Hi Mark, I'm guessing it was your hard weekend. Protocol Rules aren't ordered, and there's no reason for them to be. You can't have a protocol rule conflict :-) Deny rules are processed before allow rules, so there can't be any conflict. HTH, Tom Thomas W Shinder www.isaserver.org/shinder ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: Mark Strangways [mailto:strangconst@xxxxxxxxxx] Sent: Sunday, February 23, 2003 10:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] Protocol rules http://www.ISAserver.org Hi List, Is it just me, I mean it's been a tough weekend and all but has anyone ever noticed how the relative order of protocol rules will affect the operation of the firewall clients ? I was trying to get an app ported thru on 5503 TCP, so I made a rule. Simple enough... But it never seemed to take affect until I changed it's name by adding an A to the front if it. Thereby putting it at the start of the list. I do not have any deny rules even near this port range. So it cannot be a deny rule causing the grief. I suppose there could be a rule that is intercepting the port before it got to my dedicated rule for that application. I noticed that with my testing with kazza rules. Interested in your responses. Mark S ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')