Hi William, Packet filters don't control inbound access except to the ISA firewall itself. You'll need to use Server Publishing Rules. I haven't studied the TFTP protocol lately (mainly because I always explicitly block it as it's a favorite of blended worm writers), but IIRC, doesn't it require secondary connections? HTH, Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 12:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface? http://www.ISAserver.org PFilter: Allow custom protocol UDP-Receive Send Local Port=Dynamic Remote Port=FixedPort 69 Applied to this isa's ext interface For only 1 remote computer (IP address of external device) I allowed logging of ALLOW rules on Packet Filter, but still all I got was the following: 9/7/2004, 19:22:58, <External Device>, <Internal Workstation>, Udp, 12345, 69, -, BLOCKED, <ISA External NIC>, -, - Your comments/thoughts? Thanks William R. -----Original Message----- From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: 07 September 2004 04:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface? http://www.ISAserver.org Yeah, you're right. My bad (only one cup of coffee so far this morning...) How did you create the packet filter? -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 10:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface? http://www.ISAserver.org No, just did UDP 'cause as I understand it TFTP is a UDP protocol??? -----Original Message----- From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: 07 September 2004 04:14 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface? http://www.ISAserver.org Did you also create one for tcp/69? -Shawn ----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 10:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface? http://www.ISAserver.org Hi Tom, I know, that's why I'm struggling... hehe Don't you just love it that it is now possible to ask the question: "What version of ISA are you running...?" - it's beautiful I tell you. Anyway, I'm sorry to say that I am still running ISA 2000 :( I want to basically dump the config's of my external routers to the TFTP server running on my internal workstation, so I somehow need to let ISA know how to authenticate the inbound request so I though a Packet Filter would be required, but that didn't work (to say the least...) Thanks William R. -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 07 September 2004 02:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface? http://www.ISAserver.org Hi William, The ISA firewall isn't a simple packet filter firewall like so-called 'hardware firewalls'. What version of the ISA firewall are you using? >From your ISA firewall configuration experience, do you ever recall creating a simple packet filter to allow inbound access? Thanks! Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls -----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 6:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] TFTP from external interface? http://www.ISAserver.org Hi there Anyone know how I can allow TFTP access from an outside router to a TFTP Server sitting inside my corporate network? I tried creating a packet filter for UDP:69 but this didn't work... Any and all ideas appreciated. Thanks William R. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx