RE: Stateful inspection

From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Wed, 30 Oct 2002 16:53:56 -0600
Hi David,
 
Yes, when you use publishing rules the connection state is tracked. Same
with Protocol rules.
 
HTH,
Tom

        -----Original Message-----
        From: David Elmquist [mailto:david@xxxxxxxxxx] 
        Sent: Wednesday, October 30, 2002 4:09 PM
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Stateful inspection
        
        
        http://www.ISAserver.org
        
        

        Bugger ! ...as they would say in England. This seriously
degrades the intelligence of

        ISA compared to other solutions. Could we only do stateful on at
NAT DMZ I believe this

        Would be a much more attractive firewall. I`m inclined to to
take this as an authorative

        Statement, but will of course do futher reseach :-)

         

         David

         

        -----Original Message-----
        From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
        Sent: 30. oktober 2002 22:56
        To: [ISAserver.org Discussion List]
        Subject: [isalist] RE: Stateful inspection

         

        http://www.ISAserver.org

        Hi David,

         

        No.

         

        That's why packet filters and trihomed DMZ (including public
address DMZs), suck. :-)

         

        HTH,

        Tom

         

        Thomas W Shinder

        www.isaserver.org/shinder <http://www.isaserver.org/shinder>  

        http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1> 

        http://tinyurl.com/1llp <http://tinyurl.com/1llp> 

         

         

                -----Original Message-----
                From: David Elmquist [mailto:david@xxxxxxxxxx] 
                Sent: Wednesday, October 30, 2002 3:23 PM
                To: [ISAserver.org Discussion List]
                Subject: [isalist] Stateful inspection

                http://www.ISAserver.org

                 Lately, I`ve been asked to make a comparison between
ISA and other firewalls, such as PIX and

                FW1. One thing that`s been nagging me, is the ability to
have a DMZ and do stateful inspection on

                Traffic there. I`m aware that ISA does in fact do
stateful inspection on traffic outbound traffic and

                Traffic initiated by published server rules. My question
is this:

                 

                Does ISA perform stateful inspection on traffic to a DMZ
zone via packet filters ?

                 

                The reason this is not obvious is the 3 types of traffic
configurable in a packet filter; Inbound, 

                Outbound and both. I`ve noticed that for example a
filter like TCP 3389 inbound would allow

                Terminal services to be used on the ISA machine - but a
typical oldfashined filtering firewall

                Would require a filter allowing both Inbound AND
outbound access. Stateful inspection would

                Account for this. I`ve found no literature to back this
up though...any thoughts ?

                 

                Regards,

                 

                David Elmquist

                ------------------------------------------------------
                List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
                ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
                ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
                ------------------------------------------------------
                Exchange Server Resource Site:
http://www.msexchange.org/
                Windows Security Resource Site:
http://www.windowsecurity.com/
                Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
                ------------------------------------------------------
                You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
                To unsubscribe send a blank email to
$subst('Email.Unsub') 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: david@xxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
        ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
        ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Exchange Server Resource Site: http://www.msexchange.org/
        Windows Security Resource Site: http://www.windowsecurity.com/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub')
RE: Stateful inspection

Other related posts:
