Rules not working.
- From: Erik Sojka <esojka@xxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 1 May 2002 12:54:54 -0400
Server: ISA Server SP1 running on W2K SP2 + SRP + patches in
Standalone/Integrated mode in an Active Directory domain. The ISA server
sits behind our Cisco Pix firewall.
We previously ran our server on the above config using only caching mode.
The Pix administrator reported that requests for nonstandard ports (things
other than 80, 443, 20/21) were being passed through from ISA but blocked at
the Pix. As part of our troubleshooting efforts, we rebuilt the server and
added the firewall featureset (yielding the config above).
Site and Content rule (1 rule):
- Allow all traffic to all destinations at all times; applied to an NT group
we created that has all users allowed to surf the Internet; all content
groups allowed.
Protocol Rules:
- We initially had a single rule - Allow selected protocols (HTTP, HTTPS,
FTP DL Only) at all times applied to the NT user group mentioned above).
ISA should normally not allow traffic through that is not allowed, right?
With this single protocol rule, IE requests for pages at different ports
were passed through to the PIX.
- Then we created a second protocol rule - Deny all requests to protocols
except HTTP, HTTPS, FTP DL only; applied always and to the NT group. - Same
thing.
What am I missing? Why is ISA passing this traffic through when it seems
like it shouldn't?
TIA,
*****************************
* Erik Sojka, MOS, MCSE *
* Manager, Network Services *
* esojka@xxxxxxxx *
*****************************
Other related posts:
