• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Howto Open Ports - SIMPLY - in ISA 2004

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Howto Open Ports - SIMPLY - in ISA 2004 Page: [1]
Login
Message << Older Topic   Newer Topic >>
Howto Open Ports - SIMPLY - in ISA 2004 - 29.Dec.2006 11:49:05 PM   
sergeyg

 

Posts: 1
Joined: 29.Dec.2006
Status: offline
Really, SIMPLY is the key word. Hope it is doable...

I have searched high and low and can't find anywhere a simple way to open cerrtain ports and point them to a computer with a Static IP Address. I see there are many other frustrated posts all over asking for the same SIMPLE information.

Can anyone SIMPLY explain how to open ports lets say 7001 and 7002 and point them to IP Adress 192.168.16.xx in SBS 2003 with ISA 2004 environment?

An ideal explanation style would be (IMHO ty):
================================
Go to menu item A
Click on B
Add certain information in box C
Then goto Menu item D and Click on E
Click on the Tab F
add information in this area G
Click on box H
Click on OK, OK, OK
You don't need to reboot except if:
    a) afdsk.fkj;j
     OR
    b)
In which case... etc..
.....
You are done
.........
etc.

Thank you very much in advance,

Serge
Post #: 1
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 30.Dec.2006 7:48:13 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Serge,

check out http://www.tacteam.net/openport.htm!
Next, read the ISA help file...

HTH,
Stefaan

(in reply to sergeyg)
Post #: 2
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 1:44:13 PM   
RayH

 

Posts: 20
Joined: 1.Nov.2006
Status: offline
When you've quite finished having a laugh at other peoples expense how about telling everyone the answer!!

You say look in the ISA help. Look for what in ISA help?

Not everyone can be as smart as you!

(in reply to spouseele)
Post #: 3
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 4:24:53 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Serge,

well you should read and reread and study and ... the whole ISA helpfile. However, if you are impatient than take a look at the section Firewall Policy!

Of course, a lot of info can be found at http://www.microsoft.com/isaserver and this site too.

HTH,
Stefaan

(in reply to RayH)
Post #: 4
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 4:36:39 PM   
RayH

 

Posts: 20
Joined: 1.Nov.2006
Status: offline
Its not Serge its Ray.
And I guess you don't know the answer.
I'll just spend the next three weeks having a good long read. I'm sure the user having the issue wouldn't mind waiting.

(in reply to spouseele)
Post #: 5
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 5:15:49 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Ray,

aha... now I see, you are not the original poster.

You definitely have to read first that section in the help file and learn the ISA basic concepts and terminology. I will not repeat all that info here.

If you want more info than check out the many articles on the Microsoft and this site. You might also check out two articles I wrote:

Hmm... maybe I *do* know something about ISA Server but I agree that I know nothing about that open port button. I refuse to pay for that license!

HTH,
Stefaan

(in reply to RayH)
Post #: 6
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 6:00:43 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
Ray, rather than have your user wait 3 weeks, why don't you post a specific question instead of jumping on someone else's thread...

I have to admit, after 6 years of being on these forums, I don't really want to answer a question where the poster is asking for the level of detail that was originally asked for - you have to, in the words of Jerry McGuire, "Help me help you". His request for that level of detail is a little presumptuous given the free nature of these forums.

Now, with that said, to address your problem, you could say "I have application Xyz that listens on TCP 56789 and is hosted on a Linux system at IP address 1.2.3.4. I need to make this application publicly accessible through our ISA 2004 Server. Our ISA Server has X network interfaces and with the following IP addresses. The Internal Network has the following IP addresses listed. Please provide the basic steps of making this server accessible to the outside world"

< Message edited by ClintD -- 11.Jan.2007 6:06:01 PM >

(in reply to spouseele)
Post #: 7
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 6:31:22 PM   
RayH

 

Posts: 20
Joined: 1.Nov.2006
Status: offline
Do you really need that much information when all that is needed is information on how to allow traffic through port 8443?
Given that question how would the answer be any different if you had 1 NIC or two? How would it help if you knew the IP address?
Maybe you do need that information. If so, it may help to tell me why.

Is the question really that complex? How long would it take for someone who knows how to do to post a document with a series of screenshots.

Don't get me wrong here, I'm not trying to be a complete d**k.
I do appreciate how much time it takes to answer complex questions with complex scenarios and thank people when they try to help (even on free forums) but how is RTFM any help to anyone?

In the meantime, I'll start reading.
Thanks

(in reply to ClintD)
Post #: 8
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 6:40:33 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Ray,

yep, ISA is *not* a simple packet filter. You need to be very specific in what you want to achieve:
- how is ISA installed, as proxy only or as a full blown firewall?
- how are the networks configured (Route or NAT relationship)?
- is it an inbound or outbound issue (Access or Publishing rule)?
- for inbound access, is the protocol used web or non-web based (Web or Server publishing)?
- for outbound access, how is the client configured (Web, Firewall and/or SecureNAT)?
- ...

HTH,
Stefaan

< Message edited by spouseele -- 11.Jan.2007 6:43:16 PM >

(in reply to RayH)
Post #: 9
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 6:46:48 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
I don't ask questions for the sake of asking them.

I've worked on this product and these newsgroups enough to know what is relevant information for providing a solution to someone who has provided little or no detail as to their scenario. Now, if you'd like to continue questioning my motives for asking relevant questions, go ahead, but don't expect an answer. However, if you'd like to provide a solution to your user and move on to more important tasks, then answer the questions I've provided and we'll get you set up.

(in reply to RayH)
Post #: 10
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 11.Jan.2007 7:35:07 PM   
RayH

 

Posts: 20
Joined: 1.Nov.2006
Status: offline
Ok, I think I now know why you need the information requested.
I will not post this information here in this thread as I assumed, obviously incorrectly, that the question was a simple one and that no specific information was required.
In fact, I don't even have ISA 2004 SBS. I have ISA 2006.
I posted here thinking that the solution would be similar if not the the same across these versions. I guessed wrong.
I have posted a question in ISA 2006 Web Proxy forum. I'll check to see if I have added every detail I can think off.
Thank you.

(in reply to ClintD)
Post #: 11
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 12.Jan.2007 8:10:18 AM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Ray,

is it http://forums.isaserver.org/m_2002033139/mpage_1/key_/tm.htm#2002033139 you are referring to?

Thanks,
Stefaan

(in reply to RayH)
Post #: 12
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 12.Jan.2007 11:46:38 AM   
RayH

 

Posts: 20
Joined: 1.Nov.2006
Status: offline
Yes that was it.
Sorry another hijacked thread.

(in reply to spouseele)
Post #: 13
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 12.Jan.2007 2:54:13 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Ray,

check out this boards help/faq file to learn how to create a new topic!

Thanks,
Stefaan

(in reply to RayH)
Post #: 14
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 13.Jan.2007 9:38:37 AM   
sambo

 

Posts: 12
Joined: 20.Jul.2005
From: Cincinnati, OH
Status: offline
As an infrequent forum post/reader here but an avid SBS'r nevertheless, I am disappointed by the IMHO arrogant attitude being conveyed to the original poster.  This is an SBS forum and not a place to expect anything but a standard SBS environment unless so specified by the poster.  This guy is merely trying to translate his knowledge of  simple firewalls to ISA's more complex approach and as indicated in his post was unable to figure it out on his own.  Furthermore the poster appears frustrated and emphasized a request for "simple" answers.  This is why he is reaching out to people and not the ISA Help section, MS knowledgebase, ...etc.  If you cannot help beyond directly pointing back to these resources is an insult and run around.  Maybe you don't have the time to answer completely.  In that case I would suggest giving a pointer to some of the answer or leave it alone for someone who has the time and inclination to fully answer the poster's query.  This is called professional courtesy.

To address the original poster - ISA provides no UI for merely opening a port and when you understand Application Layer Filtering, ALF, you will understand why.  In ISA you create a filtering rule by which when conditions are met the rule always either allows or denies a specific port associated with specific protocol(s), with specific network object(s), and also associated with other specifications contained in the rule.  You create the rule and thereby control how open or closed the firewall behaves.  My suggestion to you is to imitate.  Find a rule that is pre-existing that closely matches what you want done.  Then either copy and modify that rule or create a new rule imitating what you discovered.  Many SBS blogs that touch on ISA, for instance Susan Bradley's or Amy Babinchak's (SP?), may cover a filtering rule for a specific situation.  You can take that knowledge and refit it for your scenario.

I hope that has been somewhat helpful.

< Message edited by sambo -- 13.Jan.2007 9:44:30 AM >

(in reply to spouseele)
Post #: 15
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 13.Jan.2007 11:08:40 AM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
SPouseele
Joined Jun 1 2001
Total Posts 12101

ClintD
Joined Jan 26 2001
Total Posts 1732

I think 2 guys who have belonged to these forums for nearly 6 years, who contribute their time to be the Moderators of the forums, and who have provided, in the case of Stefaan, numerous helpful articles on how to implement ISA should be given the benefit of the doubt and not accused of being arrogant. We certainly don't think we're better than anyone - why would we be posting and filling our time on these forums. It's a simple answer - we like helping people.

Now, you might not like Stefaan posting a link to an image somewhat ridiculing the 'open a port' mentality, but it was Tom Shinder himself who first started using this image and I doubt you'd call Tom arrogant or lacks 'professional courtesy'.

http://forums.isaserver.org/m_410001700/mpage_1/key_open%2cport/tm.htm#410001714
http://forums.isaserver.org/m_410001500/mpage_1/key_open%2cport/tm.htm#410001513
http://forums.isaserver.org/m_250080900/mpage_1/key_open%2cport/tm.htm#250080910
http://forums.isaserver.org/m_2002007828/mpage_1/key_open%2cport/tm.htm#2002008208

(in reply to sambo)
Post #: 16
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 13.Jan.2007 11:27:17 AM   
sambo

 

Posts: 12
Joined: 20.Jul.2005
From: Cincinnati, OH
Status: offline
ah so if you are a chosen one then it is OK to say whatever you want without regard to professional courtesy?

what defines arrogance for you?

your response to me helps this thread how?  couldn't you have emailed me offlist if it was waranted?  seems you are more important than the subject of the thread ...hmm? arrogance?

My post took less than 5 minutes to produce a semi-helpful direct answer but you don't have 5 minutes?  How much time have you invested in your non-answers posts in this thread?


(in reply to ClintD)
Post #: 17
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 14.Jan.2007 6:49:42 PM   
ClintD

 

Posts: 1848
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
I don't know which comments are to be considered without 'professional courtesy' but you have my sincere apologies for them.

In my future posts to both you and RayH, I will ensure that I handle my replies with the utmost delicacy and ensure all of those posts are germane and of the utmost quality with regard to the topic being discussed.

(in reply to sambo)
Post #: 18
RE: Howto Open Ports - SIMPLY - in ISA 2004 - 15.Jan.2007 6:10:52 AM   
Guest
Common guys!
Just take it easy!
I've answered myself to such a question a while ago with a direct answer(if that means I've bought it I care little about that).
But the idea behind this is that the answer would not help you at all.
What they want to say is that every minute spent by you reading how to proper use
ISA related to some issue will help you later saving hours(maybe even your job) and that is not a waste of of time. A waste of time will be just to take the answer of that question and apply it.
That funny picture isn't all about laughing. If you read the comments there it is simple
to see your solution(the right direction to follow). And using Stefaan indication: the ISA help file probably will solve your problems.
You don't need hundreds of hours learning what is an access rule, how you use it or how access is allowed through ISA.
Actually some of Stefaan's articles show you how to do that.
Spending many hours working with ISA and on this forum it is quite easy to see that
people really like simple things with simple solutions and that people tend to quicly
don't care if they found a working solution to their problem and then just walk forward.
If it works who cares?
You can say:
"Ok I drive my car every day but I don't know how it works. I'm speaking every day on my cellular phone and I don't know how it works. Actually a lot of people do so.
So why bother?"
Well what this guys arround here are saying is that you should care about that and before jumping in from a basic firewall to a complex one it will be helpful to read something about it.
What they are saying is that based on their experience, what they have seen in many years(they've been there in the same situation as you too, actually everybody was)
they can easily know what problems you have, what your level of knowledge about
firewalls is and a lot of stuff like those and they can indicate you the right direction to follow.
They have seen this like many other things many many times before and they know pretty much what to expect.
You can say that is not important when somebody gives you an explanation and then throw in your face their experience and what great stuff they did...
They only must throw heavy arguments because if you turn your eyes on how big and strong are corporations they can suddenly look so small compared with a bunch of guys in a small garage.
Also everybody can make a mistake.
Ok.
Now let me tell you something without professional courtesy and with arrogance:
Listen to them about your problems related to this issue and they will save your a**.
How?
Very simple.
If they can see all of those things about you, the same thing would be seen by an attacker who is very pronned to such things. Because this will be the first thing an attacker will search for.
He will not try to defeat your firewall. He will try to defeat "THE SYSTEM". And you are part of that system. If YOU are vulnerable so is your network. His target is the system and the firewall is also a part of that system and at some point the atacker will focus on it too.
What these guys are saying is that the best firewall in the world will be useless without your knowledge.
Sharing their knowledge in an innapropiate way would rather give you little help.
Kindly best regards!
Adrian.

(in reply to ClintD)
  Post #: 19

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Howto Open Ports - SIMPLY - in ISA 2004 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts