Re: "Opening ports"
- From: "Gary S. Terhune" <grystnews@xxxxxxxx>
- Date: Fri, 22 Sep 2006 18:07:39 -0700
OK, I figured it out. Something simple that I simply didn't grok. My first
experience with ISA.
I looked at the log entries again, and while the *protocol* was
PartsExpress5656, the rule that was being applied to deny access was the SBS
Internet Access rule, which ended up being applied before the new
PartsExpress rule. Once I moved the SBS Internet Access Rule down to come
just before the Default Rule (deny all traffic), the app's update now works.
--
Gary S. Terhune
MS MVP Shell/User
"Gary S. Terhune" <grystnews@xxxxxxxx> wrote in message
news:OZk9Mmq3GHA.1568@xxxxxxxxxxxxxxxxxxxxxxx
Well, that's what I thought it should look like. But even with things setas
From=Internal & Local Host, To=External Protocol allow TCP port 5656IP),
outbound, it's denied access. When filtering log on port 5656, I noticed
that the Client IP of entries is our external IP, so I filtered on that
instead. The only things that show up involve the PartsExpress5656 rule:
Destination IP=(partsexpress247.com), port=5656, Client IP=(our public
Action=Denied connection.haven't
--
Gary S. Terhune
MS MVP Shell/User
"Phillip Windell" <@.> wrote in message
news:OBq9N6p3GHA.696@xxxxxxxxxxxxxxxxxxxxxxx
Assuming there isn't anything "weird" with it that I don't knowabout,..the
rule would be like this:see
Create Protocol:
Name: PartsExpress5656
Port Range: 5656 - 5656 (start/end number same = single number)
Direction: Outbound
Create Domain Name Set (unless you wish to use "External")
Name: PartsExpress247
Domain name: "partsexpress247.com"
Create Access Rule
Name: Parts Express 247
Source: Internal (if App runs from the SBS, use "LocalHost")
Destination: External or use "PartsExpress" (the Domain Name Set)
Protocol: "PartsExpress5656"
Users: "All Users" (= "anonymous", and may be required here)
If it fails, go the the Live Log in the Monitoring section and set the
filter to only show traffic from the specific Client then try again and
what it shows. The may be other hidden Domain Names and ports that
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.docbeen disclosed to you.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://www.microsoft.com/technet/prodtechnol/isa/2004/deploy/dgisaserver.mspx
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
http://www.microsoft.com/isaserver/techinfo/Guidance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Deployment Guidelines for ISA Server 2004 Enterprise Edition
do-----------------------------------------------------
"Gary S. Terhune" <grystnews@xxxxxxxx> wrote in message
news:e3WyIup3GHA.836@xxxxxxxxxxxxxxxxxxxxxxx
Yeah, yeah, I know that's not exactly how it's done in ISA, but what
Ibut
smalldo
with the following?
ISA 2004 Standard on SBS 2003 machine. Primary application for this
aircraft shop is a specialized shop management app, .Net something or
other
using a SQL database. App needs to update on a fairly regular basis,
outboundthe
update is manual.
The update fails from behind ISA 2004. If I disable the firewall, the
update
goes through. Best the tech has given me suggests that port 5656
should be opened, that it's seeking "partsexpress247.com,5656, using
ADO.NET
(.Net 1.1) to connect to our SQL server to check version."
Any assistance would be greatly appreciated. I can't quite connect the
dots.
--
Gary S. Terhune
MS MVP Shell/User
.
- References:
- "Opening ports"
- From: Gary S. Terhune
- Re: "Opening ports"
- From: Gary S. Terhune
- "Opening ports"
- Prev by Date: Re: "Opening ports"
- Next by Date: RE: Windows Live Messenger Blocking
- Previous by thread: Re: "Opening ports"
- Next by thread: Re: "Opening ports"
- Index(es):
Relevant Pages
|
