RE: Connection Issue

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 29 Aug 2003 17:03:37 -0700

Another thing to bear in mind for banking connections, they like to use
non-standard SSL ports.
You can review the WEBEXT..log for those failing connections and it will
display the port used.
If they're anything other than 443, then you can use
http://www.isatools.org/ssl_tpr_add.vbs.
Just edit the script to accommodate any non-std SSL ports you find in your
logs and run it.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://www.microsoft.com/isaserver
 http://isaserver.org/Jim_Harrison
 http://isatools.org

 Read the help, books and articles!
----- Original Message ----- 
From: "Eric Poole" <EPoole@xxxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, August 29, 2003 12:04
Subject: [isalist] RE: Connection Issue


http://www.ISAserver.org


A thank you to all (even the wisenheimers!).  Discussions have begun
with our network team using the input provided here as baseline issues.
Thanks again!
Let me add something, I just read -
http://www.isaserver.org/tutorials/Understanding_SSL_bridging_and_tunnel
ing_within_ISA.html - and one of our issues is connecting to a specific
site that uses https.  All that they say is needed is port 80 and 443.
Yet the darn thing keeps timing out/locking up!  We have multiple
banking sites that we use that do not have issues...could ISA be the
problem?  Vendor states that they have read about known issues with ISA
and SSL?  They couldn't provide any links and I haven't been able to
find them.  Any thoughts?

Eric Poole
IS Security Analyst
Community Medical Centers <http://communitymedical.org/>
1140 "T" Street, Fresno, California  93721
559-459-6784 (phone)  559-459-2045 (fax)


-----Original Message-----
From: "John Tolmachoff \(Lists\)"
<johnlist@xxxxxxxxxxxxxxxxxxx>@CHCC
Sent: Friday, August 29, 2003 11:08 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Connection Issue

http://www.ISAserver.org
True, good points. It all comes down to what a MS
security tech told us at a conference. Security is like a triangle, with
the points being cost, functionality and security. Some where in the
triangle is the point for each company. Our job is to find that point.

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com

-----Original Message-----
From: Quillman Shawn (RBNA/CIT1.1) *
[mailto:Shawn.Quillman@xxxxxxxxxxxx]
Sent: Friday, August 29, 200310:14 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Connection Issue

Due to obvious security issues I won't discuss the
configuration of our corporate firewalls.  However, there is quite an
advantage to having a multiple-system firewall.  A vulnerability of one
system is typically not going to be a vulnerability in another system so
your protection against attack is greatly increased with mixed systems.
ISA can handle itself, I agree.  But if/when something does get through
ISA another wall behind it would give admins more time to react to the
breach before the internal network is compromised.  Same reason they
built castles with an outer wall.  The biggest question then is how
willing is your company to throw the required resources at a
multiple-system firewall?  More systems require more money and they add
a great deal of complexity to the solution.  From a pure security
standpoint it is the best solution.  You just have to weigh it against
your purse and your corporate culture.

-Shawn

----- 

------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: epoole@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue
• » RE: Connection Issue

1. Home
2. isalist
3. Archive
4. 08-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---