Is Our ISA2004 Compromised?

From: "W" <persistentone@xxxxxxxxxxxxxx>
Date: Fri, 17 Sep 2010 20:17:21 -0700

We have an ISA2004 firewall that has been fully debugged and working for
many years. I needed to block all traffic going to a subnet
64.156.192.0/22. I created both a subnet with that parameter and
separately created an address range 64.156.192.0 to 64.156.192.255. I
then made rule #1 on the ISA firewall:

DENY
ALL Traffic Types
From ALL Networks
To the subnet and address range as specified above
ALL Users

After Applying the rule change, the rule is simply being ignored. A
sniffer clearly shows the traffic continues right past the firewall as if
nothing has happened. The ISA Monitor shows the traffic going through, and
it references a rule way down in the ruleset that approves the traffic.
Rule #1 simply gets ignored.

What would cause this?

--
W

.

Follow-Ups:
- Re: Is Our ISA2004 Compromised?
  - From: W

Next by Date: Re: Is Our ISA2004 Compromised?
Next by thread: Re: Is Our ISA2004 Compromised?
Index(es):
- Date
- Thread

Relevant Pages

Re: Cant connect using RDP from one spot but can from another
... If its the XP SP2 Windows Firewall its possible the firewall is configured to only allow access from its subnet versus from any IP... ... > How to Setup Windows, Network, VPN & Remote Access on> http://www.HowToNetworking.com ...
(microsoft.public.windowsxp.network_web)
Re: What am I missing? (Net View issues)
... assuming you can't map ip or hostname, do you have a firewall blocking the ... Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on ... > The primary w2003 network is on the 16.0/255 subnet. ... I have been able to map to this particular ...
(microsoft.public.windows.server.networking)
Re: [OT ish] Router vs Firewall - corporate environment
... We're in the process of planning to split up our corporate network - ... ie, a subnet for servers, one for users, one for admins etc etc. ... buying a firewall to do this. ... should not be able to get past a good stateful firewall setup. ...
(Security-Basics)
Re: adding new ip range to fw-1
... Remember you are ADDING another subnet. ... -- My first problem was that the internet facing router had not been ... My firewall is a nokia ip with ng ai r55. ... Did you add the subnet to a new DMZ interface? ...
(comp.security.firewalls)
Re: Limit the Remote desktop connection
... Your IP Sec Policy is better i think as we can customize on our own. ... and enter your local subnet. ... Open Control Panel and launch Windows Firewall to ... Create an IP Security policy that only permits your ...
(microsoft.public.windows.terminal_services)