Yes, but there are many more types of connections defined in System Policy -- not all of them are enabled during Lockdown Mode, right? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Saturday, May 20, 2006 2:06 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: Customizing Lockdown Policy > > Yep - all those (except fwengmon) are defined by the system policy. > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Saturday, May 20, 2006 12:11 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: Customizing Lockdown Policy > > Hi Jim, > > I thought lockdown policy was limited to: > > * Allowing hosts in the Internal network element to access the > Local Host network element using the firewall's > administration protocol. > * Allowing Remote Desktop Protocol (RDP) from Internal to Local > Host. > * Allowing ICMP ping from Internal to Local Host. > * Allowing DHCP from any host to Local Host. > * Outgoing traffic from the firewall to any destination > * Traffic that already has a connection element (this allows > stopping the firewall service without disrupting existing connections) > * Traffic that is to/from the allowed range determined by using > FWENGMON > > Thanks! > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Saturday, May 20, 2006 1:52 PM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: Customizing Lockdown Policy > > > > Sorta. > > Lockdown allows all the system policy traffic. > > Thus, if you want to change the traffic profile for lockdown, > > you can do > > it via system policy management. > > > > It's not as flexible as array policies, but it covers > 99.444% of what > > the ISA admin needs to bring the server back to life. > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] > > On Behalf Of Thomas W Shinder > > Sent: Saturday, May 20, 2006 11:45 AM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Customizing Lockdown Policy > > > > Hey guys, > > > > I know there is a default lockdown policy, but I was wondering while > > watering the flowers this morning if there was a method to > > customize the > > lockdown policy, other than using FWENGMON ? > > > > Thanks! > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org <http://www.isaserver.org/> > > Blog: http://blogs.isaserver.org/shinder/ > > Book: http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> > > MVP -- ISA Firewalls > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > >