Re: Configure ISA to allow ISA Server to make external FTP Connection
From: Jim Harrison [MSFT] (jmharr_at_online.microsoft.com)
Date: 09/20/04
- Previous message: Stuart Mackie [MCP, MSP]: "Re: Configure ISA to allow ISA Server to make external FTP Connection"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: Configure ISA to allow ISA Server to make external FTP Connection"
- Next in thread: Miss Boyd: "Re: Configure ISA to allow ISA Server to make external FTP Connect"
- Reply: Miss Boyd: "Re: Configure ISA to allow ISA Server to make external FTP Connect"
- Reply: Stuart Mackie [MCP, MSP]: "Re: Configure ISA to allow ISA Server to make external FTP Connection"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 19 Sep 2004 18:39:10 -0700
Packet filters are ignorant of such niceties as "domains".
They know IP, protocol, direction and port.
You can limit the "remote" to a single IP address, though.
-- Jim Harrison [ISASE] Read the help, books and articles! This posting is provided "AS IS" with no warranties, and confers no rights. "Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> wrote in message news:OpXM3ipnEHA.2616@tk2msftngp13.phx.gbl... Hi Jim, thanks for the reply. Is there any way we can Configure ISA to allow the FTP connection but only to a particular domain ? From configuring the PF as per below this works perfectly, but it allows FTP connections to all external addresses. In terms of security I would really like to limit this to one particular domain e.g. *.windowsupdate.microsoft.com etc Is this possible ? -- Thanks, Stuart "Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message news:ObuMxDnnEHA.3072@TK2MSFTNGP09.phx.gbl... > Actually, the FTP server should be making the data connections to your ISA > from port 20, not to it. > FTP protocol allows the client/server pair to specify the ports they use. > Generally, you should configure the PF as: > > "FTP Control Out" > Protocol = TCP > Direction = Outbound > Local port =any > Remote port = 21 > > "FTP Data In" > Protocol = TCP > Direction = Inbound > Local port =any > Remote port = 20 > > -- > Jim Harrison [ISASE] > Read the help, books and articles! > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > > "Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com> > wrote in message > news:uWecWQdnEHA.3900@TK2MSFTNGP10.phx.gbl... > Hi. I am trying to configure ISA to allow the ISA Server itself to make > an > outgoing FTP connection to an external server and pull down an update > file. > We are using a .cmd script to do this and therefore cannot do any proxy > authentication. So far I have created a Packet filter to allow the > outgoing > FTP connection to Port 21, but since the server is behind a NAT router, > the > FTP server is responding back to our server's external nic on Port 20 and > is > therefore blocked. > > Is it possible to configure ISA to allow the outgoing connection from the > ISA server to the external server on port 21, and in combination with this > accept the incoming connection on Port 20 ? > > Also, currently I've configured the Packet Filter to allow the FTP > connection to go to any host. I would prefer to restrict which host but > have to do it by domain name rather than IP. Is this possible in > combination with the above Packet FIlter ? > > -- > Thanks for any help, > Stuart. > > >
- Previous message: Stuart Mackie [MCP, MSP]: "Re: Configure ISA to allow ISA Server to make external FTP Connection"
- In reply to: Stuart Mackie [MCP, MSP]: "Re: Configure ISA to allow ISA Server to make external FTP Connection"
- Next in thread: Miss Boyd: "Re: Configure ISA to allow ISA Server to make external FTP Connect"
- Reply: Miss Boyd: "Re: Configure ISA to allow ISA Server to make external FTP Connect"
- Reply: Stuart Mackie [MCP, MSP]: "Re: Configure ISA to allow ISA Server to make external FTP Connection"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
