• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Allowing PACS Viewer to work Port 85

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Allowing PACS Viewer to work Port 85 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Allowing PACS Viewer to work Port 85 - 9.May2006 5:10:43 PM   
joeschmoes

 

Posts: 22
Joined: 9.Nov.2004
Status: offline
I am trying to allow a physician to open a PACS (radiology stuff) viewer.  Looking at the logs, it looks as though the connection is denied on protocol http and port 85.  How do I create an HTTP protocol to use 85 by not affecting my normal http traffic on port 80?

Thanks for any help.
Post #: 1
RE: Allowing PACS Viewer to work Port 85 - 9.May2006 5:34:29 PM   
joeschmoes

 

Posts: 22
Joined: 9.Nov.2004
Status: offline
Here is some of the log:

Original Client IP Client Agent Authenticated Client Service Server Name Referring Server Destination Host Name Transport MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload Source Port Processing Time Bytes Sent Bytes Received Result Code HTTP Status Code Cache Information Error Information Log Record Type Log Time Destination IP Destination Port Protocol Action Rule Client IP Client Username Source Network Destination Network HTTP Method URL
192.168.1.85    TCMHSRV01 -  TCP -      -    2260 0 0 0 0x0   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Initiated Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2258 7000 27683 16414 0x80074e20   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Closed Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2261 0 0 0 0x0   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Initiated Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2261 0 486 1279 0x80074e20   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Closed Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2262 0 0 0 0x0   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Initiated Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2263 0 0 0 0x0   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Initiated Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2260 0 2363 1265 0x80074e20   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Closed Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2263 0 486 1279 0x80074e20   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Closed Connection  192.168.1.85  Internal Local Host - -
192.168.1.85    TCMHSRV01 -  TCP -      -    2264 0 0 0 0x0   0x0 0x0 Firewall 5/9/2006 10:35:51 AM 192.168.1.1 80 HTTP Initiated Connection  192.168.1.85  Internal Local Host - -
0.0.0.0 iPacsSMI No Proxy TCMHSRV01  www.smdhtelerad.net TCP   - -  -  - - - 0 1 4513 204  12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.  0x0 0x0 Web Proxy Filter 5/9/2006 10:36:00 AM 192.168.1.1 85 http Denied Connection  192.168.1.85 anonymous   GET http://www.smdhtelerad.net:85/digest/3133363738363931363238333637383639333739320000000000000000000000?format=NoImages
192.168.1.85    TCMHSRV01 -  TCP -      -    2265 0 0 0 0x0   0x0 0x0 Firewall 5/9/2006 10:36:01 AM 192.168.1.1 80 HTTP Initiated Connection  192.168.1.85  Internal Local Host - -

(in reply to joeschmoes)
Post #: 2
RE: Allowing PACS Viewer to work Port 85 - 9.May2006 11:08:47 PM   
joeschmoes

 

Posts: 22
Joined: 9.Nov.2004
Status: offline
I have figured out a couple things.  If I turn off "Require users to authenticate", the PACS works fine.
I noticed on the monitoring, the browser attempts to connect to port 85 anonomyously.  This won't work if users are required to authenticate.  SO.....
I tried to create a new network called PACS access.  I gave it the address range of 192.168.1.21-192.168.1.24
My internal network range is 192.168.1.1-192.168.1.20, and 192.168.1.25-192.168.1.254

I created a rule allowing all users from PACS access to send all outbound access to my External network but it doesn't work.

While monitoring my laptop (IP is 192.168.1.21), ALL network traffic is denied.

Any suggestions?

(in reply to joeschmoes)
Post #: 3
RE: Allowing PACS Viewer to work Port 85 - 10.May2006 6:24:49 PM   
joeschmoes

 

Posts: 22
Joined: 9.Nov.2004
Status: offline
Okay, realized that if I add a network, I also need to add a NIC.  I don't want to do this.

Here is what I have now.

My users are all set to "Require Users to Authenticate".  With this turned on, my web logs show actual usernames.  If I turn it off, everything works but on my web logs, everything shows anon users.  I don't want that.

When trying to access a PACS system at another hospital, I get :
5/10/2006 11:14:04 AM 192.168.1.1 85 http Denied Connection 192.168.1.85 anonymous GET http://www.smdhtelerad.net:85/digest/3232333838323034313031383338383230343238333000000000000000000000?format=NoImages 12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.  0x0 - No TCP

Does anyone know how to fix this?

Thanks for any help.

(in reply to joeschmoes)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Access Policies >> Allowing PACS Viewer to work Port 85 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts