Re: opening ISA Ports

From: DL (DL_at_dl.com)
Date: 03/18/05 

Date: Fri, 18 Mar 2005 13:02:54 -0500

I will try this.

I am not trying to be secretive. I am waiting to hear back from support
regaring specifics. It is a credit card application to put payments into. I
understand why outbound is needed, no idea why inbound would be needed. I do
not know how it is connecting but trying to find out some more details.

thanks for the help so far. Much appreciated!

"Phillip Windell" <@.> wrote in message
news:u9lEew9KFHA.156@TK2MSFTNGP10.phx.gbl...
> "DL" <DL@dl.com> wrote in message
> news:WoCdnYAet9ifYaffRVn-tQ@speakeasy.net...
>> They gave me a port range for outbound traffic of 2100-4000
>> An inbound port of 8100
>>
>> A FQDN of xxx.xxx.net
>
> It's backwards. The Application must be the one initiating the connection,
> connections are initiated on a single outbound port.
>
> Protocol Definitions used for client applications are always a single port
> initial connections outbound, with inbound secondary connections that are
> often random ports within a range.
>
> Definitions with inital connections inbound (still single port) with
> ranges
> on the outbound side are for using in Publishing situations. For example,
> compare the FTP Definition (client) with the FTP Server Definition used
> for
> publishing an internal FTP Server to the outside. The Client FTP begins
> with oubound, but the FTP Server begins with inbound.
>
> Adjust the Definition to:
>
> Port: 8100
> Type: TCP
> Direction: Outbound
>
> Leave the Secondary Connection blank for now,...only add them later if you
> are forced to. The ISA Firewall Service is aware of the "statefullness" of
> packet traffic and may already be able to dynamically handle the Secondary
> Connection with intervention. But if it doesn't, then add the Secondary
> Connections.
>
> If it doesn't work after that, then you will have to stop being so
> "secretive" and dump all the information we need to solve this out on the
> table. I can't solve an unknown issue about an unknown application that
> connects to an unknown outside source in and unknown way for an unknown
> reason.
>
> --
>
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
>
>

Relevant Pages

  • RE: blocking IPs for FTP server
    ... With Port Sentry you can use the Advanced Stealth Scan Detection. ... blocking IPs for FTP server ... holding too many open connections. ...
    (Security-Basics)
  • RE: http-NO (mail,news,messenging..)-yes
    ... The Unknown P wrote: ... Fast connections do not equal fast throughput. ... I have the pc in my workshop, and No http port 80, but I ... I tried IE, Firefox, as well as the windows help system, no luck. ...
    (microsoft.public.windowsxp.general)
  • Re: Strange port 20/21 problem with Netgear RT314 Router
    ... >> The router probably assumes you're running an ftp server when you tell ... If it really is assuming that port 20 needs to be open for inbound TCP ... connections, then it's dopey. ... Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers. ...
    (comp.security.firewalls)
  • Re: Strange port 20/21 problem with Netgear RT314 Router
    ... > I'm trying to configure a relatively secure home FTP server that will only ... > accept connections from my work PC. ... > a filter rule that drops any port 21 packets NOT originating from my work IP ... > Things appeared to work well in that I could connect to the FTP server from ...
    (comp.security.firewalls)
  • Re: Two routers, two broadband connections
    ... "First, your FTP Server MUST be Active Mode, ... ranges for connections, ... Network Address Port Translation. ... Active Mode FTP Servers use TCP Ports 20 and 21. ...
    (comp.security.firewalls)
Loading