• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Packet Filter vs Protocol Rules

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> Packet Filter vs Protocol Rules Page: [1]
Login
Message << Older Topic   Newer Topic >>
Packet Filter vs Protocol Rules - 10.Jul.2009 11:53:48 AM   
JWelna

 

Posts: 1
Joined: 10.Jul.2009
Status: offline
A few years ago, I had a problem using Symantec Antivirus Corporate's virus definition transport on an SBS 2000 server running ISA 2000. I found a tutorial on this website that described creating a protocol rule for SAVCE that involved allowing the ftp and http protocols for a client address set defined by the single IP of the ISA server's inside NIC. This worked great, and it was a methodology I used for years.

A few days ago I upgraded an SBS 2k3 SP1 (non-R2) server to Symantec Antivirus Corporate 10.1.6 and Symantec Mail Security 6.0.8. Symantec Mail Security 6.0.8 requires port 80 and 443 outbound for retrieval of Live Updates and Brightmail Spam rules. I assumed that I would be able to add the https protocol to my standard SAVCE protocol rule that already included ftp and htp. This did not work.

The only way I could get Liveupdate and Brightmail rules to work was to create packet filters for 80 and 443 outbound. In fact, my standard SAVCE protocol rule for ftp and htp were now unnecessary for Symantec Antivirus's virus definition transport, even with the 80 and 443 packet filters off.

In googling the issue, I found references tho the fact that protocol rules apply only to clients, not the ISA box itself. For the ISA box itself, one needs to use packet filters.

If this is true, how could my original methodology of using a protocol rule for SAVCE's virus definition manager (as decribed in a tutorial on this website) ever have worked?

I understand that packet filters look at IP headers and protocol rules look at IP payload. I also realize that outbound dynamic port packet filters on 80 and 443 are not the end of the world. Nonetheless, I am perplexed at why the protocol rule doesn't work for the new version of Symantec AV and Mail Security if it worked in the past.

Am I missing something? Any insight would be greatly appreciated.

Joe Welna
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> Packet Filter vs Protocol Rules Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts