RE: FYI: ISA on SBS

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 14 Jul 2003 19:42:18 -0500

Hi John,
 
With ISA Exchange RPC publishing, it just opens 135 inbound, and only
for the Exchange specific UUIDs. If you don't use ISA, then you allow
135 inbound for any UUID, and then you have to open all high number
ports inbound, since the server can assign itself any ephemeral port.
Check out:
 
http://support.microsoft.com/default.aspx?scid=kb;EN-US;148732
 
It has good info and links on the problematic nature of doing this
without ISA.
 
Thanks!
Tom

Thomas W Shinder 
www.isaserver.org/shinder 
ISA Server and Beyond: http://tinyurl.com/1jq1 
Configuring ISA Server: http://tinyurl.com/1llp 

        -----Original Message-----
        From: John Tolmachoff (Lists)
[mailto:johnlist@xxxxxxxxxxxxxxxxxxx] 
        Sent: Monday, July 14, 2003 11:40 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: FYI: ISA on SBS
        
        
        http://www.ISAserver.org
        
        

        First off, I have to admit I am not familiar with the technical
side of RPC publishing.

         

        What port ranges are used and how does it work?

         

        John Tolmachoff MCSE CSSA

        Engineer/Consultant

        eServices For You

        www.eservicesforyou.com

         

        -----Original Message-----
        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
        Sent: Monday, July 14, 2003 9:21 AM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: FYI: ISA on SBS

         

        http://www.ISAserver.org

        Hi John,

         

        Yes please! I'd like to hear more of your observations on this.

         

        However, the problem with the sonicwall firewall setup is that
if you run ISA Server 2000 on the SBS box that runs the Exchange Server,
you cannot avail external users of Exchange RPC publishing. The only way
to do this is to disabling packet filtering, in which case, there's no
point to even installing ISA Server, since its no longer a firewall
without packet filtering protection. The Problem is that there's no way
to disable RPC socket pooling. When you can't disable socket pooling,
you can't create Server Publishing or Web Publishing Rules on that
socket. The only other option is to create packet filters, but in order
to create packet filters, you have to open the entire ephermal range of
ports using static packet filters, which gets back to the poor security
provided by tradition packet filtering based devices like PIX or
sonicwall, and the reason why you want an ISA based appliance in front
of the SBS box so that the customer is able to fully take advantage of
the Exchange Server and remote Outlook 2000/2002/2003 client.

         

        Thanks!

        Tom

         

         

        Thomas W Shinder

        www.isaserver.org/shinder <http://www.isaserver.org/shinder>  

        ISA Server and Beyond: http://tinyurl.com/1jq1

        Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp> 

         

         

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 Exchange Server Resource Site: http://www.msexchange.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts: