Hi, I added the Rule#1 and Rule#2 fields, but as I expected they are blank as I don't have any rules stopping this connection. I just want to allow this connection. I have a protocol definition stating port 8101 open and a protocol definition allowing any request, anytime to use this protocol definition. I have tried various combinations, inbound, outbound but nothing seems to work. Please look at the logs below and advise if you can figure this out. Thanks Rami Software: Microsoft(R) Internet Security and Acceleration Server 2000 #Version: 1.0 #Date: 2001-12-07 14:54:49 #Fields: c-ip cs-username c-agent date time s-computername r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation sc-status rule#1 rule#2 sessionid connectionid 10.22.25.60 - - 2001-12-07 14:54:49 NYNY0S24 - 10.11.0.221 8101 - - - 8101 TCP Connect 13301 - - 2 1 -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Thursday, December 06, 2001 5:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Fiewall Log sc-status: 13301 http://www.ISAserver.org That error code means ISA refused to allow that traffic. Add "Rule#1" and "Rule#2" fields to your FW logs (Monitoring, Logs, Firewall log props). You need to review the protocol definition, the protocol rule and your site and content rules to see why this is occurring. Jim Harrison MCP(NT4, 2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ ----- Original Message ----- From: "Chhatwal, Raminder S." <RChhatwal@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, December 06, 2001 10:37 Subject: [isalist] Fiewall Log sc-status: 13301 http://www.ISAserver.org Hi all, Following is what my firewall log shows. I have a protocol defined with port 8101 inbound and outbound and a protocol rule allowing this protocol to go through but I am still getting blocked. Please advise what further configuration needs to be done to let SNAT clients go through the firewall to connect on this port. Thanks Rami #Software: Microsoft(R) Internet Security and Acceleration Server 2000 #Version: 1.0 #Date: 2001-12-06 18:27:08 #Fields: c-ip cs-username c-agent date time s-computername r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transports-operation sc-status sessionid connectionid 10.22.25.60 - - 2001-12-06 18:27:08 NYNY0S24 - 10.11.0.221 8101 - - - 8101 TCP Connect 13301 2 1 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rchhatwal@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')