Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Your thoughts on a Protocol issue.
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Your thoughts on a Protocol issue. - 23.Oct.2002 5:51:00 PM
|
|
|
clynn
Posts: 101
Joined: 8.Feb.2001
From: Farmington Hills, MI
Status: offline
|
My company has been using ISA for quite some time now. Recently, our HR Dept upgraded their payroll to include a program that upload timesheet info. For the purposes of this post, I'll refer to the software as DPI. The technical folks at DPI Corp. say all we need is to aloow Bi-Directional TCP traffic on ports 80, 443, 5282, 6847, 6848, and 6849.
To do this I created a protocol called DPI to allow TCP traffic, starting with Inbound TCP on 5282, then adding the rest. I did not include ports 80 or 443 in that Protocol Definition.
Secondly, I made a protocol rule that allows this protocol during work hours, by all client on the internal network.
Is there something I am missing? Cuz I can't get the communication to work.
Oh yeah, when I bypass ISA with one of the clients, it works fine.
|
|
|
|
RE: Your thoughts on a Protocol issue. - 23.Oct.2002 10:40:00 PM
|
|
|
spouseele
Posts: 12782
Joined: 1.Jun.2001
From: Belgium
Status: offline
|
Hi clynn,
I suggest you do the following:
1) to get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.
2) to understand what is logged, check out the ISA helpfile. There is a section called Firewall and Web Proxy log fields, a must read. Additional information can be found in the article Q284818.
3) create an open protocol rule (allow all IP traffic) and run a test.
4) analyse the web proxy and firewall log to confirm the protocol and ports used.
Also, can the technical folks at DPI Corp give you some more info:
- are this all primary connections are can some be considered secondary connections (like the data connection in the FTP protocol)?
- are all this connections outbound as seen by the clients?
HTH,
Stefaan
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
