Packet filters control what you can and can't do on the ISA machine. Protocol rules define what you can and can't do on clients. i.e. Make sure you have a protocol definition for the app you are trying to run, and make sure it is allowed in your protocol rule(s). Nick Chadwick Development & Technical Support Manager Comsoft Limited, UK Tel: +44-(0)20-8240-4452 Fax: +44-(0)20-8240-4449 Mobile: +44-(0)7740-362408 Email: nick@xxxxxxxxxxxxxx <mailto:nick@xxxxxxxxxxxxxx> Web: http://www.comsoft.ltd.uk/ -----Original Message----- From: Yu, Kevin [mailto:kyu@xxxxxxxxxxx] Sent: 09 October 2001 15:06 To: [ISAserver.org Discussion List] Subject: [isalist] Re: Packet Filters http://www.ISAserver.org then I have a question, I can use a internet app on the ISA machine, but I can't run it on the client machine(coz it's behid the ISA firewall, obvious) how come? -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: Monday, October 08, 2001 9:52 AM To: [ISAserver.org Discussion List] Subject: [isalist] Re: Packet Filters http://www.ISAserver.org The firewall client is designed to provide a host in the LAT the ability to: 1. negotiate connections not defined in "Protocol Definitions" 2. authenticate to ISA ISA firewall functionality depends on ISA's ability to isolate the Internet from the LAT. One NIC makes that impossible to accomplish. If ISA is not installed on a W2K server with two NICs, no software on any client is going to change ISA's functionality. Installing the firewall client on the ISA server breaks the security model and causes ISA to act erratically. Essentially, spend the $25 and install a good 3COM NIC. You'll be happier for it. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Bayliss, Andre" <Andre.Bayliss@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, October 08, 2001 08:11 Subject: [isalist] Re: Packet Filters http://www.ISAserver.org Jim, Is the Firewall Client also used to access WinSock apps i.e. WinSock Client? If yes, I guess once again, cannot be used unless one is using two NIC's in the ISA Server, correct? Regards, André -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 20 September 2001 14:45 To: [ISAserver.org Discussion List] Subject: [isalist] Re: Packet Filters http://www.ISAserver.org Yep. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Bayliss, Andre" <Andre.Bayliss@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, September 20, 2001 3:45 AM Subject: [isalist] Re: Packet Filters http://www.ISAserver.org Jim, I guess installing the Firewall Client is pretty much a waste of time then, huh? Regards, André -----Original Message----- From: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Sent: 19 September 2001 19:02 To: [ISAserver.org Discussion List] Subject: [isalist] Re: Packet Filters http://www.ISAserver.org No; you need two NICs and either Integrated or Firewall mode to use packet filters. Jim Harrison MCP(2K), A+, Network+, PCG ----- Original Message ----- From: "Bayliss, Andre" <Andre.Bayliss@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, September 19, 2001 07:24 Subject: [isalist] Packet Filters http://www.ISAserver.org Guys, I'm using my ISA Servers on the internal network, [just one active NIC]. If a situation arises where I have to create a Packet Filter, will it work? Do I have to have an active internal NIC and external NIC for Packet Filters to work? Regards, André Bayliss ---------------------------------------------------------------------------- This e-mail including any attachments is confidential and may be legally privileged. If you have received it in error please advise the sender immediately by return email and then delete it from your system. The unauthorised use, distribution, copying or alteration of this email is strictly forbidden. If you need assistance please contact the IT help desk on +44 207 467 2154. This email is from a unit or subsidiary of EMI Group plc, registered in England No 229231 Registered Office: 4 Tenterden Street, London W1A 2AY ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andre.bayliss@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ---------------------------------------------------------------------------- This e-mail including any attachments is confidential and may be legally privileged. If you have received it in error please advise the sender immediately by return email and then delete it from your system. The unauthorised use, distribution, copying or alteration of this email is strictly forbidden. If you need assistance please contact the IT help desk on +44 207 467 2154. This email is from a unit or subsidiary of EMI Group plc, registered in England No 229231 Registered Office: 4 Tenterden Street, London W1A 2AY ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: andre.bayliss@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ---------------------------------------------------------------------------- This e-mail including any attachments is confidential and may be legally privileged. If you have received it in error please advise the sender immediately by return email and then delete it from your system. The unauthorised use, distribution, copying or alteration of this email is strictly forbidden. If you need assistance please contact the IT help desk on +44 207 467 2154. This email is from a unit or subsidiary of EMI Group plc, registered in England No 229231 Registered Office: 4 Tenterden Street, London W1A 2AY ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: kyu@xxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: nick@xxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ********************************************************************** Disclaimer: This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail and then permanently delete the message from your computer. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on the e-mail. The opinion expressed in this Email is that of the author and not necessarily that of Comsoft Limited. While attachments are virus checked, Comsoft Limited do not accept any liability in respect of a virus which is not detected. **********************************************************************