RE: It is necessary to restart the Firewall service to apply new policy rules

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 2 Feb 2006 06:55:26 -0800

ISA 2000 can take awhile to make policy changes effective; ISA 2004 does
a much better job of this.

DO NOT USE "IPEnableRouter".
Let me say it again:
DO
NOT
USE
"IPEnableRouter".

This is a TCP/IP registry setting that effectively "gets around" ISA
routing.
ISA is *(NOT)* a router, although it's possible to pass traffic across
ISA to another network *(IF)* you configure the rules and the clients
properly.

Since you only have two interfaces, one of those networks is seen as
"external" by ISA and all traffic from that network will be blocked by
default.

--------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
--------------------------------------------

-----Original Message-----
From: Itajiba Bezerra [mailto:itajiba.bezerra@xxxxxxxxxxxxx] 
Sent: Thursday, February 02, 2006 3:36 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] It is necessary to restart the Firewall service to
apply new policy rules

http://www.ISAserver.org

After installing the ISA Server 2000 SP2 on a computer with Windows 2003
SP1, I noticed the following behaviour: when a new policy rule is
created,
it is necessary to restart the Firewall service and sometimes I need to
reboot the machine in order to new rule works. Another problem: it was
necessary to enable IPEnableRoute to route the traffic between the LANs.
The server has two NIC cards (External and Internal LAN) and both are
using private addresses (10.8.50.x/24 and 10.8.51.x/24).
Where is my fault ?

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » It is necessary to restart the Firewall service to apply new policy rules
• » Re: It is necessary to restart the Firewall service to apply new policy rules
• » RE: It is necessary to restart the Firewall service to apply new policy rules

1. Home
2. isalist
3. Archive
4. 02-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---