Re: Setting up an access rule

Tech-Archive recommends: Fix windows errors by optimizing your registry

I have the monitor logging properly now and it says

Denied Connection SCAS 1/3/2008 4:31:41 PM
Log type: Firewall service
Status:
Rule: SBS Internet Access Rule
Source: Local Host ( 192.168.2.2:21703)
Destination: External ( 91.192.52.56:2409)
Protocol: SPAMFighter 2409
User:
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 192.168.2.2
Client agent:

Not a lot to go on except Denied Connection. Any thoughts on where to go
with this?

Thanks

"Richard" wrote:

Ok, I found where to create the computer objects.

"Jim Harrison (ISA SE)" wrote:

1. Create two Computer objects
Computer1: IP 91.192.52.56
Computer2: IP 91.192.52.229

For the UDP:2409 traffic:
2. Create a custom protocol as
Name: ApplicationName
Primary connection: UDP:2409
Transport: UDP
Direction: Send-Receive
3. Create an access rule as
Name: ApplicationName
Protocol: ApplicationName
From: LocalHost
To: Computer1
User: All Users

For the TCP:80 traffic:
4. Create an access rule as
Name: HTTP from ISA to Computer2
Protocol: HTTP
From: LocalHost
To: Computer1
User: All Users

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Richard" <Richard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:90A8E775-6730-41BD-84EC-03C825775CC6@xxxxxxxxxxxxxxxx
I'm trying to configure rules to accomplish the following:

Mode Local computer Remote computer Protocol Direction Local Port Remote
Port
Allow Default external IP address 91.192.52.56 UDP Both Dynamic 2409
Allow Default external IP address 91.192.52.229 TCP Both Dynamic 80

I think I can do this with two rules. When I setup the first rule I specify
as follows:

Action - Allow
Protocols - All Outbound Traffic - Ports - 2409
From - Internal
To - External

I'm confused where I setup protocol, specify both directions, and specify
the external ip address.

Do I need four rules to accomplish this?

Tnx in advance,
Richard



.

Relevant Pages

  • Re: open port 8443
    ... So as well as an Access Rule that Allows this "protocol" (the SBS Internet Access rule will probably cover it, but you should define a protocol for it, so that it shows up in the logging properly), you need to tell ISA ... Steve Foster [SBS MVP] ...
    (microsoft.public.windows.server.sbs)
  • Re: Setting up an access rule
    ... I've set up ISA Monitor to watch for failed connections, ... and destination port = 2409 and nothing is showing up. ... Create an access rule as ... HTTP from ISA to Computer2 ...
    (microsoft.public.isa.configuration)
  • Site-to-site and required allowed protocols
    ... access rule between these networks. ... The event in EventLog is something like "connection ... What protocol are REQUIRED to be allowed in firewall ... but branch office is distant from my office and I need to drive here ...
    (microsoft.public.isa.vpn)
  • PC Anywhere Outbound
    ... I have created a protocol in the Toolbox with the following information: ... SECONDARY CONNECTIONS ... I then create a new Access Rule that Allows the Protocol from Internal ... These are both on the port 5632. ...
    (microsoft.public.isa.clients)
  • PC Anywhere Outbound
    ... I have created a protocol in the Toolbox with the following information: ... SECONDARY CONNECTIONS ... I then create a new Access Rule that Allows the Protocol from Internal ... These are both on the port 5632. ...
    (microsoft.public.isaserver)