Announcement

Collapse
No announcement yet.

ISA 2006 Firewall rule

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006 Firewall rule

    Hi,

    I'm not that familiar with ISA and just have a question. We are doing some testing and need to access example: http://example.com:8350 on port 8350. How would I go about creating a rule such as this? We need all connections permitted in both directions on that port. Is there anything I need to do on ISA side of things or is the Firewall rule enough which was done by our network security team?

    Your assitance will be great.

    Thanks.

  • #2
    Re: ISA 2006 Firewall rule

    I assume this is an external website? If so, assuming you can connect to it from internally then any replies it sends in response will be allowed, so no inbound rule is necessary. You may have to define an outbound rule allowing access to this website on port 8350 depending on your existing internet access rule. If this just allows HTTP/S and DNS then ISA will probably block HTTP traffic going to a non-standard port. I'm not 100% certain as I've never had to setup such a rule.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: ISA 2006 Firewall rule

      How is ISA configured, as a proxy only or as in firewall mode?
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: ISA 2006 Firewall rule

        Hi,

        Thank you for your responses.
        Yes it is an external website.
        We use ISA for Proxy and don't believe we can get to teh site using the proxy.

        Cheers

        Comment


        • #5
          Re: ISA 2006 Firewall rule

          Will an IE exception to bypass proxy for that address do the trick? I've tested and it worked but not sure if it's the best way.

          Comment


          • #6
            Re: ISA 2006 Firewall rule

            If ISA is configured as proxy only (so using just one nic) then ISA only supports HTTP(S) and FTP over HTTP traffic.
            For non standard ports it can be a bit problematic. In ISA thre is also an option to use direct access for that website. You might try that.
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: ISA 2006 Firewall rule

              Hi,

              Can Direct access to the website be configured in ISA as a standard rule?

              Thanks

              Comment


              • #8
                Re: ISA 2006 Firewall rule

                I'm not sure if it will work but you can try it out Other thing though, is it configured as a firewall or just as a proxy?

                Anyhow; Expand configuration and choose for Networks. Right click on the Internal and choose for properties.
                Click on the Web browser tab and there you can add domains...

                Note: This only applies for Firewall clients and Web proxy clients. Also, they update their configuration every six hours if I remember it correctly
                Last edited by Dumber; 19th January 2010, 22:56.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: ISA 2006 Firewall rule

                  Hi,

                  It's configured as a Firewall and Proxy.
                  I will try direct access.

                  Thanks

                  Comment

                  Working...
                  X