Re: Packet Filters
- From: "Nick Chadwick" <nick@xxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 9 Oct 2001 15:45:23 +0100
Packet filters control what you can and can't do on the ISA machine.
Protocol rules define what you can and can't do on clients.
i.e. Make sure you have a protocol definition for the app you are trying to
run, and make sure it is allowed in your protocol rule(s).
Nick Chadwick
Development & Technical Support Manager
Comsoft Limited, UK
Tel: +44-(0)20-8240-4452 Fax: +44-(0)20-8240-4449 Mobile: +44-(0)7740-362408
Email: nick@xxxxxxxxxxxxxx <mailto:nick@xxxxxxxxxxxxxx>
Web: http://www.comsoft.ltd.uk/
-----Original Message-----
From: Yu, Kevin [mailto:kyu@xxxxxxxxxxx]
Sent: 09 October 2001 15:06
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Packet Filters
http://www.ISAserver.org
then I have a question, I can use a internet app on the ISA machine, but I
can't run it on the client machine(coz it's behid
the ISA firewall, obvious) how come?
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Monday, October 08, 2001 9:52 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Packet Filters
http://www.ISAserver.org
The firewall client is designed to provide a host in the LAT the ability to:
1. negotiate connections not defined in "Protocol Definitions"
2. authenticate to ISA
ISA firewall functionality depends on ISA's ability to isolate the Internet
from the LAT. One NIC makes that impossible to accomplish.
If ISA is not installed on a W2K server with two NICs, no software on any
client is going to change ISA's functionality.
Installing the firewall client on the ISA server breaks the security model
and causes ISA to act erratically.
Essentially, spend the $25 and install a good 3COM NIC. You'll be happier
for it.
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Bayliss, Andre" <Andre.Bayliss@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, October 08, 2001 08:11
Subject: [isalist] Re: Packet Filters
http://www.ISAserver.org
Jim,
Is the Firewall Client also used to access WinSock apps i.e. WinSock Client?
If yes, I guess once again, cannot be used unless one is using two NIC's in
the ISA Server, correct?
Regards,
André
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 20 September 2001 14:45
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Packet Filters
http://www.ISAserver.org
Yep.
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Bayliss, Andre" <Andre.Bayliss@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, September 20, 2001 3:45 AM
Subject: [isalist] Re: Packet Filters
http://www.ISAserver.org
Jim,
I guess installing the Firewall Client is pretty much a waste of time then,
huh?
Regards,
André
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: 19 September 2001 19:02
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: Packet Filters
http://www.ISAserver.org
No; you need two NICs and either Integrated or Firewall mode to use packet
filters.
Jim Harrison
MCP(2K), A+, Network+, PCG
----- Original Message -----
From: "Bayliss, Andre" <Andre.Bayliss@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, September 19, 2001 07:24
Subject: [isalist] Packet Filters
http://www.ISAserver.org
Guys,
I'm using my ISA Servers on the internal network, [just one active NIC]. If
a situation arises where I have to create a Packet Filter, will it work? Do
I have to have an active internal NIC and external NIC for Packet Filters to
work?
Regards,
André Bayliss
----------------------------------------------------------------------------
This e-mail including any attachments is confidential and may be legally
privileged. If you have received it in error please advise the sender
immediately by return email and then delete it from your system. The
unauthorised use, distribution, copying or alteration of this email is
strictly forbidden. If you need assistance please contact the IT help desk
on +44 207 467 2154.
This email is from a unit or subsidiary of EMI Group plc, registered in
England No 229231 Registered Office: 4 Tenterden Street, London W1A 2AY
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andre.bayliss@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
----------------------------------------------------------------------------
This e-mail including any attachments is confidential and may be legally
privileged. If you have received it in error please advise the sender
immediately by return email and then delete it from your system. The
unauthorised use, distribution, copying or alteration of this email is
strictly forbidden. If you need assistance please contact the IT help desk
on +44 207 467 2154.
This email is from a unit or subsidiary of EMI Group plc, registered in
England No 229231 Registered Office: 4 Tenterden Street, London W1A 2AY
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
andre.bayliss@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
----------------------------------------------------------------------------
This e-mail including any attachments is confidential and may be legally
privileged. If you have received it in error please advise the sender
immediately by return email and then delete it from your system. The
unauthorised use, distribution, copying or alteration of this email is
strictly forbidden. If you need assistance please contact the IT help desk
on +44 207 467 2154.
This email is from a unit or subsidiary of EMI Group plc, registered in
England No 229231 Registered Office: 4 Tenterden Street, London W1A 2AY
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
kyu@xxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
nick@xxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
**********************************************************************
Disclaimer: This e-mail contains proprietary information some or all
of which may be legally privileged. It is for the intended recipient
only. If an addressing or transmission error has misdirected this
e-mail, please notify the author by replying to this e-mail and then
permanently delete the message from your computer. If you are not the
intended recipient you must not use, disclose, distribute, copy, print
or rely on the e-mail.
The opinion expressed in this Email is that of the author and not
necessarily that of Comsoft Limited.
While attachments are virus checked, Comsoft Limited do not accept any
liability in respect of a virus which is not detected.
**********************************************************************
Other related posts:
