RE: [SPAM-HC] - ISA 2004 Configuration - Email found in subject

• From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 13 Nov 2005 12:59:48 -0800

You misunderstood Tom's statements.
It's less about the "where" than about the "what".
You used an "all protocols" rule - this is worst part of a bad rule.
The next worst part was allowing it to localhost from anywhere.

You need to look deeper; "502" is just the HTTP error code; ISA *always*
provides an ISA error code to "protected" clients as well and it'll be
listed near the bottom of the web page.

-----Original Message-----
From: Tony.Afriyie [mailto:Tony.Afriyie@xxxxxxxxxxxx] 
Sent: Sunday, November 13, 2005 12:39 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: [SPAM-HC] - ISA 2004 Configuration - Email found
in subject

http://www.ISAserver.org

Guys,
  Well, I made a change to the firewall policy and removed the Local
Host 
from the "From/Listener section since Tom thinks that this was a "BAD"
idea 
to have it there in the first place. I also configured the IE Proxy
settings 
on the ISA 2004 server and now I am getting the error "Error code: 502
Proxy 
Error".  I looked this error code up at Microsoft site and MS recommends

that an accees rule needs to be created to allow the machine to be able
to 
access the Internet but it does not tell you how or the process and what

needs to be put where to make this work. Anybody with any idea as to
what 
needs to be configured in the firewall policy to make the ISA 2004
server 
itself to be able to access the Internet? Thank you.

Tony

----- Original Message ----- 
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Sunday, November 13, 2005 10:45 AM
Subject: [isalist] RE: [SPAM-HC] - ISA 2004 Configuration - Email found
in 
subject


http://www.ISAserver.org

Hi Joseph,
Quick tip for you here: this is an example of a very BAD firewall
policy. You should always be very carerful of what traffic is allowed
*to* the Local Host Network and what traffic is allowed *from* the Local
Host Network. In this example, we have a All Open from the Local Host
Network OUCH!

Its hard to say what the problem is in this situation, because "cannot
access the Internet" lacks the specificity required to solve the
problem.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



> -----Original Message-----
> From: Joseph Danielsen [mailto:JDanielsen@xxxxxxxxxxxxxxxx]
> Sent: Sunday, November 13, 2005 9:39 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: [SPAM-HC] - ISA 2004 Configuration -
> Email found in subject
>
> http://www.ISAserver.org
>
> Isn't this a case where you need to configure the IE Proxy settings?
>
> Joseph F. Danielsen, MCSA-Messaging, MCP
> Network Blade Inc.
> 49 Marcy Street
> Somerset, NJ 08873
> (732) 213-0600
> www.NetworkBlade.Com
>
> -----Original Message-----
> From: Tony.Afriyie [mailto:Tony.Afriyie@xxxxxxxxxxxx]
> Sent: Saturday, November 12, 2005 1:41 PM
> To: [ISAserver.org Discussion List]
> Cc: Thomas W Shinder
> Subject: [SPAM-HC] - [isalist] ISA 2004 Configuration - Email found in
> subject
>
> http://www.ISAserver.org
>
> My ISA Server 2004 is up and running fine. All internal
> workstations and
>
> Servers can get on the Internet okay. The only site my ISA Server can
> access
> is www.microsoft.com. The links on microsoft.com cannot be
> accessed. How
> do
> I configure the ISA server so that I can access any site on the
> Internet? I
> have even added a firewall policy to:
>  Action-"allow"
> Protocols- "All Outbound"
> From/Listener - "Interna/Local Host"
> To                - "External"
> Condition - "All Users"
>
> But I am still having difficulty accessing the Internet from my ISA
> Server
> 2004. Any help will be appreciated. Thanks.
>
> Tony
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jdanielsen@xxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
Tony.Afriyie@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

• » RE: [SPAM-HC] - ISA 2004 Configuration - Email found in subject
• » RE: [SPAM-HC] - ISA 2004 Configuration - Email found in subject
• » RE: [SPAM-HC] - ISA 2004 Configuration - Email found in subject
• » RE: [SPAM-HC] - ISA 2004 Configuration - Email found in subject

1. Home
2. isalist
3. Archive
4. 11-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---