[isapros] Re: Customizing Lockdown Policy
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Sat, 20 May 2006 12:18:22 -0700
Ah- well, I was under the impression that all system polices stayed in
effect, but according to TechNet, what you described seems to be the case.
In my testing, though, everything I've tried that was in system policy
worked while in lockdown mode-- however, I didn't actually try everything
(like SMTP for instance.) Jim will have to answer that one.
t
On 5/20/06 12:17 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:
> Yes, but there are many more types of connections defined in System
> Policy -- not all of them are enabled during Lockdown Mode, right?
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>> Sent: Saturday, May 20, 2006 2:06 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: Customizing Lockdown Policy
>>
>> Yep - all those (except fwengmon) are defined by the system policy.
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thomas W Shinder
>> Sent: Saturday, May 20, 2006 12:11 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: Customizing Lockdown Policy
>>
>> Hi Jim,
>>
>> I thought lockdown policy was limited to:
>>
>> * Allowing hosts in the Internal network element to access the
>> Local Host network element using the firewall's
>> administration protocol.
>> * Allowing Remote Desktop Protocol (RDP) from Internal to Local
>> Host.
>> * Allowing ICMP ping from Internal to Local Host.
>> * Allowing DHCP from any host to Local Host.
>> * Outgoing traffic from the firewall to any destination
>> * Traffic that already has a connection element (this allows
>> stopping the firewall service without disrupting existing connections)
>> * Traffic that is to/from the allowed range determined by using
>> FWENGMON
>>
>> Thanks!
>> Tom
>>
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://blogs.isaserver.org/shinder/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>>
>>
>>
>>> -----Original Message-----
>>> From: isapros-bounce@xxxxxxxxxxxxx
>>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>>> Sent: Saturday, May 20, 2006 1:52 PM
>>> To: isapros@xxxxxxxxxxxxx
>>> Subject: [isapros] Re: Customizing Lockdown Policy
>>>
>>> Sorta.
>>> Lockdown allows all the system policy traffic.
>>> Thus, if you want to change the traffic profile for lockdown,
>>> you can do
>>> it via system policy management.
>>>
>>> It's not as flexible as array policies, but it covers
>> 99.444% of what
>>> the ISA admin needs to bring the server back to life.
>>>
>>> -----Original Message-----
>>> From: isapros-bounce@xxxxxxxxxxxxx
>>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>>> On Behalf Of Thomas W Shinder
>>> Sent: Saturday, May 20, 2006 11:45 AM
>>> To: isapros@xxxxxxxxxxxxx
>>> Subject: [isapros] Customizing Lockdown Policy
>>>
>>> Hey guys,
>>>
>>> I know there is a default lockdown policy, but I was wondering while
>>> watering the flowers this morning if there was a method to
>>> customize the
>>> lockdown policy, other than using FWENGMON ?
>>>
>>> Thanks!
>>> Tom
>>>
>>> Thomas W Shinder, M.D.
>>> Site: www.isaserver.org <http://www.isaserver.org/>
>>> Blog: http://blogs.isaserver.org/shinder/
>>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
>>> MVP -- ISA Firewalls
>>>
>>>
>>>
>>> All mail to and from this domain is GFI-scanned.
>>>
>>>
>>>
>>>
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>>
>>
>
>
>
Other related posts:
