Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Multiple Ports SMTP Publishing
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Multiple Ports SMTP Publishing - 22.Dec.2006 7:50:22 AM
|
|
|
asantana
Posts: 8
Joined: 5.Aug.2003
From: Portugal
Status: offline
|
Hello all!
I recently installed ISA Server 2006 in a DMZ.
We have 3 SMTP Servers with different kinds of authentication in 3 different ports published in this machine. I have it working fine with a custom Firewall rule for each port, but to keep things more simple, I was trying to create a User Defined Protocol for my SMTP servers, with all the ports I'm using. All is fine until the moment I try to apply the SMTP Filter in the User Defined protocol properties... The option to choose an Application Filter is disabled!
Then I tried to add alternative ports to the SMTP protocol, but the option to add more ports is disabled in the default SMTP protocol definition...
Is there a way for me to achieve this, or the multi-firewall rules option will have to prevail?
Thank you in advance,
Ana Sofia Santana
|
|
|
|
|
RE: Multiple Ports SMTP Publishing - 22.Dec.2006 9:42:42 AM
|
|
|
Guest
|
Hi Ana,
why would you do that?
it's not a nice thing.
try to keep it simple.
publish your servers with a publishing rule one by one.
there are some security issues when doing so(like you above).
your rule will open all three ports for every server: un unnecessary thing. every unnecesary thing opened on a firewall can be a possible security issue.
minimize to the minimum.
|
|
|
|
|
RE: Multiple Ports SMTP Publishing - 22.Dec.2006 9:55:05 AM
|
|
|
asantana
Posts: 8
Joined: 5.Aug.2003
From: Portugal
Status: offline
|
Hi,
The SMTP Servers are virtual servers... Phisically, it's always the same server, but in different ports. This is why I'm trying to make a protocol that I can use in this case only...
I do have another problem now, other than the application filter... Even when I create the access rule for this user-defined protocol allowing traffic to come from the external networks to the localhost, the requests are always denied with "Unidentified Ip Traffic" instead of the identification of the protocol I defined...
Any ideas?
Thanks,
Ana Sofia Santana
< Message edited by asantana -- 22.Dec.2006 10:24:58 AM >
|
|
|
|
|
RE: Multiple Ports SMTP Publishing - 22.Dec.2006 10:42:00 AM
|
|
|
Guest
|
why have you deleted that part ?
the traffic is denied because your rule is not in place due to that failure.
did you disabled the publishing rule that failed (I have understood that you are trying to publish those servers with an access rule). restart the firewall service to see if that alert still persists.
why the traffic is allowed from external to localhost?
are the servers on ISA?
< Message edited by adrian_dimcev -- 22.Dec.2006 10:45:14 AM >
|
|
|
|
|
RE: Multiple Ports SMTP Publishing - 22.Dec.2006 11:20:51 AM
|
|
|
Guest
|
hmmm.
the best way to configure this will be to take off immediatelly those smtp servers from ISA.
People use to think since this firewall runs on Windows they can install any additional services on it. Not true. If the service you install on ISA has a vulnerability(maybe not right now but if is an IIS probably will have) this can make your entire network vulnerable.
The often reason invoked with this is that they do not have any other server left. I have always asked them: "Well, if you would have bought a hardware firewall for the same money where would you put that service ?"
in my opinion if you cannot do as above and you will have to leave all this servers on ISA, use the server publishing rules(always do so when you want to publish a server).
two or three publishing rules don't complicate your setup too much.
this is the best and the more secure option to keep things clean and simple.
|
|
|
|
|
RE: Multiple Ports SMTP Publishing - 22.Dec.2006 11:30:12 AM
|
|
|
asantana
Posts: 8
Joined: 5.Aug.2003
From: Portugal
Status: offline
|
This machine is in my DMZ, and I already have a phisical firewall blocking other types of requests from the general internet... I have another SMTP in the internal network that receives from all this virtual servers in the DMZ. So I really want to have this configuration working in the same machine...
As for the Server Publishing Rules, that was exactly what I was trying to do, but since this aren't SMTP default ports, ISA isn't considering them, even with user-defined protocols for each of them..
I'm at a loss. :(
|
|
|
|
|
RE: Multiple Ports SMTP Publishing - 22.Dec.2006 11:51:58 AM
|
|
|
Guest
|
my dear,
create that smtp publishing rule, then left-click on it ->properties, go to "Traffic" tab, click on "Ports" and there configure each server to listen and to forward to your specific port. then apply.
you might get an alert of something failed(this will be only if you already have a smtp publishing rule with default settings on it and when creating the second with the same parameters....), if so just restart the firewall service and that alert should not appear if you have configured everything correctly.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
