Re: WTF?? ISA 04 semantics inbound or outbound

Mike,

Think of the direction from the perspective of the From network. In that
the traffic is outbound from the External network, in the SBS RWW Inbound
access rule. So if you were on the external network you would need to send
the traffic out that network in order to get to the To network. Thus, the
rule you mentioned is configuring it such that traffic from the external
network can go out to the localhost network (which is the server). It is a
little different than the ISA 2000 way of thinking when you had basically an
external network and an internal network, with ISA 2004 you may have
multiple networks so you need to be able to define the relationships (route
vs. nat) between them, as well as, the direction/flow of the traffic
(outbound/inbound) between them.


---

Hope that helps,
David Copeland
Microsoft Small Business Server Support

This posting is provided "AS IS" with no warranties, and confers no rights.


SBS Newsgroups:

SBS v4.x: microsoft.public.backoffice.smallbiz
SBS 2000: microsoft.public.backoffice.smallbiz2000
SBS 2003: microsoft.public.windows.server.sbs

"MikeR" <research@xxxxxxxxxxxxxxxxxx> wrote in message
news:ur1lz5HKGHA.1832@xxxxxxxxxxxxxxxxxxxxxxx
Hi Doug,

that I can understand....but....

As I posted, this rule is tcp outbound, to localhost, from external????
Oh, wait a sec...external NIC? Outbound from the internet to the external
NIC? Then whay ever have something called inbound? Everything could just
be outbound from somewhere else????

The logic does not make sense to me AT ALL. I would think that all
terminology would be as related to ISA itself.

Doug, this is not at all pointed at you but the ms thought process such as
it is sometimes...



A helicopter with a pilot and a single passenger was flying around above
Seattle when a malfunction disabled all of the aircraft's navigation and
communications equipment. Due to the darkness and haze, the pilot could
not determine the helicopter's position and course to get back to the
airport.

The pilot saw a tall building with lights on and flew toward it, the pilot
had the passenger draw a handwritten sign reading "WHERE AM I?" and hold
it up for the building's occupants to see.

People in the building quickly responded to the aircraft, drew a large
sign, and held it in a building window. Their sign said "YOU ARE IN A
HELICOPTER."

The pilot smiled, waved, looked at his map, determined the course to steer
to SEATAC airport, and landed safely.

After they were on the ground, the passenger asked the pilot how the "YOU
ARE IN A HELICOPTER" sign helped determine their position.

The pilot responded "I knew that had to be the Microsoft support building,
they gave me a technically correct but entirely useless answer."



"Douglas Boyd [MSFT]" <dboyd@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%230k7bYGKGHA.3696@xxxxxxxxxxxxxxxxxxxxxxxx
Mike

Thanks for using Microsoft Online Support

The inbound and outbound in ISA2004 translates more to source and
destination. For example when a client try to access something on the
server. That is outbound from the lan to the localhost. Traffic from the
server to the lan would be outbound from the localhost to the internal
network. Traffic from the internet to the server is outbound from the
internet to the external network card.


I hope this helps

Doug Boyd
dboyd@xxxxxxxxxxxxxxxxxxxx

This post is provided "AS IS" with no warranties and confers no rights





.

Relevant Pages

  • Re: what should I do when....
    ... You didn't answer my initial question which was, can you show me a firewall that does *secure* a network? ... The fact of the matter is that *most* businesses do not restrict outbound SSL traffic and even less of them decrypt and re-encrypt traffic for the sake of outbound monitoring. ... Not to mention not all of our outbound connections are established over port 443, we can use any port, hell we can even use ICMP or UDP. ... exploited and their computer connected back to me over https. ...
    (Security-Basics)
  • Re: [fw-wiz] Pix 535 Logging
    ... environment you should be able to. ... Have you thought about just blocking all outbound port 25 ... connections except for your authorized MX and mail servers? ... A Cisco Systems, Inc., Certified Network Associate ...
    (Firewall-Wizards)
  • Re: WTF?? ISA 04 semantics inbound or outbound
    ... In that the traffic is outbound from the External network, in the SBS RWW Inbound access rule. ... So if you were on the external network you would need to send the traffic out that network in order to get to the To network. ... A helicopter with a pilot and a single passenger was flying around above Seattle when a malfunction disabled all of the aircraft's navigation and communications equipment. ...
    (microsoft.public.windows.server.sbs)
  • Re: WTF?? ISA 04 semantics inbound or outbound
    ... Think of the direction from the perspective of the From network. ... the traffic is outbound from the External network, ... A helicopter with a pilot and a single passenger was flying around above ...
    (microsoft.public.windows.server.sbs)
  • Re: WTF?? ISA 04 semantics inbound or outbound
    ... Think of the direction from the perspective of the From network. ... that the traffic is outbound from the External network, ... A helicopter with a pilot and a single passenger was flying around ...
    (microsoft.public.windows.server.sbs)