No attached screenshot... open ISA MMC... expand access policy, right click IP Packet filters... select properties... on "General" Tab be sure "Enable Packet Filtering" is checked check enable intrusion detection and IP routing... HTH's Mark ----- Original Message ----- From: "Chhatwal, Raminder S." <RChhatwal@xxxxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Thursday, October 18, 2001 4:28 PM Subject: [isalist] RE: Please Help "Deny All" http://www.ISAserver.org Robert, Please look at the attached screenshot, to me it looks as if packet filters are enabled. Can you confirm? Thanks Raminder -----Original Message----- From: Chhatwal, Raminder S. [mailto:RChhatwal@xxxxxxxxxxxxxxxxx] Sent: Thursday, October 18, 2001 4:24 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Please Help "Deny All" http://www.ISAserver.org Robert, Thanks a lot for response. I guess, I have packet filters enabled, how do I check that? Raminder -----Original Message----- From: Weiss, Robert [mailto:WeissR@xxxxxxxxxx] Sent: Thursday, October 18, 2001 4:27 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Please Help "Deny All" http://www.ISAserver.org Raminder, ISA only denies all traffic if you enable packet filtering. With packet filters turned off, all traffic will flow freely through your ISA Server(s) Robert Weiss Manager, Network and Academic Systems Philadelphia University Office of Information Technology 215-951-2689 http://www.PhilaU.edu/OIT -----Original Message----- From: Chhatwal, Raminder S. [mailto:RChhatwal@xxxxxxxxxxxxxxxxx] Sent: Thursday, October 18, 2001 4:10 PM To: [ISAserver.org Discussion List] Subject: [isalist] Please Help "Deny All" http://www.ISAserver.org Hi all, As I understand, by default ISA denies all access through the firewall unless explicitly allowed by a policy rule. 1. Does this apply only to the ISA server or all client workstations connected to the internal interface? For me all internal SNAT client workstations are able to access external applications without any allow rules configured. 2. Could I have done anything during installation for disable the default "deny all"? (Dedicated Firewall Standalone installation) I have made no changes after installing ISA, no protocol definitions, no protocol rules, no packet filters, no site and content rules. I have just configured a destination set and a client address set. I would appreciate any help...... I might switch to other firewalls if this thing doesn't work...though I don't want to. Thanks a lot Rami -----Original Message----- From: Joe Pochedley [mailto:JoePochedley@xxxxxxxxx] Sent: Thursday, October 18, 2001 1:58 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SNAT Client http://www.ISAserver.org First, you need to make sure you have your client sets configured properly when using SNAT. The client set, and what protocol rules it's assigned to will control whether a secure NAT client will be able to get out... Second, when modifying protocol rules, or protocol definitions, you need to stop and restart the firewall service before the changes will take effect. JoeP -----Original Message----- From: Alex Randjelovic [mailto:alex@xxxxxxxx] Sent: Thursday, October 18, 2001 12:23 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: SNAT Client http://www.ISAserver.org I have the same problem Alex Randjelovic IT Manager MagiTech Inc. -----Original Message----- From: Chhatwal, Raminder S. [mailto:RChhatwal@xxxxxxxxxxxxxxxxx] Sent: Thursday, October 18, 2001 11:01 AM To: [ISAserver.org Discussion List] Subject: [isalist] SNAT Client http://www.ISAserver.org Hi all, I am unable to stop / restrict traffic using SNAT client. I have this one workstation sitting behind an ISA server connected to the internal interface of the server. The only connection to the outside world for this client machine is through the ISA server. But still I am unable to restrict and open access to a particular application on the outside (external network). I want to be able and give and restrict access to a number of applications on the external network at my will. I have tried protocol definitions and rules, packet filters, but nothing seems to work. Client machine can get to the external application all the time. I cannot seem to restrict the access. Please Help. Thanks Rami ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alex@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: JoePochedley@xxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rchhatwal@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: weissr@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rchhatwal@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rchhatwal@xxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: strangconst@xxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')