Re: Accesing specialy IP no not work
- From: "Sergio Fonseca [MVP]" <fonsecase@xxxxxx>
- Date: Tue, 5 Apr 2005 23:05:56 +0100
Hi Vic,
OK, I should understood before but do you have any systems of your on the
Samlink network?
If the systems where you want to allow communications are systems on the
internet do not create a network, just specify the subnet when you are
building the rule.
Qualquer sugestão deve ser testada antes de aplicada - www.gupade.org
"Vic" <Vic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7454A7EC-35BF-4113-BB5C-94EFFAE0F2DF@xxxxxxxxxxxxxxxx
> Samlink is network object
>
> "Sergio Fonseca [MVP]" wrote:
>
>> Hi Vic,
>>
>> So the problem is in did with the destination "Samlink"...
>> The "Samlink" object is a network or just a subnet that you have created
>> when you were building the "Access to Samlink rule"?
>>
>>
>> Qualquer sugestão deve ser testada antes de aplicada - www.gupade.org
>>
>> "Vic" <Vic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:A92C5615-9EA1-491F-80D1-DE0876B0757C@xxxxxxxxxxxxxxxx
>> > Thanks Sergio
>> >
>> > Main Internet Access rule
>> > Protocols: FTP,HTTP,HTTPS
>> > From: Internal
>> > To: External
>> > All Users
>> >
>> > Main rule allow only those protocols for regular Internet use.
>> > All exceptions is having own targeted rules.
>> >
>> >
>> > "Sergio Fonseca [MVP]" wrote:
>> >
>> >> Hi Vic,
>> >>
>> >> I´m a little lost here about the differences between the "main
>> >> Internet
>> >> Access rule" and the "Access to Samlink rule". Can you describe the
>> >> "main
>> >> Internet Access rule" also please?
>> >>
>> >>
>> >> Qualquer sugestão deve ser testada antes de aplicada - www.gupade.org
>> >>
>> >> "Vic" <Vic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:ABA9B090-DB92-482F-9316-0C6CFE075B6C@xxxxxxxxxxxxxxxx
>> >> > Note than SAMLINK is loceted somewhere on Internet
>> >> >
>> >> >> Try copy/paste the rule "Internet Access rule" and change to
>> >> >> allowing
>> >> >> all
>> >> >> outbound protocols. It works?
>> >> > Yes it works if Internet Access rule is having all outbound
>> >> > protocols
>> >> >
>> >> > There on Internet is some known and "trusted" IP addresses to where
>> >> > i
>> >> > will
>> >> > allow all kind of protocols.
>> >> >
>> >> > The main thing is than i did not get that kind of rule to workking
>> >> >
>> >> >
>> >> >>
>> >> >> Can you describe in detail the "main Internet Access rule" and the
>> >> >> "Samlink
>> >> >> rule" ?
>> >> >>
>> >> >> I will presume that the source systems are in the Internal network,
>> >> >> so
>> >> >> the
>> >> >> systems:
>> >> >> - In the "Samlink" are using the IP of the ISA of this network on
>> >> >> the
>> >> >> gateway?
>> >> >> - In Internal Net are using the IP of the ISA of this network on
>> >> >> the
>> >> >> gateway?
>> >> >>
>> >> >> Qualquer sugestão deve ser testada antes de aplicada -
>> >> >> www.gupade.org
>> >> >>
>> >> >> "Vic" <Vic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> news:5089B46E-B5C4-4706-8087-4B2FAC9A66FB@xxxxxxxxxxxxxxxx
>> >> >> > Work history:
>> >> >> > 1. I made Network named Samlink, IP address was that
>> >> >> > 195.237.xxx.xxx
>> >> >> > 2. I made a rule named Access to Samlink:
>> >> >> > a. -all outbound protocolls
>> >> >> > b. - from Internal
>> >> >> > c. - To Samlink
>> >> >> > d. - All Users
>> >> >> >
>> >> >> > That New rule is first rule on the top
>> >> >> > (Here i was wating synced contitions after applying)
>> >> >> > Then i started quering and trying to connect to Samlink with my
>> >> >> > client
>> >> >> >
>> >> >> > Quering said allways from Internal to Samlink is Denied
>> >> >> > connection
>> >> >> > (It's not seeing that allowing rule at all)
>> >> >> >
>> >> >> > If i change my main Internet Access rule (normaly only
>> >> >> > HTTP,HTTPS,FTP
>> >> >> > are
>> >> >> > allowed) to allowing all outpound protocols, then everything work
>> >> >> > fine
>> >> >> >
>> >> >> > I would like to have all allowing rule to the known/trusted IP
>> >> >> > address.
>> >> >> >
>> >> >> > "Sergio Fonseca [MVP]" wrote:
>> >> >> >
>> >> >> > > Hi Vic,
>> >> >> > >
>> >> >> > > What are you trying to access and what Denied do you receive?
