Re: Setting up an access rule

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Yep - http://www.microsoft.com/technet/isa/2004/plan/firewall_policy.mspx

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Richard" <Richard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:048641F8-AAC9-43F1-98FB-7692F2574C54@xxxxxxxxxxxxxxxx
Jim, I had to move the access rules up in the list and everything came to
life. Is there an faq or wghitepaper I can read to understand the logic of
what I've done here?

Thanks for your help.

Richard

"Richard" wrote:

Ok Jim, I've set everything up as suggested and my communications still
fail.
I've set up ISA Monitor to watch for failed connections, allowed
connections
and destination port = 2409 and nothing is showing up. Any suggestion how
to
use ISA to trouble shoot this? I would at least expect to see some kind of
action for port 2409 in the monitor.,

I've also insured my Linksys router is allowing port 2409 & 80 traffic.

"Jim Harrison (ISA SE)" wrote:

1. Create two Computer objects
Computer1: IP 91.192.52.56
Computer2: IP 91.192.52.229

For the UDP:2409 traffic:
2. Create a custom protocol as
Name: ApplicationName
Primary connection: UDP:2409
Transport: UDP
Direction: Send-Receive
3. Create an access rule as
Name: ApplicationName
Protocol: ApplicationName
From: LocalHost
To: Computer1
User: All Users

For the TCP:80 traffic:
4. Create an access rule as
Name: HTTP from ISA to Computer2
Protocol: HTTP
From: LocalHost
To: Computer1
User: All Users

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"Richard" <Richard@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:90A8E775-6730-41BD-84EC-03C825775CC6@xxxxxxxxxxxxxxxx
I'm trying to configure rules to accomplish the following:

Mode Local computer Remote computer Protocol Direction Local Port
Remote
Port
Allow Default external IP address 91.192.52.56 UDP Both Dynamic 2409
Allow Default external IP address 91.192.52.229 TCP Both Dynamic 80

I think I can do this with two rules. When I setup the first rule I
specify
as follows:

Action - Allow
Protocols - All Outbound Traffic - Ports - 2409
From - Internal
To - External

I'm confused where I setup protocol, specify both directions, and
specify
the external ip address.

Do I need four rules to accomplish this?

Tnx in advance,
Richard




.

Relevant Pages

  • Re: Setting up an access rule
    ... I've set up ISA Monitor to watch for failed connections, ... and destination port = 2409 and nothing is showing up. ... Create an access rule as ... HTTP from ISA to Computer2 ...
    (microsoft.public.isa.configuration)
  • Re: AD Auth for standalone ISA in DMZ
    ... Jim Harrison (ISA SE) ... but when I try to add them to the access rule I get the ... until you change the authentication method of select a different user ...
    (microsoft.public.isa.configuration)
  • Re: acces rules
    ... LDAP users for access rules - can't do it; ... The ISA help covers this. ... "Jim Harrison " wrote: ... full is not valid for an access rule" is the critical point. ...
    (microsoft.public.isa)
  • Re: AD Auth for standalone ISA in DMZ
    ... configure using he Edge Firewall template (or Back-end Firewall if they ... Jim Harrison (ISA SE) ... but when I try to add them to the access rule I get the ...
    (microsoft.public.isa.configuration)
  • Re: Basic Help Required
    ... -Restarted all ISA services. ... > Jim Harrison ... > Read the help, books and articles! ...
    (microsoft.public.isaserver)