Hi Koie, The point I was getting at is there is no such thing as "opening a port". Its just a Help Desk ploy to give you meaningly info and get you off the phone. What you really need to know is whether the protocols are all primary connections, or if there are secondary connections. A secondary connection is connection that is seen by the firewall as an unsolictied SYN packet. Normally, the firewall will drop unsolicited SYNs, but if the SYN is part of a secondary connection (sometimes referred to as part of a "connection bundle") that the firewall is expecting, then the firewall will allow it through. However, ISA firewalls work with protocols that require secondary connections depending on the client type: SecureNAT clients require an application filter to work with complex protocols that require secondary connections Firewall clients do not require an application filter, but you must know which connections are primary and which are secondary and create the appropriate Protocol Definitions. Some protocols imbed private addresses in the data portion, which makes things even more problematic and require a ALG (cf. SIP). HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx] Sent: Thursday, August 14, 2003 4:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Confused about how to configure http://www.ISAserver.org I guess i need to buy a good book about ISA but never have taken the time to do it, normally the default installation from windows 2000 sbs seems pretty secure, and i never tweak it more than that. Maybe i can find some guides that explain it more in depth. Koie -----Original Message----- From: Romel Gonzales [mailto:rgonzales@xxxxxxxxxxxxxxxxxx] Sent: Thursday, August 14, 2003 4:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Confused about how to configure Too see open port & application accesing through this in a local machine, try to download "Active port" from www.download.com. Maybe this work with ISA Romel -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Jueves, 14 de Agosto de 2003 02:20 p.m. To: [ISAserver.org Discussion List] Subject: [isalist] RE: Confused about how to configure http://www.ISAserver.org Hi Koie, I get confused by that too. I guess some firewalls have an "open port" button. I'm going to see if the ISA Server development team can add an Open Port button with the next service pack. I hear "the Help desk said to open ports 666, 777 etc" so often that the pix or the CP boxes must have one, and I want one too! Jim, can you help me with this request? :-) Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Koie Smith [mailto:ksmith@xxxxxxxxxxxxxx] Sent: Thursday, August 14, 2003 3:07 PM To: [ISAserver.org Discussion List] Subject: [isalist] Confused about how to configure http://www.ISAserver.org Here is something i always get confused by, you say open TCP port's 6891-6900. Where exactly do you do this in ISA? Is it a protocol rule, site & content rule, ip packet filter, etc? Do most of you use packet filters or have them turned off? Koie -----Original Message----- From: hanan [mailto:nouran@xxxxxxxxx] Sent: Thursday, August 14, 2003 2:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: File transfer through msn messenger http://www.ISAserver.org Hi You should open TCP port6891---6900 outbound and inbound I hope this will help you Hanan -----Original Message----- From: cutegurl985 [mailto:cutegurl985@xxxxxxxxx] Sent: 14 August 2003 17:04 To: [ISAserver.org Discussion List] Subject: [isalist] File transfer through msn messenger http://www.ISAserver.org Is there a way to transfer files through msn messenger? Please help ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: nouran@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ksmith@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rgonzales@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')