RE: Ports between ISA and DC

From: Price, Robert H (rhpric_at_sandia.gov)
Date: 01/28/05

  • Next message: Robert Hines: "RE: RPC over HTTP security" 
    Date: Fri, 28 Jan 2005 09:12:00 -0700
To: sf_mail_sbm@yahoo.com, security-basics@securityfocus.com

     Have you taken a look at this?
    http://www.isaserver.org/tutorials/Configuring_authentication_methods_fo
    r_ISA.html

    -----Original Message-----
    From: sf_mail_sbm@yahoo.com [mailto:sf_mail_sbm@yahoo.com]
    Sent: Thursday, January 27, 2005 1:49 AM
    To: security-basics@securityfocus.com
    Subject: Ports between ISA and DC

    Hi List,

    I have the following config

                         
                     ____
    INTERNET <------| FW |--------> Domain Controller (in LOCAL LAN)
                       |
                       |
                     -----
                      ISA (in DMZ)

    ISA is doing Web Proxy only

    Only users in a particular user group can access the web

    Trying to find out the ports that ISA needs to talk with the DC for
    authentication of users instead of opening all ports on the Firewall

    Could not find same from Microsoft site

    If someone knows the ports that need to be opened, please share it with
    us

    Thanks,
    Ronish

  • Next message: Robert Hines: "RE: RPC over HTTP security"

    Relevant Pages

    • Re: Problems with Remote Web Workplace
      ... When I checked the routers (SBS setup with no ISA and 2nd SBS setup with ... ISA) everything looked fine EXCEPT there was NO port forwarding for incoming ... asks me if it's OK to config it? ... Any thoughts as to why the CEICW configs all of the ports except for 4125? ...
      (microsoft.public.windows.server.sbs)
    • Re: ServU-deamon trojan warning with McAfee
      ... Wenn we went to a> ADSL connection we called in the pro's to make ISA safe. ... It will give you windows based> interface to all your connections with ports, protocol, pids, processes and> directories. ... >>> trojan on my system has occured. ... My logs and my ISP's logs don't>>> suggest our server has been misused, because there isn't any traffic to>>> show ...
      (microsoft.public.backoffice.smallbiz2000)
    • Unable to print on ports 9100/515
      ... ftp, email, and make coffee apparently. ... We have done the following config in ISA: ... Configured Protocol definitions for ports 9100 and 515 as outbound ...
      (microsoft.public.windows.server.sbs)
    • Re: When do I choose for OUTBOUND or INBOUND in a protocol?
      ... Ori YosefiISA Server Team ... > tab I only checked the external network. ... >> If you want to allow access to iSpQ on the internal network, you should>> create a publishing rule that publishes these ports to the external> network. ...
      (microsoft.public.isa)
    • Re: ServU-deamon trojan warning with McAfee
      ... This PLAIN and SIMPLE shouldn't happen in an ISA controlled ... A NETSTAT can reveal some information, ... listening on that port and passes 'normal' traffic to my SMTP but also ... > only needed TCP ports listening. ...
      (microsoft.public.backoffice.smallbiz2000)