So I found the problem (which illustrates that I didn't know as much as I thought I did of ISA 2000). The problem was the ports I was using (For example, SSH 22 TCP Outbound) was not listed in the protocol definitions. I merely assumed (ok, lesson learned there -- being in the support field for a while I should have known better) that having a protocol rule of 'all ip traffic' allowed would just work. I was wrong (or either have my firewall misconfigured). For some reason I also found a few dupes (such as FTP) -- so I cleaned those out as well. I thought I would post to the list and let everyone know what my issue was, incase someone else runs across this. Have a great day and thanks for the help! Kenny -----Original Message----- From: Kenny Mann Sent: Tuesday, January 25, 2005 8:24 AM To: '[ISAserver.org Discussion List]' Subject: RE: [isalist] RE: Firewall dropping packets from some machines Indeed. Actually here's the history. About two and a half years ago, I got hired here -- knowing barely the basics of server stuff, networking etc. About a month after I'm hired, I'm told "Hey, were getting this server, it does our mail and firewall and stuff. Watch the guy install it and ask questions.... You're going to be taking care of it." Since them I've been learning and fighting mgmt to do things "the right way" from what I learn from this mailing list and stuff I've read from book stores. Originally we had ISA, Exchange, Symantec (+ Exchange filter), and ISS all on a single mahcine for 50 people. It eventually started getting hickups so we ended up doing a move to another server and doing stuff signifigantly better. Originally the guy who installed it didn't seem to care about all ip i/o and thought I was overly paranoid about too many things... While he did point out it was foolish of my to have my name everywhere in creation instead of placing it in domain admin (or administrators or something equivalent instead -- or heck, even just staying user and using the administrator account). Since then I've been going through and going "ughhh no, that's just bad... I think" So, I do appreciate your words of wisdom. Thinking about it now, I should probably run netstat and do some serious limiting about what's going on here. After spending some time yesterday going through everything and getting a full mental map of how things are versus how they (ideally) should be... I've got a ton of work to do. I'll say again, I really do appreciate your advice. Kenny -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Monday, January 24, 2005 2:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org Hi Kenny....don't take this the wrong way. What do you mean all ip access in and out...for what protocols???....that's just stupid, exchange should be published and only allow the protocols from it that it needs...ie smtp out and ftp for GFI. Very very bad security. ________________________________ From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] Sent: Monday, January 24, 2005 4:17 PM To: ISA Mailing List Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org Sorry, I should clarify further. Exchange has all ip access in and out. Back when I first started working here, I foolishly added myself to everywhere in creation as an admin. I've recently learned the error in my ways and am plugging the bugs. I'm still going through the services and telling it to launch as it's own account (for example: gfi_updater account becuase we use Firefox and my boss says he wants to track where everyone goes, thusly we need to force a proxy). ISA firewall client is installed on all machines except, of course, the non Windows PC's (Linux and QNX 4.25). These PC's are having issues as well (but I think that' becuase I've set the firewall to ask for authentication from anon users). This particular issue is a "You usually use HTTPS over port 443, you were trying on port 80 which isn't allowed..." -- my trying to use rsync. I thought that giving this IP block unrestricted IP access would fix this, but apparantly not. I should research the ladder of ISA and see where in the ladder what happens. I have some money... I'm going to buy an ISA book... I don't know enough as I should... While I'm not a beginner in this field, I believe I have much to learn... I've the first and only admin here... so a whole lot of "oops, what was I thinking?!" are cropping up about now as I'm going over these things. I think, over time, the error in my ways (adding myself in many 'o places ) is biting me and is causing permission weirdness. I say this becuase when I deny access over SSH Putty says it can't communicate or something of the equivalent. However what I'm seeing is it connect and then disconnect. Remote desktop does this as well. Hmm. Kenny -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Monday, January 24, 2005 1:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org A couple of things.... Exchange has godly rights...why??...should be published...and an ftp rule to allow updates from GFI only. Is the firewall client installed on the workstations, if not how is ISA to know who is using these protocols. If I was you...and I'm not....:), give the authorized users dhcp reservations and create an address set for then within ISA for the protocols you want to allow them. S ________________________________ From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] Sent: Monday, January 24, 2005 3:49 PM To: ISA Mailing List Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org Sorry, I neglected to give hardware/os specs. ISA 2000 - dedicated mode w/ Windows Server 2003. Machine is a Compaq Prolient ML330 with 2GB of memory. Kenny -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Monday, January 24, 2005 1:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org Which version of ISA?? S ________________________________ From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] Sent: Monday, January 24, 2005 12:30 PM To: ISA Mailing List Subject: [isalist] Firewall dropping packets from some machines http://www.ISAserver.org I'm having some issues that are difficult to pin down what is going on. I currently use SSH to get out of my network here (work) to get into my box at home. I use Putty. It's not only SSH that has this problem, but it's enough to relate to right now... For a while, life was good and it all worked hunkey dory (sp?). Then out of no where (gasp?) it stopped. More than likely I tweaked a setting, added a patch, or did something stupid and didn't notice it. Here is where the fun part comes in. If I create a Client Address Set and create a protocol rule to allow full outbound access to whatever I want, it works as if by magic. However, if I create a protocol rule and allow certain users (such as myself) full outbound access, it does not work. When I say it doesn't work, instead of blocking my packets directly, it just drops them. What happens is Putty tries to connect, makes the first connection, then ISA blocks it. Many other programs are running into the same issues. I really don't like adding tons of Client Address Set for this because it just sounds wrong and insecure -- and difficult (DHCP -- except for our mail server and ISA server). Has anyone ran into this before? I've paid to have someone come out here and spend an hour trying to figure out what the heck is going on, but he couldn't figure it out and needed more time. At the time it was only SSH and remote desktop, which I was able to deal without at the time and live with the CAS method. Now it seems, other things aren't working that I didn't notcie. I got MailEssentials for Exchange and it says it fails to update (yes, it's on the mail server -- which should have godly rights -- and still doesn't work). Yes, in the previously paragraph I say the Client Address Set method doesn't work for that computer and yet in the passage before that one, I say it works. I should say that it's picky about the machines it wants to work on. I have looked at my logs and it shows nothing. I'm half way tempted to reinstall ISA Server just becuase this is a little too weird to be a config problem... Thoughts? Kenny ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kennymann@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kennymann@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kennymann@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx