Never mind, you're right (again) Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Saturday, May 20, 2006 2:28 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: Customizing Lockdown Policy > > You sure the default System Policy isn't Internal to Local Host? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > (Hammer of God) > > Sent: Saturday, May 20, 2006 2:13 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: Customizing Lockdown Policy > > > > But if you edit the system policy, you can change the > > "to/from" on those > > defined rules. For instance, the default RDP system policy is not " > > Allowing Remote Desktop Protocol (RDP) from Internal to Local > > Host" as you > > have below - it is RDP from the default "Remote Management > Computers" > > Computer Set. This set is empty by default unless you > > installed ISA via > > RDP, in which case it automatically populates the box you > > installed it from > > (which is pretty damn smart, if you asked me.) > > > > If you wanted RDP from Internal to LH available while the > > system was in > > lockdown, you would have to edit the system policy for > > Terminal Services > > (RDP.) > > > > t > > > > > > On 5/20/06 12:11 PM, "Thomas W Shinder" > > <tshinder@xxxxxxxxxxx> spoketh to > > all: > > > > > Hi Jim, > > > > > > I thought lockdown policy was limited to: > > > > > > * Allowing hosts in the Internal network element to access the > > > Local Host network element using the firewall's > > administration protocol. > > > * Allowing Remote Desktop Protocol (RDP) from Internal to Local > > > Host. > > > * Allowing ICMP ping from Internal to Local Host. > > > * Allowing DHCP from any host to Local Host. > > > * Outgoing traffic from the firewall to any destination > > > * Traffic that already has a connection element (this allows > > > stopping the firewall service without disrupting existing > > connections) > > > * Traffic that is to/from the allowed range determined by using > > > FWENGMON > > > > > > Thanks! > > > Tom > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://blogs.isaserver.org/shinder/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > > > >> -----Original Message----- > > >> From: isapros-bounce@xxxxxxxxxxxxx > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > >> Sent: Saturday, May 20, 2006 1:52 PM > > >> To: isapros@xxxxxxxxxxxxx > > >> Subject: [isapros] Re: Customizing Lockdown Policy > > >> > > >> Sorta. > > >> Lockdown allows all the system policy traffic. > > >> Thus, if you want to change the traffic profile for lockdown, > > >> you can do > > >> it via system policy management. > > >> > > >> It's not as flexible as array policies, but it covers > > 99.444% of what > > >> the ISA admin needs to bring the server back to life. > > >> > > >> -----Original Message----- > > >> From: isapros-bounce@xxxxxxxxxxxxx > > >> [mailto:isapros-bounce@xxxxxxxxxxxxx] > > >> On Behalf Of Thomas W Shinder > > >> Sent: Saturday, May 20, 2006 11:45 AM > > >> To: isapros@xxxxxxxxxxxxx > > >> Subject: [isapros] Customizing Lockdown Policy > > >> > > >> Hey guys, > > >> > > >> I know there is a default lockdown policy, but I was > > wondering while > > >> watering the flowers this morning if there was a method to > > >> customize the > > >> lockdown policy, other than using FWENGMON ? > > >> > > >> Thanks! > > >> Tom > > >> > > >> Thomas W Shinder, M.D. > > >> Site: www.isaserver.org <http://www.isaserver.org/> > > >> Blog: http://blogs.isaserver.org/shinder/ > > >> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > > >> MVP -- ISA Firewalls > > >> > > >> > > >> > > >> All mail to and from this domain is GFI-scanned. > > >> > > >> > > >> > > >> > > > > > > > > > > > > > > > > > > > > > >