I wont have any anonymous rules coz I wanna force firewall clients I wanted to know , whether it is right to open everything going out and just block stuff not needed..OR Should we block everything going out and just open whats needed ? Also, is there a need to make servers like internal webservers, domain controllers, exchange etc any kind of client. Is it ok if I just make all my servers as SECURENAT (no proxy and no firewall clients on any servers ) ? if the servers are not initiating any connections. is there a need for them to be a client ? I am a littler confused on this.. Thanks Aman Bedi | Systems/Network Administrator 54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 764-0269 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com PRIVILEGED & CONFIDENTIAL The information contained in this email message is intended only for use of the person or entity to whom it is addressed. The contained information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under applicable laws. If you read this message and are not the addressee, you are notified that use, dissemination or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------------------- _____ From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, September 30, 2004 7:14 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Rules http://www.ISAserver.org Hi Aman, They way I do it when an organization doesn't use Least Privilege: Deny Rules first Anonymous Rules next Authenticated Rules HTH, Tom _____ From: Aman Bedi [mailto:gurkirpal.bedi@xxxxxxxxxxx] Sent: Thursday, September 30, 2004 5:40 PM To: [ISAserver.org Discussion List] Subject: [isalist] Rules http://www.ISAserver.org Hi all 'I know its not the best practice but is it ok. to have ALL open rules for outgoing traffic ..and Rules to block things which I don't want like FTP, or messengers , etc etc above that rule And for incoming .. Block all incoming traffic rule (the default rule) And rules to allow stuff above that Like ---------------------------------------------------------------------------- --------------------------------------- Rule 1 ------------ block outgoing this Rule 2 -------------block outgoing this Rule 3-------------block outgoing ths . .. ALL OPEN (int to ext) ----ALLOW ----ALL TRAFFIC -----INTERNAL --------EXTERNAL Rule 10 .......Allow incoming this Rule 11.......Allow incoming this Rule 12.......Allow incoming this . . Last Deafult Rule -------DENY ----ALL TRAFFIC -----ALL NETWORKS---ALL NETWORKS ---------------------------------------------------------------------------- ----------------------------------------------- Aman Bedi | Systems/Network Administrator (MCP, MCSD, MCSA 2000, MCSA 2003) 54 West 39th Street, 4th Floor, New York, NY 10018 | Fax +1(212) 202-4318 | Phone +1(212) 278-0178 ext 234 | www.scanbuy.com PRIVILEGED & CONFIDENTIAL The information contained in this email message is intended only for use of the person or entity to whom it is addressed. The contained information is CONFIDENTIAL and LEGALLY PRIVILEGED and exempt from disclosure under applicable laws. If you read this message and are not the addressee, you are notified that use, dissemination or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ------------------------------------- ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gurkirpal.bedi@xxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx