Re: A little confusion

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Wed, 14 Apr 2004 04:27:03 -0500
Hi Chris,

If you have a client app on the firewall (always a bad idea), then you
need to create packet filters to support that app, not Protocol Rules.

HTH,
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

 


-----Original Message-----
From: Chris H [mailto:ntpro@xxxxxxxxxx] 
Sent: Tuesday, April 13, 2004 1:31 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: A little confusion


http://www.ISAserver.org

so lets look at it this way . . .

I have an app installed on the ISA sever running on port 577 tcp
I created the protocol definitions for tcp 577 inbound and one for
outbound
I created a protocol rule allowing it
I did a server publish for the internal ip of the isa server to the
external
ip

no joy

----- Original Message ----- 
From: "cismic" <cismic@xxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 13, 2004 1:31 PM
Subject: [isalist] Re: A little confusion


> http://www.ISAserver.org
>
> Hi Chris,
>
> I don't think that it matters.  What matters is that when you have
> ClientSets, you make the names more meaningfull to read and apply.
It's
> like when I write a program seeing ERROR_ON_FORM_INSERT is better then
> seeing 0x00100.
> I'm not sure if there are any naming standards to ISA in regards to
client
> sets, destination sets, protocol rules, site and content rules or not
but,
> I've created my own
> I preceed each rule by appropriate setting:
> CLI - Client Set
> PRO- Protocol Rule
> SCR - Site And content
> DES - Destination set
> Etc..
> It's just a dumb thing but when I look at my logs I can quickly see
what
the
> rule was. And when I dump out my ISA stuff using Jims tool for
ImportExport
> of ISA settings I can double check to make sure that all values are
what
> they should be.
>
> Thank you,
>
> Joseph
>
> ----- Original Message ----- 
> From: "Chris H" <ntpro@xxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, April 13, 2004 10:13 AM
> Subject: [isalist] Re: A little confusion
>
>
> http://www.ISAserver.org
>
> So the rules under PROTOCOL RULES can be inbound or outbound depending
on
> the client set allowed to use the rule?
>
> ----- Original Message ----- 
> From: "cismic" <cismic@xxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Tuesday, April 13, 2004 12:21 PM
> Subject: [isalist] Re: A little confusion
>
>
> > http://www.ISAserver.org
> >
> > Hi Chris,
> > Client sets can be both internal or external.
> > I'd like to think that they are better to remember then lest say an
> > IPADDRESS
> > 198.162.0.1  is harder to remember then creating a client set that
states
> > INTERNAL ISA NIC 2 ::198.162.0.1
> >
> > Joseph
> > ----- Original Message ----- 
> > From: "Chris H" <ntpro@xxxxxxxxxx>
> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> > Sent: Tuesday, April 13, 2004 9:18 AM
> > Subject: [isalist] A little confusion
> >
> >
> > http://www.ISAserver.org
> >
> > I am getting a little confused on my ISA terminology . . .
> >
> > If I want to say:
> >
> > allow ip x.x.x.x from the internet to go through my ISA to x.x.x.x
> internal
> > ip with this defined protocol is that a destination set? this is NOT
http
> > traffic . . .
> >
> > Client sets are only internal, right?
> >
> > Much thanks!
> >
> > Chris
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> > cismic@xxxxxxx
> > To unsubscribe send a blank email to
$subst('Email.Unsub')
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Other Internet Software Marketing Sites:
> > Leading Network Software Directory: http://www.serverfiles.com
> > No.1 Exchange Server Resource Site: http://www.msexchange.org
> > Windows Security Resource Site: http://www.windowsecurity.com/
> > Network Security Library: http://www.secinf.net/
> > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion List
as:
> ntpro@xxxxxxxxxx
> > To unsubscribe send a blank email to
$subst('Email.Unsub')
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> cismic@xxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
ntpro@xxxxxxxxxx
> To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Re: A little confusion

Other related posts:
