RE: Confused about how to configure
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 14 Aug 2003 16:12:46 -0500
Hi Koie,
The point I was getting at is there is no such thing as "opening a
port". Its just a Help Desk ploy to give you meaningly info and get you
off the phone.
What you really need to know is whether the protocols are all primary
connections, or if there are secondary connections. A secondary
connection is connection that is seen by the firewall as an unsolictied
SYN packet. Normally, the firewall will drop unsolicited SYNs, but if
the SYN is part of a secondary connection (sometimes referred to as part
of a "connection bundle") that the firewall is expecting, then the
firewall will allow it through.
However, ISA firewalls work with protocols that require secondary
connections depending on the client type:
SecureNAT clients require an application filter to work with complex
protocols that require secondary connections
Firewall clients do not require an application filter, but you must know
which connections are primary and which are secondary and create the
appropriate Protocol Definitions.
Some protocols imbed private addresses in the data portion, which makes
things even more problematic and require a ALG (cf. SIP).
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx]
Sent: Thursday, August 14, 2003 4:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Confused about how to configure
http://www.ISAserver.org
I guess i need to buy a good book about ISA but never have taken the
time to do it, normally the default installation from windows 2000 sbs
seems pretty secure, and i never tweak it more than that. Maybe i can
find some guides that explain it more in depth.
Koie
-----Original Message-----
From: Romel Gonzales [mailto:rgonzales@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, August 14, 2003 4:00 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Confused about how to configure
Too see open port & application accesing through this in a local
machine, try to download "Active port" from www.download.com. Maybe this
work with ISA
Romel
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Jueves, 14 de Agosto de 2003 02:20 p.m.
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Confused about how to configure
http://www.ISAserver.org
Hi Koie,
I get confused by that too. I guess some firewalls have an "open port"
button.
I'm going to see if the ISA Server development team can add an Open Port
button with the next service pack. I hear "the Help desk said to open
ports 666, 777 etc" so often that the pix or the CP boxes must have one,
and I want one too!
Jim, can you help me with this request?
:-)
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx]
Sent: Thursday, August 14, 2003 3:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Confused about how to configure
http://www.ISAserver.org
Here is something i always get confused by, you say open TCP port's
6891-6900. Where exactly do you do this in ISA? Is it a protocol rule,
site & content rule, ip packet filter, etc? Do most of you use packet
filters or have them turned off?
Koie
-----Original Message-----
From: hanan [mailto:nouran@xxxxxxxxx]
Sent: Thursday, August 14, 2003 2:10 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: File transfer through msn messenger
http://www.ISAserver.org
Hi
You should open TCP port6891---6900 outbound and inbound
I hope this will help you
Hanan
-----Original Message-----
From: cutegurl985 [mailto:cutegurl985@xxxxxxxxx]
Sent: 14 August 2003 17:04
To: [ISAserver.org Discussion List]
Subject: [isalist] File transfer through msn messenger
http://www.ISAserver.org
Is there a way to transfer files through msn messenger?
Please help
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nouran@xxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ksmith@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rgonzales@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
