  • thx will try that today…is this turned on by default ??

    below is our config…

    set clock timezone 11
    set vrouter trust-vr sharable
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    unset auto-route-export
    exit
    set auth-server “Local” id 0
    set auth-server “Local” server-name "Local"
    set auth default auth server "Local"
    set auth radius accounting port 1646
    set admin name "admin"
    set admin password "nJshN8rVJaAGc0YHLsKKLfAtliLUnn"
    set admin user “Surebridge” password “nMlFCurJHlBGcK3HxsKKEiEtnHANLn” privilege "all"
    set admin manager-ip 203.20.125.242 255.255.255.255
    set admin manager-ip 192.168.2.0 255.255.255.0
    set admin manager-ip 172.16.16.0 255.255.240.0
    set admin scs password disable username admin
    set admin mail alert
    set admin mail server-name "172.16.16.4"
    set admin mail mail-addr1 "admin@byron.nsw.gov.au"
    set admin mail traffic-log
    set admin auth timeout 60
    set admin auth server "Local"
    set admin privilege read-write
    set admin format dos
    set zone “Trust” vrouter "trust-vr"
    set zone “Untrust” vrouter "trust-vr"
    set zone “VLAN” vrouter "trust-vr"
    set zone “Untrust-Tun” vrouter "trust-vr"
    set zone “Trust” tcp-rst
    set zone “Untrust” block
    unset zone “Untrust” tcp-rst
    set zone “MGT” block
    set zone “VLAN” block
    set zone “VLAN” tcp-rst
    unset zone “Untrust” screen tear-drop
    unset zone “Untrust” screen syn-flood
    unset zone “Untrust” screen ping-death
    unset zone “Untrust” screen ip-filter-src
    unset zone “Untrust” screen land
    set zone “V1-Untrust” screen tear-drop
    set zone “V1-Untrust” screen syn-flood
    set zone “V1-Untrust” screen ping-death
    set zone “V1-Untrust” screen ip-filter-src
    set zone “V1-Untrust” screen land
    set zone “Trust” screen limit-session source-ip-based 256
    set zone “Untrust” screen limit-session source-ip-based 256
    set zone “Untrust” screen limit-session destination-ip-based 256
    set interface “ethernet1” zone "Trust"
    set interface “ethernet3” zone "Untrust"
    set interface “ethernet2” zone "Untrust"
    set interface ethernet1 ip 192.168.2.9/24
    set interface ethernet1 nat
    set interface ethernet3 ip 10.0.0.108/29
    set interface ethernet3 route
    unset interface vlan1 ip
    unset interface vlan1 bypass-others-ipsec
    unset interface vlan1 bypass-non-ip
    set interface ethernet1 ip manageable
    set interface ethernet3 ip manageable
    set interface ethernet3 manage ping
    set interface ethernet3 manage ssh
    set interface ethernet3 manage ssl
    set interface ethernet3 manage web
    set interface ethernet2 manage ping
    set interface ethernet2 manage ssh
    set interface ethernet2 manage ssl
    set interface ethernet2 manage web
    set interface ethernet1 dhcp server service
    set interface ethernet1 dhcp server disable
    set interface ethernet1 dhcp server option gateway 192.168.1.1
    set interface ethernet1 dhcp server option netmask 255.255.255.0
    set interface ethernet1 dhcp server ip 192.168.1.33 to 192.168.1.126
    set flow tcp-mss
    unset flow tcp-syn-check
    set console timeout 0
    set domain byron.nsw.gov.au
    set hostname ns5gt-byron
    set failover auto

    set pki authority default scep mode "auto"
    set pki x509 default cert-path partial
    set dns host dns1 144.140.70.30
    set dns host dns2 172.16.16.18
    set dns host schedule 06:28
    set address Untrust “10.0.0.4/29” 10.0.0.4 255.255.255.248
    set address Untrust “172.16.16.0/16” 172.16.16.0 255.255.0.0
    set address Untrust “172.16.16.0/20” 172.16.16.0 255.255.240.0
    set address Untrust “172.16.33.0/20” 172.16.33.0 255.255.240.0
    set address Untrust “192.168.3.0/24” 192.168.3.0 255.255.255.0
    set ike respond-bad-spi 1
    unset ipsec access-session enable
    set ipsec access-session maximum 5000
    set ipsec access-session upper-threshold 0
    set ipsec access-session lower-threshold 0
    set ipsec access-session dead-p2-sa-timeout 0
    unset ipsec access-session log-error
    unset ipsec access-session info-exch-connected
    unset ipsec access-session use-error-log
    set traffic-shaping mode off
    set url protocol sc-cpa
    exit
    set policy id 6 from “Untrust” to “Trust”  “192.168.3.0/24” “Any” “ANY” permit log
    set policy id 6
    exit
    set policy id 3 from “Untrust” to “Trust”  “10.0.0.4/29” “Any” “ANY” permit log
    set policy id 3
    exit
    set policy id 1 from “Trust” to “Untrust”  “Any” “Any” “ANY” permit log
    set policy id 1
    exit
    set policy id 2 from “Untrust” to “Trust”  “172.16.16.0/20” “Any” “ANY” permit log
    set policy id 2
    exit
    set policy id 5 from “Untrust” to “Trust”  “172.16.33.0/20” “Any” “ANY” permit log
    set policy id 5
    exit
    set policy id 4 name “Default Deny” from “Untrust” to “Trust”  “Any” “Any” “ANY” deny log
    set policy id 4
    exit
    unset log module system level emergency destination snmp
    unset log module system level alert destination snmp
    unset log module system level critical destination snmp
    unset log module system level emergency destination syslog
    unset log module system level alert destination syslog
    unset log module system level critical destination syslog
    unset log module system level error destination syslog
    unset log module system level warning destination syslog
    unset log module system level notification destination syslog
    unset log module system level information destination syslog
    unset log module system level debugging destination syslog
    unset log module system level emergency destination webtrends
    unset log module system level alert destination webtrends
    unset log module system level critical destination webtrends
    unset log module system level notification destination webtrends
    unset log module system level emergency destination NSM
    unset log module system level alert destination NSM
    unset log module system level critical destination NSM
    unset log module system level error destination NSM
    unset log module system level warning destination NSM
    unset log module system level notification destination NSM
    unset log module system level information destination NSM
    unset log module system level debugging destination NSM
    set global-pro policy-manager primary outgoing-interface ethernet3
    set global-pro policy-manager secondary outgoing-interface ethernet3
    set nsmgmt bulkcli reboot-timeout 60
    set ssh version v2
    set ssh enable
    set config lock timeout 5
    set snmp port listen 161
    set snmp port trap 162
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    unset add-default-route
    set route 0.0.0.0/0 interface ethernet3 metric 10
    set route 10.0.0.96/29 interface ethernet3
    set route 0.0.0.0/0 interface ethernet1 gateway 192.168.2.1
    set route 172.16.16.0/20 interface ethernet3 preference 20
    set route 172.16.33.0/20 interface ethernet3 preference 20
    set route 192.168.3.0/24 interface ethernet3 preference 20
    exit
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    exit



  • Configs would help.  But first, are you using NAT?  Also have you tried disabling the SQL ALG to test?  To unset the alg enter command unset alg sql.


 

20
Online

38.4k
Users

12.7k
Topics

44.5k
Posts