>> >> >> > >
>> >> >> > > Qualquer sugestão deve ser testada antes de aplicada -
>> >> >> > > www.gupade.org
>> >> >> > >
>> >> >> > > "Vic" <Vic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> > > news:B181C2C6-586B-47F1-BE86-7B3ECA1EF7B1@xxxxxxxxxxxxxxxx
>> >> >> > > > Sorry, They are Secure Nat clients
>> >> >> > > >
>> >> >> > > > "Sergio Fonseca [MVP]" wrote:
>> >> >> > > >
>> >> >> > > > > Hi,
>> >> >> > > > >
>> >> >> > > > > You clients are "WebProxy Clients", "Firewall Clients" or
>> >> >> "SecureNate
>> >> >> > > > > Clients" ?
>> >> >> > > > >
>> >> >> > > > > Qualquer sugestão deve ser testada antes de aplicada -
>> >> >> www.gupade.org
>> >> >> > > > >
>> >> >> > > > > "Vic" <Vic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> > > > > news:A8A86E9C-00BC-4843-8E73-9D2CD769D804@xxxxxxxxxxxxxxxx
>> >> >> > > > > > ISA 2004 EE, firewall rule do not work from internat to
>> >> >> > > > > > external
>> >> >> IP.
>> >> >> > > > > > I like to allow all ports and protocols to that IP
>> >> >> > > > > > address.
>> >> >> > > > > > Now i must have all outbound protocols open to Access
>> >> >> > > > > > internet.
>> >> >> > > > > > Normaly i would like to have only HTTP,HTTPS and FTP open
>> >> >> > > > > > on
>> >> >> regular
>> >> >> > > rule.
>> >> >> > > > > > I like open exceptions with special rules - each.
>> >> >> > > > > >
>> >> >> > > > > > "Sergio Fonseca [MVP]" wrote:
>> >> >> > > > > >
>> >> >> > > > > > > Hi,
>> >> >> > > > > > >
>> >> >> > > > > > > ISa2004? Web clients or firewall clients?
>> >> >> > > > > > >
>> >> >> > > > > > > Qualquer sugestão deve ser testada antes de aplicada -
>> >> >> > > www.gupade.org
>> >> >> > > > > > >
>> >> >> > > > > > > "Vic" <Vic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> >> > > > > > > news:9073ECC3-43B0-4965-8DD5-AACF21CACE85@xxxxxxxxxxxxxxxx
>> >> >> > > > > > > > I like to access all traffic to specialy IP
>> >> >> > > > > > > > 195.237.xxx.xxx
>> >> >> (any
>> >> >> > > port
>> >> >> > > > > and
>> >> >> > > > > > > any
>> >> >> > > > > > > > protocols).
>> >> >> > > > > > > > (It's our Bank IP used by our bank program from
>> >> >> > > > > > > > couple
>> >> >> clients)
>> >> >> > > > > > > >
>> >> >> > > > > > > > I created first a new Network with that IP address
>> >> >> > > > > > > > and
>> >> >> > > > > > > > also
>> >> >> > > > > > > > i
>> >> >> made
>> >> >> > > a
>> >> >> > > > > rules
>> >> >> > > > > > > > where all outbounds protocols are allowed from
>> >> >> > > > > > > > internal
>> >> >> > > > > > > > to
>> >> >> that
>> >> >> > > > > network
>> >> >> > > > > > > name.
>> >> >> > > > > > > >
>> >> >> > > > > > > > After that all traffic to that IP adress was Denied
>> >> >> > > > > > > > !!?
>> >> >> > > > > > > > No mather where to rules is up or down.
>> >> >> > > > > > > >
>> >> >> > > > > > > > Where i made mistake?
>> >> >> > > > > > > >
>> >> >> > > > > > > >
>> >> >> > > > > > >
>> >> >> > > > > > >
>> >> >> > > > > > >
>> >> >> > > > >
>> >> >> > > > >
>> >> >> > > > >
>> >> >> > >
>> >> >> > >
>> >> >> > >
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
.
- References:
- Re: Accesing specialy IP no not work
- From: Vic
- Re: Accesing specialy IP no not work
- From: Sergio Fonseca [MVP]
- Re: Accesing specialy IP no not work
- From: Vic
- Re: Accesing specialy IP no not work
- From: Sergio Fonseca [MVP]
- Re: Accesing specialy IP no not work
- From: Vic
- Re: Accesing specialy IP no not work
- Prev by Date: Re: ISA 2000 kills IE when trying to access web camera
- Next by Date: ISA 2004 Web Publishing - Sharepoint Portal Server issues
- Previous by thread: Re: Accesing specialy IP no not work
- Next by thread: Re: Accesing specialy IP no not work
- Index(es):
Relevant Pages
|
