[isapros] Re: Customizing Lockdown Policy

  • From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
  • To: <isapros@xxxxxxxxxxxxx>
  • Date: Sat, 20 May 2006 14:17:17 -0500

Yes, but there are many more types of connections defined in System
Policy -- not all of them are enabled during Lockdown Mode, right?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Saturday, May 20, 2006 2:06 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Customizing Lockdown Policy
> 
> Yep - all those (except fwengmon) are defined by the system policy.
> 
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Saturday, May 20, 2006 12:11 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: Customizing Lockdown Policy
> 
> Hi Jim,
> 
> I thought lockdown policy was limited to:
> 
> *     Allowing  hosts in the Internal network element to access the
> Local Host network element using the firewall's 
> administration protocol.
> *     Allowing Remote Desktop Protocol (RDP) from Internal to Local
> Host.
> *     Allowing ICMP ping from Internal to Local Host.
> *     Allowing DHCP from any host to Local Host.
> *     Outgoing traffic from the firewall to any destination
> *     Traffic that already has a connection element (this allows
> stopping the firewall service without disrupting existing connections)
> *     Traffic that is to/from the allowed range determined by using
> FWENGMON
> 
> Thanks!
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx 
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Saturday, May 20, 2006 1:52 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: Customizing Lockdown Policy
> > 
> > Sorta.
> > Lockdown allows all the system policy traffic.
> > Thus, if you want to change the traffic profile for lockdown, 
> > you can do
> > it via system policy management.
> > 
> > It's not as flexible as array policies, but it covers 
> 99.444% of what
> > the ISA admin needs to bring the server back to life.
> > 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx 
> > [mailto:isapros-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Thomas W Shinder
> > Sent: Saturday, May 20, 2006 11:45 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Customizing Lockdown Policy
> > 
> > Hey guys,
> >  
> > I know there is a default lockdown policy, but I was wondering while
> > watering the flowers this morning if there was a method to 
> > customize the
> > lockdown policy, other than using FWENGMON ?
> >  
> > Thanks!
> > Tom
> >  
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org <http://www.isaserver.org/> 
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
> > MVP -- ISA Firewalls
> > 
> >  
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > 
> > 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> 
> 

Other related posts: