• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

unknown applications and protocols

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> unknown applications and protocols Page: [1]
Login
Message << Older Topic   Newer Topic >>
unknown applications and protocols - 11.May2006 6:37:09 PM   
kjman

 

Posts: 63
Joined: 2.Jun.2005
From: So cal
Status: offline
Hi all

Running ISA 2004 sp2. When i view my reports in ISA i see alot of "unknown Prtocols" and Unknown applications" How can i make ISA identify the unknown apps and protocols?

Thanks
Post #: 1
RE: unknown applications and protocols - 26.May2006 3:22:33 AM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
i think no one knowns.

(in reply to kjman)
Post #: 2
RE: unknown applications and protocols - 31.May2006 5:34:26 AM   
J.F.

 

Posts: 43
Joined: 28.Nov.2005
Status: offline
Hi KJMan:

If you know the protocol (TCP, UDP, etc.) and the port number(s) from the logs, then create a custom protocol definition if you recognize the traffic: right-click on Firewall Policy > View > Task Pane > in the task pane on the right, go to Toolbox > Protocols > New menu > Protocol.  (If you don't recognize the traffic, then avoid mis-identifying the protocol, just leave it as "Unidentified" in the logs.)  Now ISA can match that traffic to the protocol definition, and the protocol name appears in the logs.

To identify the unknown applications, you'll have to install the ISA Firewall Client software on your users' machines, since no other client type reports process names to the ISA box except for the Firewall Client software.

  Hope this helps!
     JF




(in reply to kjman)
Post #: 3
SMTP not logging - 31.May2006 8:38:11 AM   
msk

 

Posts: 1
Joined: 30.May2006
Status: offline
Hi,
I have installed ISA 2004 in the test environment. I have installed Message screener and IIS on the same box.
I have created all the apprpriate rules.
I am generating some smtp traffic but can not see the log file (EML.W3C) in the logs folder. I can see these logs in the firewall logs as denied packets.
Can anybody tell me where am I wrong?

Thanks in advance,
MSK


(in reply to kjman)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> Logging and Reporting >> unknown applications and protocols Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts