RE: Scripting guys help Interface based rules?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 9 Dec 2005 11:56:25 -0600
Hi Amy,
Try running the Certificates MMC snap in to request a machine
certificate from an Enterprise CA on an ISA firewall Protected Network.
That was must first clue that there would be future issues. Also, breaks
machine autoenrollment. Not an issue with SBS, but it is in a typical
Centro-oid deployment.
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Amy Babinchak [mailto:amy@xxxxxxxxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, December 09, 2005 11:46 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Scripting guys help Interface based rules?
>
> http://www.ISAserver.org
>
> The only issues I hit with the RPC filter in SBS is with 3rd
> party apps.
>
>
> Amy
>
> Harbor Computer Services
> Small Business Computer Specialists
>
> Client Blog: http://smalltechnotes.blogspot.com/
> Tech Blog: http://isainsbs.blogspot.com/
> Website: http://www.harborcomputerservices.net/
>
>
>
>
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: Friday, December 09, 2005 12:38 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Scripting guys help Interface based rules?
>
> http://www.ISAserver.org
>
> This question is only asked because of ignorance of how RPC and DCOM
> operate.
>
> Remember; the ISA RPC filter was written primarily to support
> Exchange.
> The fact that Exch uses a subset of the RPC potential
> functionality is a
> large part of the reason for "generic" RPC failure across ISA
> DCOM, OTOH, (used by WMI) is a superset of RPC functionality,
> making the
> whole problem even bigger.
>
> Also consider that except for SBS, ISA is installed in "network brick"
> mode. Even in SBS, the "strict RPC" switch is on because the SBS team
> didn't hit any issues in their testing until after they shipped SP1.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: sbradcpa@xxxxxxxxxxx [mailto:sbradcpa@xxxxxxxxxxx]
> Sent: Friday, December 09, 2005 07:10
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Scripting guys help Interface based rules?
>
> http://www.ISAserver.org
>
> But isn't there a way to be more granular?
>
> If someone can point me to chapter I forgot in the Bible of ISA
> [Shinder] or a MSDN page .... because I'd love to be a bit
> less 'oh just
> wack the box off'
>
> > That RPC thang has been ongoing since the release of ISA......=20
> >
> > -----Original Message-----
> > From: sbradcpa@xxxxxxxxxxx [mailto:sbradcpa@xxxxxxxxxxx]=20
> > Sent: Friday, December 09, 2005 3:32 AM
> > To: ISA Mailing List
> > Subject: [isalist] RE: Scripting guys help Interface based rules?
> >
> >
> > http://www.ISAserver.org
> >
> > Well some of us SBS folks can at least read such trivial things as
> > subscribe and unsubscribe instructions off of listserves
> [even though
> > we may not follow them and unsubscribe and end up lurking]
> >
> > Right now I'll just be glad when we're not knee jerk
> wacking off the
> > RPC filtering.
> >
> >
> <http://spaces.msn.com/members/dmoisan/Blog/cns!1prHWLujp5fNIAaScwFLsA
> > 4g
> > !121.entry>
> >
> > http://makeashorterlink.com/?Z38D1384C
> >
> > I'll let you know about what we think about DiffServ in SP2 once we
> > see SP2.
> >
> > Don't worry we have enough to complain about in SBS 2003 R2 ;-)
> >
> > > Oh yeh - the SBS folks would turn this on and never give us a
> > > moment's
> >
> > > peace...
> > > I can't wait until they start complaining about DiffServ in SP2...
> > > "I turned it on and nothing happened"...
> > >=20
> > > --------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > --------------------------------------------
> > >=20
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Thursday, December 08, 2005 9:50 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: Scripting guys help Interface based rules?
> > >=20
> > > http://www.ISAserver.org
> > >=20
> > > Would be an interesting thing to include in a future rev of the
> > product.
> > > Maybe with the release after the next release. :) =20 Thomas W
> > >Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >=20
> > > =20
> > >=20
> > >=20
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=3DFAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > isalist@xxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=3Disalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
