RE: Firewall Rules
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 29 Sep 2004 15:10:29 -0700
It doesn't matter if the rule allows or denies.
The first rule that matches the request is the one that will act on it.
Overall Order:
1. System rules (in listed order)
2. Firewall rules (in listed order)
for( Each Non-Default Rule in Listed Order )
{
if ( rule matches request )
{
if ( rule requires authentication )
{
get user credentials
if ( user fails authentication )
{
SEEYA!!!
return;
}
}
else
{
take rule-defined action
return;
}
}
}
Deny
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
----- Original Message -----
From: "Aman Bedi" <gurkirpal.bedi@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, September 29, 2004 13:45
Subject: [isalist] RE: Firewall Rules
http://www.ISAserver.org
Can you please confirm this ? :-) thanks
When does it stop while going down .. ?
Only if there is a specific rule matching that protocol and user to allow
traffic , it allows, otherwise it keeps checking all rules and if none are
found matching .. it drops the request .. Right ?
If there is a deny for that user/protocol it discards request and stops
checking further rules . right ?
Aman Bedi | Systems/Network Administrator (MCSD, MCSA 2000, MCSA 2003)
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com
PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use of
the person or entity to whom it is addressed. The contained information is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify the
sender immediately.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------------------
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Wednesday, September 29, 2004 1:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Firewall Rules
http://www.ISAserver.org
Hi Aman,
They are processed from the top down, with System Policy rules being
processed before Firewall Policy.
HTH,
Tom
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
Get the book!
Tom and Deb Shinder's Configuring ISA Server 2004
<http://tinyurl.com/3xqb7> http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx]
Sent: Wednesday, September 29, 2004 12:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Firewall Rules
http://www.ISAserver.org
Hi all,
Is there an article which explains how the firewall rules are processed in
ISA 2004 ? I mean in what order they are processed and which rule has
preference, whats the priority etc ..
Thanks
Aman Bedi | Systems/Network Administrator (MCSD, MCSA 2000, MCSA 2003)
54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 |
Phone +1(212) 278-0178 ext 234 | www.scanbuy.com
PRIVILEGED & CONFIDENTIAL
The information contained in this email message is intended only for use of
the person or entity to whom it is addressed. The contained information is
CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under
applicable laws. If you read this message and are not the addressee, you are
notified that use, dissemination or reproduction of this message is
prohibited. If you have received this message in error, please notify the
sender immediately.
----------------------------------------------------------------------------
----------------------------------------------------------------------------
-------------------------------------
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gurkirpal.bedi@xxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
