RE: SBS2K3 Prem Symantec Security Gaeway

Tech-Archive recommends: Speed Up your PC by fixing your registry

Hi Keith,

It is nice to hear from you again.

To configure the port in the ISA 2004, please perform the following steps:

==== Create the Protocol Definitions
1. Start the ISA Management snap-in. To do so, click Start, point to
Programs, point to Microsoft ISA Server, and then click ISA Management.
2. Select Firewall Policy, In the right pane, click the Toolbox tab
3. In the Protocols area, click New, and then click Protocol.
4. In the Protocol definition name box, type a descriptive name for the
definition (for example, type "Symantec Security Gaeway"), and then click
Next.
5. In the Primary Connection Information dialog box, click New. In the
Protocol type list, click UDP. In the Direction list, click Send Receive
(do not click Receive Send). In the Port range box, type 500 in the From
box, type 500 in the To box, and then click OK.
6. Click new again, In the Protocol type list, click UDP. In the Direction
list, click Send Receive (do not click Receive Send). In the Port range
box, type 786 in the From box, type 786 in the To box, and then click OK.
7. Click new again, In the Protocol type list, click UDP. In the Direction
list, click Receive Send. In the Port range box, type 49152 in the From
box, type 50151 in the To box, and then click OK.
8. Click Next, when you are prompted if you want to use secondary
connections, click No, and then click Next. Click Finish.

==== Create an access rule
1. In ISA Server Management, click Firewall Policy in the left pane.
2. In the right pane, click the Tasks tab, and then click Create New Access
Rule.
3. In the Access rule name box, type a descriptive name for the access
rule, and then click Next.
4. In the Rule Action dialog box, click Allow, and then click Next.
5. In the This rule applies to list, click Selected protocols.
6. Click Add.
7. Expand User-Defined, click the protocol definition that you created
("Symantec Security Gaeway"), click Add, click Close, and then click Next.
8. In the Access Rule Sources dialog box, click Add.
9. Locate, and then click the network entity that you want to add, and then
click Add. For example, to permit access from the external network, expand
Networks, click External, and then click Add.
10. To add more than one network entity, repeat step 9 for each network
entity that you want to add, click Close, and then click Next.

Note Because ISA Server 2004 applies policies regardless of source network,
you may have to permit access from the internal network to the local host.
This depends on the specific access rules that you have defined.
11. In the Access Rules Destinations dialog box, click Add.
12. Expand Networks, click Local Host, click Add, click Close, and then
click Next.
13. In the User Sets dialog box, click Next if you want to leave the
default All Users user set option.

Note If you do not want the rule to apply to all users, click All Users
under This rule applies to requests from the following user sets, and then
click Remove.
14. To add a user set, click Add, locate and then click the user set that
you want to add, and then click Add.
15. To add more than one user set, repeat step 14 for each user set that
you want to add, click Close, and then click Next.
16. Click Finish.
17. Click Apply to save the changes and to update the firewall policy.


==== Do not forget to remove the ISA Firewall client software

Please feel free to let me know if you have any questions or if you need
further assistance. I'm glad to be of service.

Best regards,

Jerry Zhao (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.



.

Relevant Pages

  • Re: internet access
    ... OK - why are you using Isa? ... packet filter firewall. ... Again when you state "An access rule allows all ... addition to your 'route' network access rule, ...
    (microsoft.public.isa)
  • Re: NETWORK WITHIN NETWORK
    ... Only communication between different networks should traverse ISA Server, ... destination in an access rule that controls communication between two hosts ... in the same network. ...
    (microsoft.public.isa)
  • RE: Cannot create user groups from Active Directory objects
    ... If this is purely an Access Rule thing (RDC and Network Browse), ... Currently there is only the first DC and the ISA computers in the ... > the internet through the packet filter. ...
    (microsoft.public.isa.configuration)
  • Re: Access rule/Authentication problem in ISA 2004
    ... an access rule in ISA 2004, you see the name of the 'user set'. ... the details of the 'user set' you can see the AD users or group. ... on user authentication for ping and VPN that worked. ...
    (microsoft.public.isa)
  • User Sets; overview and administer problem
    ... When I look in a User Set I can see thee AD group and AD users. ... then it is also possible from AD to see what I user can do concerning ISA. ... Understanding the ISA 2004 Access Rule Processing ... Deployment Guidelines for ISA Server 2004 Enterprise Edition ...
    (microsoft.public.isa)