[isapros] Re: Customizing Lockdown Policy

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Sat, 20 May 2006 14:32:49 -0500

Never mind, you're right (again)

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Saturday, May 20, 2006 2:28 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Customizing Lockdown Policy
> 
> You sure the default System Policy isn't Internal to Local Host?
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx 
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor 
> > (Hammer of God)
> > Sent: Saturday, May 20, 2006 2:13 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: Customizing Lockdown Policy
> > 
> > But if you edit the system policy, you can change the 
> > "to/from" on those
> > defined rules.  For instance, the default RDP system policy is not "
> > Allowing Remote Desktop Protocol (RDP) from Internal to Local 
> > Host" as you
> > have below - it is RDP from the default "Remote Management 
> Computers"
> > Computer Set.  This set is empty by default unless you 
> > installed ISA via
> > RDP, in which case it automatically populates the box you 
> > installed it from
> > (which is pretty damn smart, if you asked me.)
> > 
> > If you wanted RDP from Internal to LH available while the 
> > system was in
> > lockdown, you would have to edit the system policy for 
> > Terminal Services
> > (RDP.)
> > 
> > t 
> > 
> > 
> > On 5/20/06 12:11 PM, "Thomas W Shinder" 
> > <tshinder@xxxxxxxxxxx> spoketh to
> > all:
> > 
> > > Hi Jim,
> > > 
> > > I thought lockdown policy was limited to:
> > > 
> > > * Allowing  hosts in the Internal network element to access the
> > > Local Host network element using the firewall's 
> > administration protocol.
> > > * Allowing Remote Desktop Protocol (RDP) from Internal to Local
> > > Host.
> > > * Allowing ICMP ping from Internal to Local Host.
> > > * Allowing DHCP from any host to Local Host.
> > > * Outgoing traffic from the firewall to any destination
> > > * Traffic that already has a connection element (this allows
> > > stopping the firewall service without disrupting existing 
> > connections)
> > > * Traffic that is to/from the allowed range determined by using
> > > FWENGMON
> > > 
> > > Thanks!
> > > Tom
> > > 
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://blogs.isaserver.org/shinder/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > 
> > >  
> > > 
> > >> -----Original Message-----
> > >> From: isapros-bounce@xxxxxxxxxxxxx
> > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > >> Sent: Saturday, May 20, 2006 1:52 PM
> > >> To: isapros@xxxxxxxxxxxxx
> > >> Subject: [isapros] Re: Customizing Lockdown Policy
> > >> 
> > >> Sorta.
> > >> Lockdown allows all the system policy traffic.
> > >> Thus, if you want to change the traffic profile for lockdown,
> > >> you can do
> > >> it via system policy management.
> > >> 
> > >> It's not as flexible as array policies, but it covers 
> > 99.444% of what
> > >> the ISA admin needs to bring the server back to life.
> > >> 
> > >> -----Original Message-----
> > >> From: isapros-bounce@xxxxxxxxxxxxx
> > >> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > >> On Behalf Of Thomas W Shinder
> > >> Sent: Saturday, May 20, 2006 11:45 AM
> > >> To: isapros@xxxxxxxxxxxxx
> > >> Subject: [isapros] Customizing Lockdown Policy
> > >> 
> > >> Hey guys,
> > >>  
> > >> I know there is a default lockdown policy, but I was 
> > wondering while
> > >> watering the flowers this morning if there was a method to
> > >> customize the
> > >> lockdown policy, other than using FWENGMON ?
> > >>  
> > >> Thanks!
> > >> Tom
> > >>  
> > >> Thomas W Shinder, M.D.
> > >> Site: www.isaserver.org <http://www.isaserver.org/>
> > >> Blog: http://blogs.isaserver.org/shinder/
> > >> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
> > >> MVP -- ISA Firewalls
> > >> 
> > >>  
> > >> 
> > >> All mail to and from this domain is GFI-scanned.
> > >> 
> > >> 
> > >> 
> > >> 
> > > 
> > > 
> > > 
> > 
> > 
> > 
> > 
> > 
> 
> 
> 

Other related posts:

• » [isapros] Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy
• » [isapros] Re: Customizing Lockdown Policy

1. Home
2. isapros
3. Archive
4. 05-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---