I have not been able to get tft working from an external client to a ISA
server hosting TFTP services with a single UDP packet filter. Even with
local 69 and all remote ports, as well as "Receive Send" and/or "Both"
directions set up, it required 2 different filters- one "Receive Send" local
69 remote all, and one "Send Receive" local all/remote 69. You would
obviously limit the remote address to the single client you wish to support,
and ensure that your permissions on the TFTP server you are using are set
properly.
t
http://www.ISAserver.org
<light bulb on> Aaaahhhh <light bulb off>
Thanks Tom, forgot that Packet Filters were for explicit access to ISA
alone... Would that imply that if I recreate my packet filters, and then try
to connect from the ISA itself with a TFTP server it may in fact work?
Regarding Secondary connections... I dunno actually. There is a TFTP
protocol definition within ISA, and I see it does have a secondary
connection... does that imply I would need to setup a 2nd Packet Filter
maybe? (I cannot see that I can setup secondary connections within the same
Packet Filter rule)
Thanks William R.
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 07 September 2004 07:38 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi William,
Packet filters don't control inbound access except to the ISA firewall itself.
You'll need to use Server Publishing Rules. I haven't studied the TFTP protocol lately (mainly because I always explicitly block it as it's a favorite of blended worm writers), but IIRC, doesn't it require secondary connections?
HTH,
Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 12:28 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
PFilter: Allow custom protocol UDP-Receive Send Local Port=Dynamic Remote Port=FixedPort 69 Applied to this isa's ext interface For only 1 remote computer (IP address of external device)
I allowed logging of ALLOW rules on Packet Filter, but still all I got was the following: 9/7/2004, 19:22:58, <External Device>, <Internal Workstation>, Udp, 12345, 69, -, BLOCKED, <ISA External NIC>, -, -
Your comments/thoughts?
Thanks William R.
-----Original Message----- From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: 07 September 2004 04:48 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Yeah, you're right. My bad (only one cup of coffee so far this morning...) How did you create the packet filter?
-Shawn
----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 10:36 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
No, just did UDP 'cause as I understand it TFTP is a UDP protocol???
-----Original Message----- From: Quillman Shawn (RBNA/CSA1) * [mailto:Shawn.Quillman@xxxxxxxxxxxx] Sent: 07 September 2004 04:14 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Did you also create one for tcp/69?
-Shawn
----- Shawn R. Quillman Robert Bosch Corporation RBNA/CSA1 38000 Hills Tech Drive Farmington Hills, MI 48331 (248) 553-1164 (P) (248) 848-6969 (F) shawn.quillman@xxxxxxxxxxxx
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 10:08 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi Tom,
I know, that's why I'm struggling... hehe Don't you just love it that it is now possible to ask the question: "What version of ISA are you running...?" - it's beautiful I tell you.
Anyway, I'm sorry to say that I am still running ISA 2000 :(
I want to basically dump the config's of my external routers to the TFTP server running on my internal workstation, so I somehow need to let ISA know how to authenticate the inbound request so I though a Packet Filter would be required, but that didn't work (to say the least...)
Thanks William R.
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: 07 September 2004 02:44 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: TFTP from external interface?
http://www.ISAserver.org
Hi William,
The ISA firewall isn't a simple packet filter firewall like so-called 'hardware firewalls'.
What version of the ISA firewall are you using?
From your ISA firewall configuration experience, do you ever recallcreating a simple packet filter to allow inbound access?
Thanks!
Tom www.isaserver.org/shinder Get the book! Tom and Deb Shinder's Configuring ISA Server 2004 http://tinyurl.com/3xqb7 MVP -- ISA Firewalls
-----Original Message----- From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx] Sent: Tuesday, September 07, 2004 6:40 AM To: [ISAserver.org Discussion List] Subject: [isalist] TFTP from external interface?
http://www.ISAserver.org
Hi there
Anyone know how I can allow TFTP access from an outside router to a TFTP Server sitting inside my corporate network?
I tried creating a packet filter for UDP:69 but this didn't work...
Any and all ideas appreciated. Thanks William R.
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: shawn.quillman@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: robertson.william@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx