Re: packet filters just dont apply?

• Previous message: Tony Su: "Is this possible with ISA"
• In reply to: Phillip Windell: "Re: packet filters just dont apply?"
• Next in thread: Phillip Windell: "Re: packet filters just dont apply?"
• Reply: Phillip Windell: "Re: packet filters just dont apply?"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 27 May 2004 10:17:49 +0400

Just to be "totally" accurate ;)
In fact packet filters are able to affect clients traffic, but only if they
are the deny packet filters. If you create packet filter that drops any
tcp/25 packet in both directions, your internal clients (and the server, of
course) will not be able to send or get SMTP traffic at all.
In contrast with static IP packet filters that are the only way to allow the
ISA server itself access the internet, clients internet access is allowed
via dynamically created packet filters that are based on protocol and
site&content rules.

Regards,
Andrew

"Phillip Windell" <@.> wrote in message
news:usW3BT0QEHA.3660@TK2MSFTNGP10.phx.gbl...
> "Enyalius" <anonymous@discussions.microsoft.com> wrote in message
> news:12c6201c44342$dda5ce30$a301280a@phx.gbl...
> > From what I have read packet
> > filters should apply to all computers behind the ISA
> > firewall, but apparently they dont.
>
> No they don't. Machines behind ISA are controlled by the other "services"
> of ISA which are 100 times more secure than just simple packet filters.
> Packet filters are the lowest & weakest level of security in an ISA
> environment, hence are only used in the much smaller "realm" of
Applications
> on the ISA box itself or on the DMZ interface of a Tri-Homed DMZ.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>
>

• Previous message: Tony Su: "Is this possible with ISA"
• In reply to: Phillip Windell: "Re: packet filters just dont apply?"
• Next in thread: Phillip Windell: "Re: packet filters just dont apply?"
• Reply: Phillip Windell: "Re: packet filters just dont apply?"
• Messages sorted by: [ date ] [ thread ]