I have a GPS receiever that transmits a TCP message over port 999 every 10 seconds. I see the traffic hitting the ISA server 2006 firewall but it is getting blocked though I have created an access rule. This is the message that gets logged in the ISA log
These are the steps i followed to create a new access rule 1. Select Action as "Allow" 2. Create new user defined protocol with TCP, Inbound and port range 999 to 999 3. No Secondary connections 4. Set this rule applies to traffic from "External", "Internal" and "Localhost" just to eliminate any mistake, will remove internal and localhost once it works 5. Traffic to I set "Localhost", "Internal" and added a computer with the IP address of my external NIC, again will clean this up to just "Localhost" once it starts working 6. This rule applies to all users option was selected 7. Saved and applied the configuration 8. Clicked on monitoring and checked the configuration tab to see whether the array was synced, it was synced 9. check the logging again and see the same error message
Original Client IP Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Cache Information Error Information Authentication Server Log Time Client IP Destination IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name Log Record Type 117.97.xxx.xxx - TCP - - - 09/09/2009 19:48:07 2020 0 0 0 0x0 0x0 - 10/09/2009 01:18:07 117.97.xxx.xxx 124.125.xxx.xxx 999 Unidentified IP Traffic Denied Connection [Enterprise] Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External Local Host - WTSXXXX Firewall
I also tried NETSTAT with the listening option and the port 999 is not open on the external or internal IP's.
I am a beginner with ISA so any help you could provide would be very much appreciated.