Re: server config for fw client?

You have to pretty much remove "ports" from your vocabulary if you want to
understand ISA.

You create Protocols Definitions, not ports.
You then create Access Rules or Publishing Rule to give permissions to the
Protocol Definitions.

When Creating the Protocol Def, it will ask for a port range,...I have never
yet, ever used a range for an initial connection. 99.999% of the time it is a
single port#,...just make the beginning number and the end number the same
thing. Most of the time there are no Secondary Connections. The response back
to the Random Client Port (source port) is not considered a Secondary
Connection.

The first two links in my signature may be useful.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------

"MattK" <MattK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FE346836-38BF-4E3F-88EC-341131175FBC@xxxxxxxxxxxxxxxx
We have just built a ISA 2006 standard server; we would like to use it for
proxy, as well as utilize the firewall client for custom or non-proxyable
ports. The proxy is working, but we haven't found any good documentation for
setting up the ISA server itself to let the firewall client to be used for
those custom ports. Can someone point me to the right direction, or give me
a sample how-to on enable the firewall client to work with a custom port (ie,
we are trying to get it to work with tcp31303)

thanks



.

Relevant Pages

  • Re: ServU-deamon trojan warning with McAfee
    ... Wenn we went to a> ADSL connection we called in the pro's to make ISA safe. ... It will give you windows based> interface to all your connections with ports, protocol, pids, processes and> directories. ... >>> trojan on my system has occured. ... My logs and my ISP's logs don't>>> suggest our server has been misused, because there isn't any traffic to>>> show ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: When do I choose for OUTBOUND or INBOUND in a protocol?
    ... Ori YosefiISA Server Team ... > tab I only checked the external network. ... >> If you want to allow access to iSpQ on the internal network, you should>> create a publishing rule that publishes these ports to the external> network. ...
    (microsoft.public.isa)
  • Re: ServU-deamon trojan warning with McAfee
    ... This PLAIN and SIMPLE shouldn't happen in an ISA controlled ... A NETSTAT can reveal some information, ... listening on that port and passes 'normal' traffic to my SMTP but also ... > only needed TCP ports listening. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: Audited an ISA 2000 - part I
    ... If ISA is removed and reinstalled, you lose all the rules, settings, etc. ... If you're able to run ISAINFO on the server and email me the text file ... >> from the Internet - it drops all packets. ... >>> and found the following ports opened, ...
    (microsoft.public.isaserver)
  • Re: When do I choose for OUTBOUND or INBOUND in a protocol?
    ... If you want to allow access to iSpQ on the internal network, ... create a publishing rule that publishes these ports to the external network. ... Please note that you can't have both your workstation and iSpQ on the ISA ... server listening to the same port. ...
    (microsoft.public.isa)
Loading