RE: ISA 2000 - Open Remote Port
- From: "Adam Hudson" <AdamHudson@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 24 Aug 2005 21:32:03 -0700
Hi Edward
This worked. Thank-you very much for your help.
Now that this port is enabled and I can access the website I am after, does
this mean that I can be hacked on that port by someone externally? Have I
opened myself up to any outside attacks by allowing port 19638 to be open?
Regards
Adam
"Edward Tian" wrote:
> Dear Adam:
> Thank you for you reply!
>
> You can perform the following steps to add this VBscript file:
> 1. On the SBS box, create a new Text Document file such as script.txt.
>
> 2. Edit this file, and paste the content of the script into it.
> For example:
>
> set isa=CreateObject("FPC.Root")
> set
> tprange=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
> set tmp=tprange.AddRange("SSL 19638", 19638, 19638)
> tprange.Save
>
> 3. Save the changes, and rename it to script.vbs. (You will notice the icon
> will be changed to another type)
>
> 4. Double click this .vbs file to run the script. (If you run it twice, you
> will receive an error information)
>
> Hope it helps. Please feel free to let me know if you have any questions or
> concerns.
>
> Have a nice day! :)
>
> Best Regards
> Edward Tian(MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> | Thread-Topic: ISA 2000 - Open Remote Port
> | thread-index: AcWpCQ865aSc1RUXQz+8Qg+pvCx5lg==
> | X-WBNR-Posting-Host: 218.214.32.17
> | From: "=?Utf-8?B?QWRhbSBIdWRzb24=?=" <Adam
> Hudson@xxxxxxxxxxxxxxxxxxxxxxxxx>
> | References: <eOJcfm5pFHA.2416@xxxxxxxxxxxxxxxxxxxx>
> <Gt4s$DJqFHA.472@xxxxxxxxxxxxxxxxxxxxx>
> | Subject: RE: ISA 2000 - Open Remote Port
> | Date: Wed, 24 Aug 2005 17:08:02 -0700
> | Lines: 181
> | Message-ID: <3386ACC1-CDEB-4012-909B-73EE7B7C9BB6@xxxxxxxxxxxxx>
> | MIME-Version: 1.0
> | Content-Type: text/plain;
> | charset="Utf-8"
> | Content-Transfer-Encoding: 7bit
> | X-Newsreader: Microsoft CDO for Windows 2000
> | Content-Class: urn:content-classes:message
> | Importance: normal
> | Priority: normal
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> | Newsgroups: microsoft.public.windows.server.sbs
> | NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147544
> | X-Tomcat-NG: microsoft.public.windows.server.sbs
> |
> | Hi Edward
> |
> | I think the problem would be solved by doing step one. I do get a blank
> page
> | when trying to view this website as it is a ssl connection. I have looked
> at
> | the microsoft article on this and I cannot work out where I am meant to
> enter
> | the VBScript in. All I need to do is change the port number in the
> example
> | given on the microsoft support page (283284). I just cant find the place
> in
> | ISA2000 to enter this in to allow the port to be used.
> |
> | Thanks in advance for your help.
> |
> | Regards
> |
> | Adam
> |
> | "Edward Tian" wrote:
> |
> | > Dear Adam:
> | > Thank you for posting here.
> | >
> | > From your description, I understand that you want to access an outside
> | > website from the internal client through ISA2000, and port 19638 is
> used
> | > for communication. If I have misunderstood, please feel free to let me
> know.
> | >
> | > Before we go any further, please help to confirm the following
> information:
> | >
> | > 1. Is this website a SSL site (like https://www.abc.com, not
> | > http://www.abc.com )? If so, there is a known issue when we view a SSL
> | > website on the internet by using a port other than 443. Please refer to
> | > this article and follow the steps to resolve this issue:
> | > Blank page or page cannot be displayed when you view SSL sites through
> ISA
> | > Server
> | > http://support.microsoft.com/?id=283284
> | >
> | > 2. Do you configure all the internal clients as both the Web Proxy
> client
> | > and Firewall client?
> | > To be a Web Proxy client, please open IE, click Tools->Internet
> Options,
> | > and click Connections->LAN Settings, configure ISA server as your Proxy
> | > server (you can enter either the computer name or the internal IP of
> the
> | > ISA server, port 8080 by default.)
> | >
> | > To be a Firewall client, the workstation needs to have the ISA Firewall
> | > Client software installed.
> | >
> | > 3. Have you run CEICW Wizard? The wizard can help us configure the
> | > networking settings for a SBS server. It automatically creates the ISA
> | > rules for internet access. I recommend you re-run this Wizard.
> | > Open Server Management console, navigate to 'To Do List' and click
> 'Connect
> | > to the internet' in the right panel. You can refer to following KB
> article
> | > for detailed information:
> | >
> | > 825763 How to configure Internet access in Windows Small Business
> Server
> | > 2003
> | > http://support.microsoft.com/?id=825763
> | >
> | > 4. Does this problem occur on all the internal clients?
