RE: Idea for new question list

  • From: Tom Mendelboim <tomerm1@xxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 10 Mar 2003 13:53:23 -0500

Sorry for the delay... 

My Polycom unit is using 6 TCP ports and over 15 UDP ports... If I want to 
publish it or let it through the firewall, I need to create definition for each 
port... It's possible but annoying. I dealt with other firewalls in the past 
and they all had that option (port range). I can use H.323 for outbound but 
inbound is almost impossible using H.323 because of other reasons.

Thanks,

Tom
> 
> From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
> Date: 2003/03/08 Sat AM 11:53:37 EST
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Subject: [isalist] RE: Idea for new question list
> 
> http://www.ISAserver.org
> 
> 
> Hi Tom,
>  
> That is a frequently asked question, but I think its more of a design
> question rathar than something that can be fixed or "done". I suppose
> the design philosophy was that if a protocol were so poorly designed, OR
> required such a complex set of negotiations, that it would be better to
> let an ALG handle the connections, rather than having Protocol Rules
> deal with them. 
>  
> What type of applications are you thinking of? Online games?
>  
> Thanks!
> Tom
> Thomas W Shinder 
> www.isaserver.org/shinder 
> ISA Server and Beyond: http://tinyurl.com/1jq1 
> Configuring ISA Server: http://tinyurl.com/1llp 
>       -----Original Message-----
>       From: Tom Mendelboim [mailto:tomerm1@xxxxxxx] 
>       Sent: Saturday, March 08, 2003 1:11 AM
>       To: [ISAserver.org Discussion List]
>       Subject: [isalist] RE: Idea for new question list
>       
>       
>       http://www.ISAserver.org
>       
>       
>       How about why ISA cannot have a protocol definition that can be
> defined to open a range of ports (not secondary ports) for incoming or
> outgoing?
>        
>       -----Original Message-----
>       From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] 
>       Sent: Thursday, March 06, 2003 2:24 PM
>       To: [ISAserver.org Discussion List]
>       Subject: [isalist] Idea for new question list
>        
>       http://www.ISAserver.org
>       Hey folks,
>        
>       I was wondering about starting a new list of questions that I
> could maybe present to the Microsoft folks regarding ISA Server. These
> are questions that have been asked many, many times over the last two
> years and there's never been an answer to them. Now, I'm not talking
> about Frequently Asked Questions (FAQ) that are just asked because the
> person hasn't done his homework. I mean those tough questions that have
> ben extant over the years and there's just no answer for them. For
> example:
>        
>       *         Why do VPN gateway links just "die on the vine" and
> are not automatically re-established and the RRAS console shows the
> connect is still alive?
>       *         Why do so many people see an error regarding the
> upstream proxy being unavailable, even though everything seems to be
> working correctly?
>       *         What do DNS server publishing rules die and not come
> back until you restart the IPNAT service?
>       *         How do you stop NetBIOS node adapter status queries
> from taking place when the ISA Server is attempting to do a reverse
> lookup?
>       *         What do all those entries in the reports mean?
>       *         Why do I sometime get a DNS error when posting a
> response on the ISAServer.org message boards, and the only fix is to
> change from a Web Proxy client to a Firewall client, and why does it fix
> itself if I just close all the browser windows?
>       *         Does the NetMeeting client require a Site and Content
> Rule that allows it access to all Sites and Content, or can we create a
> more discreet Site and Cotent rule that will still allow the internal
> network NetMeeting client to recieve calls from external users who call
> them via a phone number
>       *         How do you configure the H.323 Gatekeeper to work with
> a 3rd party PBX on the DMZ? Is it possible?
>       I've got a million of them :-) 
>        
>       I'm not sure what to call this list, but I was thinking of
> calling it "Frequently Unanswered Questions", although I'm not sure how
> the acronym will go over ;)
>        
>       Thanks!
>       Tom
>        
>       Thomas W Shinder
>       www.isaserver.org/shinder <http://www.isaserver.org/shinder>  
>       ISA Server and Beyond: http://tinyurl.com/1jq1
> <http://tinyurl.com/1jq1> 
>       Configuring ISA Server: http://tinyurl.com/1llp
> <http://tinyurl.com/1llp> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Exchange Server Resource Site: http://www.msexchange.org/
> Windows Security Resource Site: http://www.windowsecurity.com/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tomerm1@xxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
> 
>
Title: Message
http://www.ISAserver.org

Hi Tom,
 
That is a frequently asked question, but I think its more of a design question rathar than something that can be fixed or "done". I suppose the design philosophy was that if a protocol were so poorly designed, OR required such a complex set of negotiations, that it would be better to let an ALG handle the connections, rather than having Protocol Rules deal with them.
 
What type of applications are you thinking of? Online games?
 
Thanks!
Tom

Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp

-----Original Message-----
From: Tom Mendelboim [mailto:tomerm1@xxxxxxx]
Sent: Saturday, March 08, 2003 1:11 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Idea for new question list

http://www.ISAserver.org

How about why ISA cannot have a protocol definition that can be defined to open a range of ports (not secondary ports) for incoming or outgoing?

 

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, March 06, 2003 2:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Idea for new question list

 

http://www.ISAserver.org

Hey folks,

 

I was wondering about starting a new list of questions that I could maybe present to the Microsoft folks regarding ISA Server. These are questions that have been asked many, many times over the last two years and there's never been an answer to them. Now, I'm not talking about Frequently Asked Questions (FAQ) that are just asked because the person hasn't done his homework. I mean those tough questions that have ben extant over the years and there's just no answer for them. For example:

 

·         Why do VPN gateway links just "die on the vine" and are not automatically re-established and the RRAS console shows the connect is still alive?

·         Why do so many people see an error regarding the upstream proxy being unavailable, even though everything seems to be working correctly?

·         What do DNS server publishing rules die and not come back until you restart the IPNAT service?

·         How do you stop NetBIOS node adapter status queries from taking place when the ISA Server is attempting to do a reverse lookup?

·         What do all those entries in the reports mean?

·         Why do I sometime get a DNS error when posting a response on the ISAServer.org message boards, and the only fix is to change from a Web Proxy client to a Firewall client, and why does it fix itself if I just close all the browser windows?

·         Does the NetMeeting client require a Site and Content Rule that allows it access to all Sites and Content, or can we create a more discreet Site and Cotent rule that will still allow the internal network NetMeeting client to recieve calls from external users who call them via a phone number

·         How do you configure the H.323 Gatekeeper to work with a 3rd party PBX on the DMZ? Is it possible?

I've got a million of them :-)

 

I'm not sure what to call this list, but I was thinking of calling it "Frequently Unanswered Questions", although I'm not sure how the acronym will go over ;)

 

Thanks!

Tom

 

Thomas W Shinder

www.isaserver.org/shinder

ISA Server and Beyond: http://tinyurl.com/1jq1

Configuring ISA Server: http://tinyurl.com/1llp

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: tomerm1@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 03-2003