RE: ISA 2000 - Open Remote Port
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Thu, 25 Aug 2005 05:12:10 GMT
Dear Adam:
Thank you for your reply. I am glad to hear the problem has been resolved!
That's cool! :)
Please don't worry about it that the port is only opened for outbound
traffic, which means external attack cannot go through this port since they
are inbound traffic. As you can see, ISA can fully and perfectly protect
your network. :)
Hope the clarification addresses your concern.
Again, thank you for using newsgroup. If you encounter any questions in the
future, please submit post in the newsgroup, I am standing by to help you.
Enjoy your day Adam!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: ISA 2000 - Open Remote Port
| thread-index: AcWpLfEL63WZplFLRLSOnGa21KwG5Q==
| X-WBNR-Posting-Host: 218.214.32.17
| From: "=?Utf-8?B?QWRhbSBIdWRzb24=?="
<AdamHudson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <eOJcfm5pFHA.2416@xxxxxxxxxxxxxxxxxxxx>
<Gt4s$DJqFHA.472@xxxxxxxxxxxxxxxxxxxxx>
<3386ACC1-CDEB-4012-909B-73EE7B7C9BB6@xxxxxxxxxxxxx>
<nEFIYXRqFHA.3680@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: ISA 2000 - Open Remote Port
| Date: Wed, 24 Aug 2005 21:32:03 -0700
| Lines: 315
| Message-ID: <E5E35FDA-B6AB-4668-A8CA-E6FFF2D802A1@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147619
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Edward
|
| This worked. Thank-you very much for your help.
|
| Now that this port is enabled and I can access the website I am after,
does
| this mean that I can be hacked on that port by someone externally? Have I
| opened myself up to any outside attacks by allowing port 19638 to be open?
|
| Regards
|
| Adam
|
|
| "Edward Tian" wrote:
|
| > Dear Adam:
| > Thank you for you reply!
| >
| > You can perform the following steps to add this VBscript file:
| > 1. On the SBS box, create a new Text Document file such as script.txt.
| >
| > 2. Edit this file, and paste the content of the script into it.
| > For example:
| >
| > set isa=CreateObject("FPC.Root")
| > set
| >
tprange=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
| > set tmp=tprange.AddRange("SSL 19638", 19638, 19638)
| > tprange.Save
| >
| > 3. Save the changes, and rename it to script.vbs. (You will notice the
icon
| > will be changed to another type)
| >
| > 4. Double click this .vbs file to run the script. (If you run it twice,
you
| > will receive an error information)
| >
| > Hope it helps. Please feel free to let me know if you have any
questions or
| > concerns.
| >
| > Have a nice day! :)
| >
| > Best Regards
| > Edward Tian(MSFT)
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| >
| > --------------------
| > | Thread-Topic: ISA 2000 - Open Remote Port
| > | thread-index: AcWpCQ865aSc1RUXQz+8Qg+pvCx5lg==
| > | X-WBNR-Posting-Host: 218.214.32.17
| > | From: "=?Utf-8?B?QWRhbSBIdWRzb24=?=" <Adam
| > Hudson@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <eOJcfm5pFHA.2416@xxxxxxxxxxxxxxxxxxxx>
| > <Gt4s$DJqFHA.472@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: ISA 2000 - Open Remote Port
| > | Date: Wed, 24 Aug 2005 17:08:02 -0700
| > | Lines: 181
| > | Message-ID: <3386ACC1-CDEB-4012-909B-73EE7B7C9BB6@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147544
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Hi Edward
| > |
| > | I think the problem would be solved by doing step one. I do get a
blank
| > page
| > | when trying to view this website as it is a ssl connection. I have
looked
| > at
| > | the microsoft article on this and I cannot work out where I am meant
to
| > enter
| > | the VBScript in. All I need to do is change the port number in the
| > example
| > | given on the microsoft support page (283284). I just cant find the
place
| > in
| > | ISA2000 to enter this in to allow the port to be used.
| > |
| > | Thanks in advance for your help.
| > |
| > | Regards
| > |
| > | Adam
| > |
| > | "Edward Tian" wrote:
| > |
| > | > Dear Adam:
| > | > Thank you for posting here.
| > | >
| > | > From your description, I understand that you want to access an
outside
| > | > website from the internal client through ISA2000, and port 19638 is
| > used
| > | > for communication. If I have misunderstood, please feel free to let
me
| > know.
| > | >
| > | > Before we go any further, please help to confirm the following
| > information:
| > | >
| > | > 1. Is this website a SSL site (like https://www.abc.com, not
| > | > http://www.abc.com )? If so, there is a known issue when we view a
SSL
| > | > website on the internet by using a port other than 443. Please
refer to
| > | > this article and follow the steps to resolve this issue:
| > | > Blank page or page cannot be displayed when you view SSL sites
through
| > ISA
| > | > Server
| > | > http://support.microsoft.com/?id=283284
| > | >
| > | > 2. Do you configure all the internal clients as both the Web Proxy
| > client
| > | > and Firewall client?
| > | > To be a Web Proxy client, please open IE, click Tools->Internet
| > Options,
| > | > and click Connections->LAN Settings, configure ISA server as your
Proxy
| > | > server (you can enter either the computer name or the internal IP
of
| > the
| > | > ISA server, port 8080 by default.)
| > | >
| > | > To be a Firewall client, the workstation needs to have the ISA
Firewall
| > | > Client software installed.
