Hey, no problem... Better than getting your Newton's crossed... Ya get fig
all over yourself then.
----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, September 07, 2004 4:53 PM
Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi Tim,
Could be that I got my neuron's crossed :)
Tom
-----Original Message----- From: Thor [mailto:thor@xxxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 6:20 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Oh- thanks for clearing that up-- I thought William was moving from the publishing model to the "host tftp on ISA" config; that's why I piped in with that one. Pretty sure that's what he meant.. t
----- Original Message ----- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Tuesday, September 07, 2004 3:07 PM Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi William,
It won't work unless the TFTP server is on the ISA firewall itself. The reason is that TFTP is a complex protocol, which requires either an application filter or the Firewall client to be installed on the published server (for 2000 only; the 2004 ISA firewall do NOT support Firewall client publishing scenarios).
HTH,
Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 4:53 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Thanks Thor, will set it up and let you know.
Cheers William R.
-----Original Message----- From: Thor [mailto:thor@xxxxxxxxxxxxxxx] Sent: 07 September 2004 10:12 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
I have not been able to get tft working from an external client to a ISA
server hosting TFTP services with a single UDP packet filter. Even with
local 69 and all remote ports, as well as "Receive Send" and/or "Both" directions set up, it required 2 different filters- one "Receive Send" local
69 remote all, and one "Send Receive" local all/remote 69. You would obviously limit the remote address to the single client you wish to support,
and ensure that your permissions on the TFTP server you are using are set properly.
t
thenhttp://www.ISAserver.org
<light bulb on> Aaaahhhh <light bulb off>
Thanks Tom, forgot that Packet Filters were for explicit access to ISA alone... Would that imply that if I recreate my packet filters, and
Filtertry to connect from the ISA itself with a TFTP server it may in fact work?
Regarding Secondary connections... I dunno actually. There is a TFTP protocol definition within ISA, and I see it does have a secondary connection... does that imply I would need to setup a 2nd Packet
maybe? (I cannot see that I can setup secondary connections within the
[mailto:Shawn.Quillman@xxxxxxxxxxxx]same Packet Filter rule)
Thanks William R.
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 07 September 2004 07:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi William,
Packet filters don't control inbound access except to the ISA firewall itself.
You'll need to use Server Publishing Rules. I haven't studied the TFTP protocol lately (mainly because I always explicitly block it as it's a favorite of blended worm writers), but IIRC, doesn't it require secondary connections?
HTH,
Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 12:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
PFilter: Allow custom protocol UDP-Receive Send Local Port=Dynamic Remote Port=FixedPort 69 Applied to this isa's ext interface For only 1 remote computer (IP address of external device)
I allowed logging of ALLOW rules on Packet Filter, but still all I got was the following: 9/7/2004, 19:22:58, <External Device>, <Internal Workstation>, Udp, 12345, 69, -, BLOCKED, <ISA External NIC>, -, -
Your comments/thoughts?
Thanks William R.
-----Original Message----- From: Quillman Shawn (RBNA/CSA1) *
[mailto:Shawn.Quillman@xxxxxxxxxxxx]Sent: 07 September 2004 04:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Yeah, you're right. My bad (only one cup of coffee so far this morning...) How did you create the packet filter?
-Shawn
----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 10:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
No, just did UDP 'cause as I understand it TFTP is a UDP protocol???
-----Original Message----- From: Quillman Shawn (RBNA/CSA1) *
itSent: 07 September 2004 04:14 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Did you also create one for tcp/69?
-Shawn
----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 10:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi Tom,
I know, that's why I'm struggling... hehe Don't you just love it that
TFTPis now possible to ask the question: "What version of ISA are you running...?" - it's beautiful I tell you.
Anyway, I'm sorry to say that I am still running ISA 2000 :(
I want to basically dump the config's of my external routers to the
server running on my internal workstation, so I somehow need to letISA
know how to authenticate the inbound request so I though a PacketFilter
TFTPwould be required, but that didn't work (to say the least...)
Thanks William R.
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 07 September 2004 02:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi William,
The ISA firewall isn't a simple packet filter firewall like so-called 'hardware firewalls'.
What version of the ISA firewall are you using?
From your ISA firewall configuration experience, do you ever recallcreating a simple packet filter to allow inbound access?
Thanks!
Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 6:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] TFTP from external interface?
http://www.ISAserver.org
Hi there
Anyone know how I can allow TFTP access from an outside router to a
SecurityServer sitting inside my corporate network?
I tried creating a packet filter for UDP:69 but this didn't work...
Any and all ideas appreciated. Thanks William R.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network
http://www.webelists.com/cgi/lyris.pl?enter=isalistLibrary: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
SecurityReport abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network
http://www.webelists.com/cgi/lyris.pl?enter=isalistLibrary: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit
SecurityReport abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network
http://www.webelists.com/cgi/lyris.pl?enter=isalistLibrary: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit
SecurityReport abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network
http://www.webelists.com/cgi/lyris.pl?enter=isalistLibrary: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit
SecurityReport abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network
http://www.webelists.com/cgi/lyris.pl?enter=isalistLibrary: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalistReport abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalistReport abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as:
http://www.webelists.com/cgi/lyris.pl?enter=isalistthor@xxxxxxxxxxxxxxx To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx