[isapros] Re: Customizing Lockdown Policy
- From: "Greg Mulholland" <greg@xxxxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Sat, 20 May 2006 20:03:03 -0300
right!
occassionally the system policy mode has not been enough for me but i learn to
live with it. Lockdown mode doesnt occur much unless sql goes in to
"non-robosity" (i love it, new word for the week which describes everything i
cant think of a word for) mode, hence the disabling of it too in most cases :)
greg
________________________________
From: isapros-bounce@xxxxxxxxxxxxx on behalf of Thor (Hammer of God)
Sent: Sun 21/05/2006 5:13 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: Customizing Lockdown Policy
But if you edit the system policy, you can change the "to/from" on those
defined rules. For instance, the default RDP system policy is not "
Allowing Remote Desktop Protocol (RDP) from Internal to Local Host" as you
have below - it is RDP from the default "Remote Management Computers"
Computer Set. This set is empty by default unless you installed ISA via
RDP, in which case it automatically populates the box you installed it from
(which is pretty damn smart, if you asked me.)
If you wanted RDP from Internal to LH available while the system was in
lockdown, you would have to edit the system policy for Terminal Services
(RDP.)
t
On 5/20/06 12:11 PM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:
> Hi Jim,
>
> I thought lockdown policy was limited to:
>
> * Allowing hosts in the Internal network element to access the
> Local Host network element using the firewall's administration protocol.
> * Allowing Remote Desktop Protocol (RDP) from Internal to Local
> Host.
> * Allowing ICMP ping from Internal to Local Host.
> * Allowing DHCP from any host to Local Host.
> * Outgoing traffic from the firewall to any destination
> * Traffic that already has a connection element (this allows
> stopping the firewall service without disrupting existing connections)
> * Traffic that is to/from the allowed range determined by using
> FWENGMON
>
> Thanks!
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>> Sent: Saturday, May 20, 2006 1:52 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: Customizing Lockdown Policy
>>
>> Sorta.
>> Lockdown allows all the system policy traffic.
>> Thus, if you want to change the traffic profile for lockdown,
>> you can do
>> it via system policy management.
>>
>> It's not as flexible as array policies, but it covers 99.444% of what
>> the ISA admin needs to bring the server back to life.
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thomas W Shinder
>> Sent: Saturday, May 20, 2006 11:45 AM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Customizing Lockdown Policy
>>
>> Hey guys,
>>
>> I know there is a default lockdown policy, but I was wondering while
>> watering the flowers this morning if there was a method to
>> customize the
>> lockdown policy, other than using FWENGMON ?
>>
>> Thanks!
>> Tom
>>
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org <http://www.isaserver.org/>
>> Blog: http://blogs.isaserver.org/shinder/
>> Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7>
>> MVP -- ISA Firewalls
>>
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>>
>>
>
>
>
Other related posts:
