• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Publishing Web site driveing me nutz

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> Publishing Web site driveing me nutz Page: [1]
Login
Message << Older Topic   Newer Topic >>
Publishing Web site driveing me nutz - 13.Aug.2007 7:19:00 PM   
wolverine99219

 

Posts: 3
Joined: 22.Apr.2005
From: UK
Status: offline
I've been trying this now for 24 hours solid and getting nowhere.

I have a web publishing rule (number 1 in the firewall policy) it was created using the web publishing wizard link in ISA 2006.

The rule is as follows:
Allow from Anywhere to 172.16.5.56
for http
Path /*
I have a web listener on port 80

When I try to browse to the web site externally this rule is ignored.
If I add a rule to allow http from external and internal to the external IP address of the ISA machine - this rule is picked up and I get the under contruction page from the ISA Server NOT the web site.

Any one got any ideas what I am doing wrong?
Post #: 1
RE: Publishing Web site driveing me nutz - 14.Aug.2007 11:18:39 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
NEVER allow connections to the ISA Firewall's Local Host Network unless you really know what you're doing.

From an external client, do you see the connection attempts in the ISA Firewall's firewall logs?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to wolverine99219)
Post #: 2
RE: Publishing Web site driveing me nutz - 14.Aug.2007 12:54:40 PM   
wolverine99219

 

Posts: 3
Joined: 22.Apr.2005
From: UK
Status: offline
If I remove the localhost from the protocol rule then I get a denied in the log.
It completely ignores the web publishing rule.
If I allow localhost then I see the client requesting access which appears to resolve as the external ip address of the ISA server and therefore loads the local IIS construction page.
I know this is the case because I edited the construction page to prove it.

My question is why is the web publishing rule being ignored? It doesn't figure in the log at all even though it is number one in the processing rules and the protocol rule is around number 8.

This firewall is behind others that are outside of our control. It has a chaining rule to point to the upstream server, and a rule before that telling it to access the internal network directly.

There is an OWA rule which works perfectly. (that's number 2 in the list)

(in reply to tshinder)
Post #: 3
RE: Publishing Web site driveing me nutz - 16.Aug.2007 9:46:46 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Chaining Rules?
Local Host Rules?
This ISA Firewall sounds like a nightmare!

I'd crater it ASAP because it's likely be misconfigured to the point of compromise.

BTW -- GET IIS OFF THE FIREWALL.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to wolverine99219)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> Publishing Web site driveing me nutz Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts