[isapros] Re: Customizing Lockdown Policy
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Sat, 20 May 2006 14:32:39 -0500
OK, so would it be more accurate to say that even if System Policy is
configured to deny these protocols, they will be enabled during lockdown
mode to help management of the horked system?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Saturday, May 20, 2006 2:06 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Customizing Lockdown Policy
>
> Yep - all those (except fwengmon) are defined by the system policy.
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Saturday, May 20, 2006 12:11 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Customizing Lockdown Policy
>
> Hi Jim,
>
> I thought lockdown policy was limited to:
>
> * Allowing hosts in the Internal network element to access the
> Local Host network element using the firewall's
> administration protocol.
> * Allowing Remote Desktop Protocol (RDP) from Internal to Local
> Host.
> * Allowing ICMP ping from Internal to Local Host.
> * Allowing DHCP from any host to Local Host.
> * Outgoing traffic from the firewall to any destination
> * Traffic that already has a connection element (this allows
> stopping the firewall service without disrupting existing connections)
> * Traffic that is to/from the allowed range determined by using
> FWENGMON
>
> Thanks!
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Saturday, May 20, 2006 1:52 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: Customizing Lockdown Policy
> >
> > Sorta.
> > Lockdown allows all the system policy traffic.
> > Thus, if you want to change the traffic profile for lockdown,
> > you can do
> > it via system policy management.
> >
> > It's not as flexible as array policies, but it covers
> 99.444% of what
> > the ISA admin needs to bring the server back to life.
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thomas W Shinder
> > Sent: Saturday, May 20, 2006 11:45 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Customizing Lockdown Policy
> >
> > Hey guys,
> >
> > I know there is a default lockdown policy, but I was wondering while
> > watering the flowers this morning if there was a method to
> > customize the
> > lockdown policy, other than using FWENGMON ?
> >
> > Thanks!
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org <http://www.isaserver.org/>
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> > MVP -- ISA Firewalls
> >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> >
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
Other related posts:
