Welcome to ISAserver.org

SSH, Telnet, RDP, and FTP blocking

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Firewall] >> General >> SSH, Telnet, RDP, and FTP blocking

Page: [1]

Message

<< Older Topic Newer Topic >>

SSH, Telnet, RDP, and FTP blocking - 7.Mar.2007 12:04:45 PM

drumtrav

Posts: 9
Joined: 26.Jun.2006
Status: offline

I work in a helpdesk environment, we only want to use ISA to block internet access to certain websites and block all internet to certain users. That is setup and working fine.

However, The helpdesk users often use FTP, Telnet, SSH, and RDP to connect to customer's site and work. I have create access rules to allow these protocols. However, they are not working.

My questions are.

1. IS there a way to setup the ISA (2006) to not worry about the listed protocols. (bypass and let end to end communcations)
2. If not, how should these be setup besides the obivious rules I have in place.

In my error logs I am getting the following for ssh and telnet:
0x0 ERROR_SUCCES
then after 60 sec
0xc0040038 FWX_E_TCP_NO_SERVER_REPLY

We use putty for ssh programs, and a program called PRocomm for telnet connections. Putty does have a tab for proxy settings, procomm does not. We use IE for FTP connections

Post #: 1

Featured Links*

RE: SSH, Telnet, RDP, and FTP blocking - 9.Apr.2007 11:18:04 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

How many NICs in your ISA Firewall?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to drumtrav)

Post #: 2

RE: SSH, Telnet, RDP, and FTP blocking - 9.Apr.2007 11:42:15 AM

drumtrav

Posts: 9
Joined: 26.Jun.2006
Status: offline

Sorry I meant to update this.

I resolved my issue with the best pratices analyzer. We have one NIC and after I ran the single ended NIC wizard and changed some rules. It works now.

(in reply to drumtrav)

Post #: 3

RE: SSH, Telnet, RDP, and FTP blocking - 10.Apr.2007 10:41:59 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

That's the problem, you're running in "hork mode" which only supports HTTP and HTTPS. No other protocols are supported in "hork" or "broken" mode.

Get a second NIC in that ISA Firewall ASAP! Right now you're not secure.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to drumtrav)

Post #: 4

RE: SSH, Telnet, RDP, and FTP blocking - 10.Apr.2007 11:02:18 AM

drumtrav

Posts: 9
Joined: 26.Jun.2006
Status: offline

We are secure. This is all behind our Cisco ASA appliance. I am not using this as a true "firewall". I'm only using this for a proxy to limit internet access to users. I'm not interested in anything else it does. It is working just fine.

(in reply to drumtrav)

Post #: 5

RE: SSH, Telnet, RDP, and FTP blocking - 11.Apr.2007 12:41:39 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Check www.secunia.com and compare the bugs in the ASA compared to ISA. ISA is much more secure than an ASA and I personally don't consider the ASA to be secure until Cisco gets some better understanding of what's happening above layer 3.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to drumtrav)

Post #: 6