• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Rule handling question

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Rule handling question Page: [1]
Login
Message << Older Topic   Newer Topic >>
Rule handling question - 10.May2012 10:53:11 AM   
jerumball

 

Posts: 70
Joined: 7.May2004
From: Sudbury, ON Canada
Status: offline
Hello,

I'm running an ISA 2004 SP3 EE 2-server array. and I'm having some odd problems that I need help with.

In trying to resolve the odd problems, I first need help understanding why one of my firewall policies is being applied when I would expect it not to be. Now I just finished reviewing this excellent document http://www.isaserver.org/articles/isa2004_accessrules.html and it did shed some light onto ISA's rule processing mechanism. However, I am still perplexed by my situation.

I have a rule near the very top of the list that allows http/https traffic from Internal to a Domain Name Set but only for a specific User Set. The domain name set contains only 3 FQDNs: docline.gov, pubmed.gov and www.ncbi.nlm.nih.gov . The User Set contains several references to security groups in our Windows AD which ISA is a part of.

When I monitor the activity on this rule using ISA's Logging tab, I see Firewall Client traffic (Initiated Connection and Closed Connection) that matches all elements of the policy except for the destination address (domain name set mentioned above). In other words, this rule seems to be allowing traffic going to ANY destination, instead of to the three sites specified in the domain name set. Why is that?? Can someone explain, please??? It makes no sense to me, at all.

A question further to this is, for a Firewall Client log entry, is an “Initiated Connection” the same as an “Allowed Connection” for a Web Proxy log entry?

Thanks in advance for any help you can provide.

John

< Message edited by jerumball -- 10.May2012 10:56:11 AM >
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Firewall Client >> Rule handling question Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts