RE: ISA-Server Problem

From: Filip Jonckers (fjonckers@Interconnect.be)
Date: 03/22/02

Previous message: XWISE: "RE: Group Policies on OUs not Propagated"
Maybe in reply to: Lasantha Nissanke: "ISA-Server Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 22 Mar 2002 09:26:16 +0100
From: "Filip Jonckers" <fjonckers@Interconnect.be>
To: "Lasantha Nissanke" <nissanke@unilink.lk>

problem with big sites like yahoo.com is that they probably use a range
of IP addresses
behind 1 main web address.
Reverse resolving will point to a different name than the public web
address.

try to use IP addresses if possible - this will also speed up the
traffic
because ISA doesn't have to resolve the web address to IP everytime the
rule checks....

you can use whois to search for the subnet yahoo uses

BIG DESIGN BUG in ISA: you cannot define a range of ports
(with Checkpoint FW-1 you can use a format like: 1024-1124 )

so on an ISA you have to define 100 (!!) ports in Protocol Definitions
to use a
port range from 1024 to 1124

Filip

Previous message: XWISE: "RE: Group Policies on OUs not Propagated"
Maybe in reply to: Lasantha Nissanke: "ISA-Server Problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Opening Ports on ISA
... My understanding is that ISA does not support SFTP. ... Protocol Definitions if it might be possible to create ... >direct traffic to these ports to the internal network PC. ...
(microsoft.public.isa)
RE: ISA
... Have you created protocol definitions in ISA for these applications? ... ports did you configure in the definitions? ... Does it work on the server with ISA disabled? ...
(microsoft.public.windows.server.sbs)
Re: ServU-deamon trojan warning with McAfee
... Wenn we went to a> ADSL connection we called in the pro's to make ISA safe. ... It will give you windows based> interface to all your connections with ports, protocol, pids, processes and> directories. ... >>> trojan on my system has occured. ... My logs and my ISP's logs don't>>> suggest our server has been misused, because there isn't any traffic to>>> show ...
(microsoft.public.backoffice.smallbiz2000)
Re: When do I choose for OUTBOUND or INBOUND in a protocol?
... Ori YosefiISA Server Team ... > tab I only checked the external network. ... >> If you want to allow access to iSpQ on the internal network, you should>> create a publishing rule that publishes these ports to the external> network. ...
(microsoft.public.isa)
Re: ServU-deamon trojan warning with McAfee
... This PLAIN and SIMPLE shouldn't happen in an ISA controlled ... A NETSTAT can reveal some information, ... listening on that port and passes 'normal' traffic to my SMTP but also ... > only needed TCP ports listening. ...
(microsoft.public.backoffice.smallbiz2000)