Re: Traffic denied between internal and local host
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 1 Oct 2004 07:58:22 -0700
ISA already has system policies that provide for ISA-to-domain (and back)
traffic.
Creating additional firewall rules only serves to complicate the issue and make
your rules management harder.
Check out the System policies and you'll see what I mean...
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Steve Moffat" <steve@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 01, 2004 07:47
Subject: [isalist] Re: Traffic denied between internal and local host
http://www.ISAserver.org
Hi Jim
If I don't have a rule for all required domain traffic that allows
{internal to localhost and localhost to internal} then all traffic
between them stops. ISA's a domain member, not a dc.
So why is it silly???
S
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Friday, October 01, 2004 11:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Traffic denied between internal and local host
http://www.ISAserver.org
Creating a rule that allows internal to internal is silly.
There is no reason for an internal client to use ISA to reach an
internal resource.
If this traffic is intended to go from an internal client to an external
site, the rule s/b "Internal" to "External".
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Watts, Jeb" <Jwatts@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 01, 2004 07:12
Subject: [isalist] Traffic denied between internal and local host
http://www.ISAserver.org
I have a rule set up to allow all outbound traffic FROM internal and
local host TO internal and local host for all users. I have a Palm unit
attached to a workstation that communicates to a server on the internet.
The traffic is being denied from the workstation to the ISA server. The
status is 0xc0040014. The application protocol shows "unidientified IP
traffic". According to the old ISA 2000 logs the protocol is http and
the transport is TCP. Any ideas why this traffic is being denied?
Thanks!
Jeb
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
steve@xxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
This E-Mail is confidential. It is not intended to be read, copied, disclosed
or used by any person other than the recipient named
above.
Unauthorised use, disclosure, or copying is strictly prohibited and may be
unlawful. Optimum IT Solutions Ltd disclaims any
liability for any action taken in connection of this E-Mail. The comments or
statements expressed in this E-Mail are not necessarily
those of Optimum IT Solutions Ltd or its subsidiaries or affiliates.
administrator@xxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