| > | >
| > | > 3. Have you run CEICW Wizard? The wizard can help us configure the
| > | > networking settings for a SBS server. It automatically creates the
ISA
| > | > rules for internet access. I recommend you re-run this Wizard.
| > | > Open Server Management console, navigate to 'To Do List' and click
| > 'Connect
| > | > to the internet' in the right panel. You can refer to following KB
| > article
| > | > for detailed information:
| > | >
| > | > 825763 How to configure Internet access in Windows Small Business
| > Server
| > | > 2003
| > | > http://support.microsoft.com/?id=825763
| > | >
| > | > 4. Does this problem occur on all the internal clients?
| > | >
| > | > Please also help me gather more information for analysis:
| > | > 1. Help to gather the ISA Logs:
| > | >
| > | > 1) Open ISA Management, and then point to Monitoring Configuration
|
| > Logs
| > | >
| > | > 2) Double click ISA Server Firewall Service in the right pane,
click to
| > | > select Enable Logging for this service, click Fields tab, click
Select
| > All,
| > | > and then click OK.
| > | >
| > | > 3) Please repeat Step 2) to enable logging IP Packet Filter and Web
| > Proxy
| > | > Services.
| > | >
| > | > 4) Run command "net stop isactrl" (without the quotation marks) to
stop
| > all
| > | > ISA Services.
| > | >
| > | > 5) Backup all files in the folder C:\Program Files\Microsoft ISA
| > | > Server\ISALogs, and then delete them.
| > | >
| > | > 6) In ISA Management | <server name> | Monitoring | Services, start
all
| > ISA
| > | > services.
| > | >
| > | > 7) Reproduce the issue.
| > | >
| > | > 8) Wait for about 3 minutes, and then send me that day's firewall,
web
| > | > proxy and IP Packet filter log in C:\Program Files\Microsoft ISA
| > | > Server\ISALogs. You can compress logs into .zip file. If
compressed
| > file
| > | > size is larger than 5 M, please let me know so that I can create a
site
| > for
| > | > you to upload the file:
| > | >
| > | > Firewall log: FWSEXTDyyyymmdd.log
| > | > Web Proxy log: WEBEXTDyyyymmdd.log
| > | > IP Packet Filter log: IPPEXTDyyyymmdd.log
| > | >
| > | > Please also let me know the IP address of the client/server.
| > | >
| > | > To collect ISA logs, refer to:
| > | >
| > | > 302372 HOW TO: Configure Logging in Internet Security and
Acceleration
| > | > Server
| > | > http://support.microsoft.com/?id=302372
| > | >
| > | > 2. Help to gather the ISAinfo:
| > | > You can download this utility from:
| > | > http://www.isatools.org/isainfo.vbe
| > | > Run it on the ISA server. Then attach the ISAINFO report to me at
your
| > | > convenience.
| > | >
| > | > You can send ISAinfo and ISA logs directly to my mailbox:
| > | > v-edtian@xxxxxxxxxxxxx
| > | >
| > | > Thanks for your time and cooperation. Please feel free to let me
know
| > if
| > | > you have any questions or concerns.
| > | >
| > | > Have a nice day! :)
| > | >
| > | > Best Regards
| > | > Edward Tian(MSFT)
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | > ======================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | > ======================================================
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | >
| > | > --------------------
| > | > | From: "Adam Hudson" <abmhudson@xxxxxxxxxxx>
| > | > | Subject: ISA 2000 - Open Remote Port
| > | > | Date: Tue, 23 Aug 2005 14:17:48 +1000
| > | > | Lines: 15
| > | > | X-Priority: 3
| > | > | X-MSMail-Priority: Normal
| > | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| > | > | X-RFC2646: Format=Flowed; Original
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| > | > | Message-ID: <eOJcfm5pFHA.2416@xxxxxxxxxxxxxxxxxxxx>
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | NNTP-Posting-Host: adsl-32-17.swiftdsl.com.au 218.214.32.17
| > | > | Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:146878
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Hi
| > | > |
| > | > | I am trying to get port 19638 to work through ISA 2000. I have
SBS
| > 2003.
| > | > I
| > | > | need this to access an admin part of a website. It works fine on
a
| > | > computer
| > | > | connected directly to the internet but not if that computer is
then
| > | > connect
| > | > | to the server and needs to pass through ISA on the server to
access
| > the
| > | > net.
| > | > |
| > | > | I am sure you need to put in some rule to allow access in and out
on
| > this
| > | > | port but I cannot work out how to do this.
| > | > |
| > | > | Thanks in advance.
| > | > |
| > | > | Adam
| > | > |
| > | > |
| > | > |
| > | >
| > | >
| > |
| >
|
.
- References:
- ISA 2000 - Open Remote Port
- From: Adam Hudson
- RE: ISA 2000 - Open Remote Port
- From: Edward Tian
- RE: ISA 2000 - Open Remote Port
- From: Adam Hudson
- RE: ISA 2000 - Open Remote Port
- From: Edward Tian
- RE: ISA 2000 - Open Remote Port
- From: Adam Hudson
- ISA 2000 - Open Remote Port
- Prev by Date: RE: SharePoint
- Next by Date: Re: VPN Subnet Question- SBS2000
- Previous by thread: RE: ISA 2000 - Open Remote Port
- Next by thread: sbs2003 upgrade
- Index(es):
Relevant Pages
|
