Nope; ISABPA includes a neato toy called ISABPAPack. It will gather the most common data required for ISA behavioral analysis. Its use is covered in the docs that come with the package. "isabpapack +repro" is the command line used to start the process. From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Tuesday, January 09, 2007 5:43 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Server Publishing Rule They are firewall clients. I'll see about gathering the data for you. By repro data you mean the captures? Amy Babinchak Harbor Computer Services ________________________________ From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Tuesday, January 09, 2007 12:11 AM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Server Publishing Rule If internal clients are using ISA to reach the internal app, then your problem isn't in the rule, but the client configuration. Internal access of server publishing is necessarily SecureNET or FWC clients only. Got ISABPAPack +repro data? From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Amy Babinchak Sent: Monday, January 08, 2007 8:21 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Server Publishing Rule I would agree however when WalMart says you'll use this app if you want to sell us product, then you use the app. The nature of the fail doesn't show in ISA. If I have a range of ports in my server publishing rule, then Internal clients attempting to access the app server can't get there. ISA doesn't show any fails or denied. NetMon running on the SBS server shows a successful packet to the app server but the response from the app server is stack error 1250. If I have a single port (tcp 1521) in the server publishing rule then internal clients can get the app server just fine. Since the server publishing rule only applies from External to the app server why is this affecting internal workstation access to the app server? Amy Babinchak From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Monday, January 08, 2007 10:56 PM To: isapros@xxxxxxxxxxxxx; isapros@xxxxxxxxxxxxx Subject: [isapros] Re: Server Publishing Rule Amy, Any time a vendoir tells you they need "all inbound ports", it's time to shitcan that application and bitch-slap teh vendor back to their Commodore Vic-20. That said: Q1 - what is the port range are you defining? Q2 - what is the nature of "fails"? ________________________________ From: isapros-bounce@xxxxxxxxxxxxx on behalf of Amy Babinchak Sent: Mon 1/8/2007 4:00 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Server Publishing Rule I have published an internal server on port 1521. Works fine. However, the vendor (an EDI application) says they need access over all inbound ports. If I create a range published to this server, then Internal access to the server fails. Why? Amy Babinchak Harbor Computer Services All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned. All mail to and from this domain is GFI-scanned.