I need to open ports 5432 and 1031 within network. These ports are being used by a Linux box which is accessed by a XP pro workstation. there are both 192.168.X.X and 172.X.X.X in the LAT - because the Linux box is on the 192.168.X.X network the firewall closes the ports when it is accessed from the 172.X.X.X network. Please help I would like to avoid these ports being open to the world if possible. Thank you.
This is on an SBS 2003 SP1 (ISA 2004) I have 3 nics - 1 external 205.X.X.X, 2 internal 192.168.X.X and 172.X.X.X - there are 20 users on the 192 network and 10 users on the 172 network. (the 172 network is required for an application that is hosted at another site and uses static IP's) We have a seperate SQL server on the 192 network which both internal networks access from a SQL application and have no problems. There is a XP Pro computer (SCAN) on the 192 network that runs a JAVA scanning program with a linux server also on the 192 network and which gets data from the SQL server and saves the scans on the linux server. When the clients from the 192 network access/use the SCAN to access the scanned documents there is no problem. When the clients on the 172 network access SCAN to access the documents the programs runs but they get an error that the database can't be accessed. I found that the ports were being closed by ISA. I have created a new protocol primary connection TCP:5432 and secondary connection as TCP:1031 and I created an access rule that allows the new protocol from the internal network to the internal and host networks for authenticated users and users. Still having the same problem.
OK, I didn't realize that this was an SBS issue. The ISA firewall security model is changed on SBS, so I think the best thing to do at this point is move this to the SBS section. They might be able to help with this.
My observations, from a ISA firewall optimal configuration viewpoint, is that you need to figure out the exact protocol required to access the server resource. Is is a simple protocol requiring a single outbound connection? Or, is it a complex protocol that may require multiple primary and/or secondary connections? If secondary connections are required, you'll either need to develop an application filter to support the protocol, or install the Firewall client on the client system.