RES: Weird problem with ISA 2004
- From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 7 Jun 2005 14:09:24 -0300
Hello Frédéric,
Do you have any antivírus software installed such as McAfee? New versions are
including a built-in firewall that loads when a user logs on.
Hope it helps!
Tiago de Aviz
SoftSell - Curitiba
(41) 340-2363
www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é
restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem
por engano, queira por favor retorná-la ao destinatário e apagá-la de seus
arquivos. Qualquer uso não autorizado, replicação ou disseminação desta
mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável
pelo conteúdo ou a veracidade desta informação.
-----Mensagem original-----
De: "Frédéric Giroux" [mailto:fgiroux@xxxxxxxxxx]
Enviada em: terça-feira, 7 de junho de 2005 11:58
Para: [ISAserver.org Discussion List]
Assunto: [isalist] Weird problem with ISA 2004
http://www.ISAserver.org
Hello All!
I'm having a weird problem with ISA 2004:
When no user is logged to ISA, it works flawlessly. As soon as I, or any user,
log on, most inbound ports become blocked. SMTP, POP and a few others are
blocked. HTTP and DNS keep working. No errors in logs (except for a half scan
attak a few days ago), no sign whatsoever of what could be the cause. Windows
event logs are free of anything suspicious.
I tried disabling the SMTP filter and the POP filter (which are blocked when
logged on). For some obscure reason, the ports opened up again. I reactivated
the filters, down they go. Log off... Back up again.
However, I have an activity/port monitoring scanner on an external server (A1
Monitoring). When the filters were turned off, it started having all kind of
troubles monitoring the local server. It would say that he server was down
despite the fact that it was responding fine using Telnet. After I re-enabled
the filters, A1 Monitoring started working fine again (after I logged off of
course ;-) ).
FYI, the SMTP filter is on but not configured. I use Brightmail so I have no
use for it.
The symptoms, more precisely, are as follow:
It's like if the routing was incorrect. I mean that when I Telnet port 25 from
a remote computer, I get a connection but no reply (the smtp banner doesn't
show). I tried to monitor the connection from withing ISA and it is as if no
reply was sent to the remote computer.
I don't know what could be the cause of this. I did not make much changes
before it happened but I must add that this ISA has been up for only 45 days. I
noticed the problem 10 days ago.
Rules are fine. If they were the problem, it wouldn't work while logged out
(unless MS is hidding something :-))) ).
Thanks for any help you can provide.
Fred
_____________________________________
Frederic Giroux, technical director
Niveau3 inc.
IT Consultants
fgiroux@xxxxxxxxxx
www.niveau3.ca
514-352-4782 (ext. 223)
514-352-9126 (fax)
866-477-4782 (toll free)
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tiago@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
