RE: Using ISA Server 2004 Network Templates to Automatically Create Access Policy: The Edge Firewall Template
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 16 Feb 2004 19:43:43 -0600
Hi Greg,
Yes, things are a little different with ISA 2004 :)
You want to create a computer object named ISP and assign the IP address
of the ISP to that object
Inbound protocols are used for all access policies that are defined with
the Source network and Destination network statements. Those are all
access policies except for those representing Server Publishing and Web
Publishing Rules.
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Greg Mulholland [mailto:gmulholland@xxxxxxxxxxxxxxx]
Sent: Monday, February 16, 2004 7:33 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using ISA Server 2004 Network Templates
to Automatically Create Access Policy: The Edge Firewall Template
http://www.ISAserver.org
Thanks ill try that today, ive still got machine lined up on my
bench to rebuild, so when i have finished them ill play with 2004 again.
It just responds to the inbound connection.
So are you saying create a network host "isp" and allow outbound
from that to "local host" based on tcp port 5050. That seems a bit ass
about, i would have thought i would have done it the other way around,
ie, allow inbound to local host from tcp 5050 "isp", but there seems to
be no inbound available anymore. Thanks ill give it ago anyway
Greg Mulholland
http://www.isaserver.org <http://www.isaserver.org/>
http://isatools.org <http://isatools.org/>
http://groups.google.com <http://groups.google.com/>
_____
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 17, 2004 12:21 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using ISA Server 2004 Network Templates
to Automatically Create Access Policy: The Edge Firewall Template
http://www.ISAserver.org
Hi Greg,
You should be able to configure a Protocol Definition for TCP
5050 Outbound. Then create a rule that allows Source network External
access to that protocol to Destination Network Local Host. Does you
machine run an application that generates a new outbound, secondary
connection, or does it just respond to the Inbound connection?
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder <http://www.isaserver.org/shinder>
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
<http://www.microsoft.com/isaserver/beta/default.asp>
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
<http://tinyurl.com/1llp>
-----Original Message-----
From: Greg Mulholland
[mailto:gmulholland@xxxxxxxxxxxxxxx]
Sent: Monday, February 16, 2004 6:14 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using ISA Server 2004 Network
Templates to Automatically Create Access Policy: The Edge Firewall
Template
http://www.ISAserver.org
_____
From: Greg Mulholland
Sent: Tuesday, 17 February 2004 11:11 AM
To: [ISAserver.org Discussion List]
Subject: RE: [isalist] RE: Using ISA Server 2004 Network
Templates to Automatically Create Access Policy: The Edge Firewall
Template
Yeah its a tcp connection on port 5050 then my host
replies to them as well, so i really need to allow inbound 5050 from
them and outbound from me. The second part is not a problem.
Greg Mulholland
http://www.isaserver.org <http://www.isaserver.org/>
http://isatools.org <http://isatools.org/>
http://groups.google.com <http://groups.google.com/>
_____
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 17, 2004 10:55 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using ISA Server 2004 Network
Templates to Automatically Create Access Policy: The Edge Firewall
Template
http://www.ISAserver.org
Hi Greg,
What protocol do they need access inbound? You can rule
that allows that computer "outbound" access from itself to the Local
Host network. You will need to create a protocol definition first if its
not one of the predefined protocols.
HTH,
Tom
_____
From: Greg Mulholland
[mailto:gmulholland@xxxxxxxxxxxxxxx]
Sent: Monday, February 16, 2004 5:51 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using ISA Server 2004 Network
Templates to Automatically Create Access Policy: The Edge Firewall
Template
http://www.ISAserver.org
not really, im still trying to get my head around
letting a certain isp computer have access to the firewall on a "non
defined" inbound port.
Greg Mulholland
http://www.isaserver.org <http://www.isaserver.org/>
http://isatools.org <http://isatools.org/>
http://groups.google.com <http://groups.google.com/>
_____
From: Thomas W Shinder
[mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 17, 2004 10:40 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Using ISA Server 2004 Network
Templates to Automatically Create Access Policy: The Edge Firewall
Template
http://www.ISAserver.org
Hi Greg,
You can't add anything to the system policy, but you can
remove stuff.
Actually, I guess you can add stuff, in that when you
perform certain actions, like enabling the VPN clients network, the
disabled VPN system policy rule becomes enabled.
Do you want to place some rules that have a higher
priority than the system policy rules?
Thanks!
Tom
belists.com
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory:
http://www.serverfiles.com
No.1 Exchange Server Resource Site:
http://www.msexchange.org
Windows Security Resource Site:
http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org
Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: gmulholland@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
Other related posts:
