Re: ISA SP3 lockdown?

---

• From: DanaK <DanaK@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 2 Jan 2008 14:14:33 -0800

---

"...correcting ISA behavior..." Yes, I guess you could say that it does just
that. Once we got the extenal NIC addresses corrected AND shut the server
down once or twice the mail protocols began going thorough. Thanks.

Now I have to figure out why the ISA can't browse the internal network. It
wouldn't do this even before sp3. The server was joined to the network
before I installed ISA. I'll run the troubleshooting tool tomorrow and see
what else comes up.

Thanks to you both.
Dana

"Jim Harrison (ISA SE)" wrote:

This is an unsupported deployment.
SP3 helps you understand that by correcting ISA behavior in this regard.

--
Jim Harrison (ISA SE)

This posting implies no warranty and confers no rights.
http://catb.org/~esr/faqs/smart-questions.html



"DanaK" <DanaK@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ECD5017A-5A25-4A68-A494-3CB6E6D3D892@xxxxxxxxxxxxxxxx
Apparently ISA 2004's sp3 is much less forgiving when it comes to denying
protocol throughput. I must confess that I do not have a separate IP range
configured yet for my external NIC and am, thus, getting a regular notice of
such since I installed sp3 just in case that is the problem. I'm trying to
get clearance from the people that set up our Cisco firewall in our DMZ to
change that internal IP, though. They have yet to answer. However, prior
to
installing sp3 I could get e-mail protocols through the ISA with no problems
with just an "Allow All" rule for all protocols even though the internal
IP's
were the same. Since installing sp3 I've created the new e-mail protocol
rules but to no avail.

Even though I have "Allow" rules set up for all e-mail protocols - POP3
through SMTP Server AND an Allow All rule - ISA tells me in its log for
e-mail protocols that these connections are denied due to the Firewall's
Default Rule which denies access to everyone on any protocol. What's going
on with this?

.

---

• Follow-Ups:
  • Re: ISA SP3 lockdown?
    • From: Jim Harrison \(ISA SE\)

• References:
  • Re: ISA SP3 lockdown?
    • From: Jim Harrison \(ISA SE\)

• Prev by Date: Re: ISA SP3 lockdown?
• Next by Date: Re: ISA SP3 lockdown?
• Previous by thread: Re: ISA SP3 lockdown?
• Next by thread: Re: ISA SP3 lockdown?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ISA SP3 lockdown? ... It looks like "RDP over VPN" would be ... address for the PIX and external NIC on the ISA to another range. ... comes with RDP predefined in its list of protocols but neither it or any ... What's becoming clear ("I also added ICA, RDP Server, Rlogin and SSH ... (microsoft.public.isa) RE: ISA Question - Blocking Audio Streaming ... audio/video streaming in ISA 2000 and ISA 2004. ... If the rule is applying to all protocols, ... add the following protocols which are defined for Audio/Video to the list. ... (microsoft.public.windows.server.sbs) RE: ISA Question - Blocking Audio Streaming ... > audio/video streaming in ISA 2000 and ISA 2004. ... If the rule is applying to all protocols, ... > We only need to modify one of the access rules. ... > Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: ISA SP3 lockdown? ... AV server - this will require a single rule allowing whatever protocol ... "Browsing Network neighborhood using Windows Explorer" uses the Windows ... I can appreciate the need to multi-purpose the ISA, ... set up rules for its protocols so the ISA can be protected and updated. ... (microsoft.public.isa) Re: Prioritize HTTPS traffic? ... ISA 2000 to ISA 2004. ... protocols will not be possible in this environment? ... > ISA to increase priority of the HTTPS traffic. ... > protocols can have the highly priority when the Effective Bandwidth is ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa  > 2008-01