Hi Jim, This is a big request. Third-party application our company is developing. The workstation is a developers box, that requires at least 2 nics in their PC. In short, my goal is to switch our current Access Policy for outbound settings (Anonymous/All ports allowed) to (Authentication/All ports allowed). This change will cause the developers application to fail. Below is a describtion from the Developer's standpoint. Please let me know if you have any quesitons. Application requirements: 1. peer-to-peer LAN-only advertisement, discovery, and communication. requires: * binding all UDP ports and TCP ports in this section to a single specified IP address even on a multihomed system * bind UDP port 1900, set multicast TTL and interface and join multicast group - needed for advertisement * bind arbitrary UDP port (port '0' passed into bind to allow stack to choose), set multicast TTL and interface and join multicast group - needed for discovery * bind configurable TCP port, typically 8180, used to accept and service communication from the same machine or other machines on the LAN * bind arbitrary TCP port, used to connect to port 8180 on same machine or other machines on the LAN 2. connect unbound TCP port to port 80 on an arbitrary CDDB server on the internet 3. we do not have any need or desire to publish any services - no ports need bound to be let in through the proxy Current scenarios attempted to make this work with ISA in authenticated mode (Dave check the term for this): * If machine running application is not running firewall client, or is running firewall client but with an entry to disable for this application, then all local LAN requirements of the application (1) work, but CDDB communication out (2) fails - the connection to the outside server succeeds and then is immediately dropped and any reads give error 10054 (socket reset) * If machine running application is running firewall client and without an entry to disable it for this app, then CDDB communication (2) works, but all multicast binding in (1) fails. specifically, setting multicast TTL and interface socket options fail with error 10022 (invalid parameter). * If the application code is modified to ignore the return code from setting the socket options, or if proxy options LocalBindUdpPorts is set up for 0 and 1900, then the multicast sockets will appear to bind, advertisement/discovery via UDP multicast appears to work, but the TCP communication to other machines on the LAN or even the same machine fails with error 10038 (operation performed on non-socket) * Entering even full range of UDP and TCP ports (LocalBindUdpPorts=0-65535 and LocalBindTcpPorts=0-65535) behaved the same as above * We still have no solution under which communication needed in (1) and (2) both work -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Saturday, July 27, 2002 1:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Firewall Client Question http://www.ISAserver.org It's very probable that the FW client could be interfering if it's running on that workstation. Have him disable it and then test his app to see if anything changes. If things improve, then you'll need to enter his application into the Client Configuration, Firewall Clients, Application Settings with "Disable=1" After you do that, then force a refresh at his workstation and all should be well. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: David Dellanno <mailto:ddellanno@xxxxxxxxxxxxxxx> To: [ISAserver.org Discussion List] <mailto:isalist@xxxxxxxxxxxxx> Sent: Friday, July 26, 2002 2:34 PM Subject: [isalist] Firewall Client Question http://www.ISAserver.org Hi Jim, It has been a very long time to ask a question. There is a developer with two nics on his workstation, and he is trying to perform a multicast function on one of the nics, but it looks like the Firewall Client is giving him issues performing such a task. Would the Firewall Client conflict a workstation with two nics? Dave ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ddellanno@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')