Re: Allow Port 319 through ISA
- From: "Simon Weaver" <Simon.Weaver@xxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sat, 27 Sep 2003 20:51:38 -0000
Thanks Jim
I Will check out the client and see what is going on and report back :)
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 27 September 2003 19:06
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
Anyone who tells you to "open a port" should be forced to listen to teenage
girls engaging in a sleepover "gab-fest". Turst me; drinking gasoline is a
preferable alternative...
Let's recap:
1. the application works when the FW client is disabled
2. the application fails when the fw client is enabled
..is ISA the only way out of your network to the Internet?
If so, then it's not a policy problem.
If not, then we need to examine your client configurations compared to your
desired access policies.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Sat, 27 Sep 2003 19:45:23 -0000
"Simon Weaver" <Simon.Weaver@xxxxxxxx> wrote:
http://www.ISAserver.org
Hi Jim
That is where I am getting a little confused :-(
When its turned off, it works and turned on, it fails (the application hangs
and according to the Tech Guys, its because it cannot communicate on 319).
So in order to make this work, I need to allow 319 through the Server using a
protocol rule?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 27 September 2003 18:13
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
That depends on "why" it's denied, but no; a packet filter is not going to
help.
You'll need to create a protocol definition and use it in a protocol rule.
Again; since non-Firewall clients can get through; it's unlikely to be a
policy problem (assuming non-fw clients still use ISA at all).
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Simon Weaver" <Simon.Weaver@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, September 27, 2003 11:24
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
Thansk Jimk
Iw ill look at the client on Monday and see what the log shows.
If it is denied by the firewall, shall I just simply create a packet filter?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 27 September 2003 16:20
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
Look in the ISA FW log; if this port is being requested through ISA at all,
it'll show up there.
The sc-result codes will be:
0 = normal connect
13301 = disallowed by policy (add "Rule#1" and "Rule#2" to the FW logging
fields to see which rule)
20000 = normal disconnect
20001 = abnormal disconnect
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Simon Weaver" <Simon.Weaver@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, September 27, 2003 09:36
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
Hi Jim
I will give this a try when I am next on-site, but the company responsible
for the app beleives that port 319 is not being allowed outbound by the
firewall - is there a way to prove this as well please?
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 27 September 2003 15:09
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
Since the application works when the FW client is disabled, it's not a
policy problem.
More likely, it's name resolution.
FW client apps depend on the ISA to make the external connections, and also
to perform name resolution.
You can prove this by:
1. disable the FW client
2. open a cmd window
3. "ipconfig/flushdns"
4. ping <externalserver>
- what is the response?
5. ipconfig/flushdns
6. enable the FW client
7. ping <externalserver>
- what is the response?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Simon Weaver" <Simon.Weaver@xxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Saturday, September 27, 2003 08:16
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
Hello Jim
Yes the application is "Outside" the firewall - they launch a program
that in turn is meant to communicate to a company outside of the
firewall.
Simon Weaver
Technical Consultant
MCSE+Internet / MCSE Windows 2000
Integrated Solutions Corp. Ltd
http://www.iscl.net
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 27 September 2003 15:03
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Allow Port 319 through ISA
http://www.ISAserver.org
The FW client should actually help the app communicate across the
firewall unless you have rules in place denying all except sepcified
protocols (good policy, BTW).
Are they trying to communicate inside-to-inside, or are they trying to
cross the firewall?
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
On Sat, 27 Sep 2003 13:20:01 -0000
"Simon Weaver" <Simon.Weaver@xxxxxxxx> wrote:
http://www.ISAserver.org
Hi everyone
I think I am going completely mad!!
I have a 3rd party application that communicates on Port 319 - If the
users Win2k Workstations Firewall Client are enabled, the application
does not respond. If they disable the firewall client, the program works
fine.
Can someone tell me where I need to enable port 319 through the firewall
please?
Thank you so much..... I think I am losing it :-(
Simon
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
All mail from this domain is virus-scanned with RAV.
www.ravantivirus.com
^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*^*
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
Simon.Weaver@xxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
