IP Options filtering
- From: "e_zverev" <ezverev@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 29 Jun 2005 04:07:04 -0700
Hi,
This seems to be the last "black area" for me in the ISA 2004 configuration.
Actually I have several questions concerning the options configured in
“<Server>/Configuration/General/Define IP Preferences” dialog.
Let me qualify a situation. I have “IP Options filtering” enabled. “Deny
packets with the selected IP options” mode is chosen. Several options like
option 68 (Time Stamp) are selected as it is done by default.
Did I get it right that ISA server does block any inbound or outbound IP
packets that have mentioned options filled?
I tried to find some information on the purpose for these IP Options and I
did find some. For example on
http://www.networksorcery.com/enp/protocol/ip.htm
Could anybody comment?
1. Why do I see only a very limited list of IP options in IP Options
filtering?
2. Why are other options listed as undefined and untitled when I ask to list
them anyway?
3. What is a possible reason to prohibit IP options? Are there any standard
situations in which I should change the default settings?
4. I have found only a single criterion for the default setting. Those
options that have variable length by definition are banned by default. Is
this the reason?
5. Is there a way to see the effect of the IP Options filtering? Is it
logged in the firewall log? How do I distinguish these records?
Thanks in advance.
--
Eugene U. Zverev,
System Administrator
.
- Prev by Date: Enabling LCS 2005 Voice Communication Through ISA 2004
- Next by Date: Multiple SSL Publishing Rules on ISA 2004
- Previous by thread: Enabling LCS 2005 Voice Communication Through ISA 2004
- Next by thread: Multiple SSL Publishing Rules on ISA 2004
- Index(es):
Relevant Pages
|