> | >
> | > Please also help me gather more information for analysis:
> | > 1. Help to gather the ISA Logs:
> | >
> | > 1) Open ISA Management, and then point to Monitoring Configuration |
> Logs
> | >
> | > 2) Double click ISA Server Firewall Service in the right pane, click to
> | > select Enable Logging for this service, click Fields tab, click Select
> All,
> | > and then click OK.
> | >
> | > 3) Please repeat Step 2) to enable logging IP Packet Filter and Web
> Proxy
> | > Services.
> | >
> | > 4) Run command "net stop isactrl" (without the quotation marks) to stop
> all
> | > ISA Services.
> | >
> | > 5) Backup all files in the folder C:\Program Files\Microsoft ISA
> | > Server\ISALogs, and then delete them.
> | >
> | > 6) In ISA Management | <server name> | Monitoring | Services, start all
> ISA
> | > services.
> | >
> | > 7) Reproduce the issue.
> | >
> | > 8) Wait for about 3 minutes, and then send me that day's firewall, web
> | > proxy and IP Packet filter log in C:\Program Files\Microsoft ISA
> | > Server\ISALogs. You can compress logs into .zip file. If compressed
> file
> | > size is larger than 5 M, please let me know so that I can create a site
> for
> | > you to upload the file:
> | >
> | > Firewall log: FWSEXTDyyyymmdd.log
> | > Web Proxy log: WEBEXTDyyyymmdd.log
> | > IP Packet Filter log: IPPEXTDyyyymmdd.log
> | >
> | > Please also let me know the IP address of the client/server.
> | >
> | > To collect ISA logs, refer to:
> | >
> | > 302372 HOW TO: Configure Logging in Internet Security and Acceleration
> | > Server
> | > http://support.microsoft.com/?id=302372
> | >
> | > 2. Help to gather the ISAinfo:
> | > You can download this utility from:
> | > http://www.isatools.org/isainfo.vbe
> | > Run it on the ISA server. Then attach the ISAINFO report to me at your
> | > convenience.
> | >
> | > You can send ISAinfo and ISA logs directly to my mailbox:
> | > v-edtian@xxxxxxxxxxxxx
> | >
> | > Thanks for your time and cooperation. Please feel free to let me know
> if
> | > you have any questions or concerns.
> | >
> | > Have a nice day! :)
> | >
> | > Best Regards
> | > Edward Tian(MSFT)
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | > ======================================================
> | > This newsgroup only focuses on SBS technical issues. If you have issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you check
> the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | > ======================================================
> | > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> | >
> | > --------------------
> | > | From: "Adam Hudson" <abmhudson@xxxxxxxxxxx>
> | > | Subject: ISA 2000 - Open Remote Port
> | > | Date: Tue, 23 Aug 2005 14:17:48 +1000
> | > | Lines: 15
> | > | X-Priority: 3
> | > | X-MSMail-Priority: Normal
> | > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
> | > | X-RFC2646: Format=Flowed; Original
> | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
> | > | Message-ID: <eOJcfm5pFHA.2416@xxxxxxxxxxxxxxxxxxxx>
> | > | Newsgroups: microsoft.public.windows.server.sbs
> | > | NNTP-Posting-Host: adsl-32-17.swiftdsl.com.au 218.214.32.17
> | > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
> | > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:146878
> | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
> | > |
> | > | Hi
> | > |
> | > | I am trying to get port 19638 to work through ISA 2000. I have SBS
> 2003.
> | > I
> | > | need this to access an admin part of a website. It works fine on a
> | > computer
> | > | connected directly to the internet but not if that computer is then
> | > connect
> | > | to the server and needs to pass through ISA on the server to access
> the
> | > net.
> | > |
> | > | I am sure you need to put in some rule to allow access in and out on
> this
> | > | port but I cannot work out how to do this.
> | > |
> | > | Thanks in advance.
> | > |
> | > | Adam
> | > |
> | > |
> | > |
> | >
> | >
> |
>
.
- Follow-Ups:
- RE: ISA 2000 - Open Remote Port
- From: Edward Tian
- RE: ISA 2000 - Open Remote Port
- References:
- ISA 2000 - Open Remote Port
- From: Adam Hudson
- RE: ISA 2000 - Open Remote Port
- From: Edward Tian
- RE: ISA 2000 - Open Remote Port
- From: Adam Hudson
- RE: ISA 2000 - Open Remote Port
- From: Edward Tian
- ISA 2000 - Open Remote Port
- Prev by Date: Re: Moving away from SBS2000
- Next by Date: Re: VPN Subnet Question- SBS2000
- Previous by thread: RE: ISA 2000 - Open Remote Port
- Next by thread: RE: ISA 2000 - Open Remote Port
- Index(es):
Relevant Pages
|
Loading
