Sorry, I should clarify further. Exchange has all ip access in and out. Back when I first started working here, I foolishly added myself to everywhere in creation as an admin. I've recently learned the error in my ways and am plugging the bugs. I'm still going through the services and telling it to launch as it's own account (for example: gfi_updater account becuase we use Firefox and my boss says he wants to track where everyone goes, thusly we need to force a proxy). ISA firewall client is installed on all machines except, of course, the non Windows PC's (Linux and QNX 4.25). These PC's are having issues as well (but I think that' becuase I've set the firewall to ask for authentication from anon users). This particular issue is a "You usually use HTTPS over port 443, you were trying on port 80 which isn't allowed..." -- my trying to use rsync. I thought that giving this IP block unrestricted IP access would fix this, but apparantly not. I should research the ladder of ISA and see where in the ladder what happens. I have some money... I'm going to buy an ISA book... I don't know enough as I should... While I'm not a beginner in this field, I believe I have much to learn... I've the first and only admin here... so a whole lot of "oops, what was I thinking?!" are cropping up about now as I'm going over these things. I think, over time, the error in my ways (adding myself in many 'o places ) is biting me and is causing permission weirdness. I say this becuase when I deny access over SSH Putty says it can't communicate or something of the equivalent. However what I'm seeing is it connect and then disconnect. Remote desktop does this as well. Hmm. Kenny -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Monday, January 24, 2005 1:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org A couple of things.... Exchange has godly rights...why??...should be published...and an ftp rule to allow updates from GFI only. Is the firewall client installed on the workstations, if not how is ISA to know who is using these protocols. If I was you...and I'm not....:), give the authorized users dhcp reservations and create an address set for then within ISA for the protocols you want to allow them. S _____ From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] Sent: Monday, January 24, 2005 3:49 PM To: ISA Mailing List Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org Sorry, I neglected to give hardware/os specs. ISA 2000 - dedicated mode w/ Windows Server 2003. Machine is a Compaq Prolient ML330 with 2GB of memory. Kenny -----Original Message----- From: Steve Moffat [mailto:steve@xxxxxxxxxx] Sent: Monday, January 24, 2005 1:17 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Firewall dropping packets from some machines http://www.ISAserver.org Which version of ISA?? S _____ From: Kenny Mann [mailto:Kennymann@xxxxxxxxxxx] Sent: Monday, January 24, 2005 12:30 PM To: ISA Mailing List Subject: [isalist] Firewall dropping packets from some machines http://www.ISAserver.org I'm having some issues that are difficult to pin down what is going on. I currently use SSH to get out of my network here (work) to get into my box at home. I use Putty. It's not only SSH that has this problem, but it's enough to relate to right now... For a while, life was good and it all worked hunkey dory (sp?). Then out of no where (gasp?) it stopped. More than likely I tweaked a setting, added a patch, or did something stupid and didn't notice it. Here is where the fun part comes in. If I create a Client Address Set and create a protocol rule to allow full outbound access to whatever I want, it works as if by magic. However, if I create a protocol rule and allow certain users (such as myself) full outbound access, it does not work. When I say it doesn't work, instead of blocking my packets directly, it just drops them. What happens is Putty tries to connect, makes the first connection, then ISA blocks it. Many other programs are running into the same issues. I really don't like adding tons of Client Address Set for this because it just sounds wrong and insecure -- and difficult (DHCP -- except for our mail server and ISA server). Has anyone ran into this before? I've paid to have someone come out here and spend an hour trying to figure out what the heck is going on, but he couldn't figure it out and needed more time. At the time it was only SSH and remote desktop, which I was able to deal without at the time and live with the CAS method. Now it seems, other things aren't working that I didn't notcie. I got MailEssentials for Exchange and it says it fails to update (yes, it's on the mail server -- which should have godly rights -- and still doesn't work). Yes, in the previously paragraph I say the Client Address Set method doesn't work for that computer and yet in the passage before that one, I say it works. I should say that it's picky about the machines it wants to work on. I have looked at my logs and it shows nothing. I'm half way tempted to reinstall ISA Server just becuase this is a little too weird to be a config problem... Thoughts? Kenny ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kennymann@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: isalist@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kennymann@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx