• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Unidentified IP Traffic

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Unidentified IP Traffic Page: [1]
Login
Message << Older Topic   Newer Topic >>
Unidentified IP Traffic - 9.Sep.2009 3:55:48 PM   
suprej

 

Posts: 5
Joined: 9.Sep.2009
Status: offline
Hi,

I have a GPS receiever that transmits a TCP message over port 999 every 10 seconds. I see the traffic hitting the ISA server 2006 firewall but it is getting blocked though I have created an access rule. This is the message that gets logged in the ISA log

WTSxxx 2009-09-09 18:36:24 TCP Source:117.97.xxx.xx:2020 Destination: 124.125.xxx.xxx:999 117.97.xxx.xx External Local Host Denied 0xc004000d [Enterprise] Default rule Unidentified IP Traffic 0 0 0 0

These are the steps i followed to create a new access rule
1. Select Action as "Allow"
2. Create new user defined protocol with TCP, Inbound and port range 999 to 999
3. No Secondary connections
4. Set this rule applies to traffic from "External", "Internal" and "Localhost" just to eliminate any mistake, will remove internal and localhost once it works
5. Traffic to I set "Localhost", "Internal" and added a computer with the IP address of my external NIC, again will clean this up to just "Localhost" once it starts working
6. This rule applies to all users option was selected
7. Saved and applied the configuration
8. Clicked on monitoring and checked the configuration tab to see whether the array was synced, it was synced
9. check the logging again and see the same error message

Original Client IP Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Cache Information Error Information Authentication Server Log Time Client IP Destination IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name Log Record Type
117.97.xxx.xxx - TCP - - - 09/09/2009 19:48:07 2020 0 0 0 0x0 0x0 - 10/09/2009 01:18:07 117.97.xxx.xxx 124.125.xxx.xxx 999 Unidentified IP Traffic Denied Connection [Enterprise] Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External Local Host - WTSXXXX Firewall


I also tried NETSTAT with the listening option and the port 999 is not open on the external or internal IP's.

I am a beginner with ISA so any help you could provide would be very much appreciated.

Many Thanks

SV
Post #: 1
RE: Unidentified IP Traffic - 9.Sep.2009 4:14:53 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi SV,

Configure the custom protocl to be Outbound and not Inbound...in an ISA world, inbound protocols are used with publsihing rules.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to suprej)
Post #: 2
RE: Unidentified IP Traffic - 9.Sep.2009 4:50:23 PM   
suprej

 

Posts: 5
Joined: 9.Sep.2009
Status: offline
Thank you V very much Jason, that solved my problem!!!

(in reply to Jason Jones)
Post #: 3
RE: Unidentified IP Traffic - 9.Sep.2009 5:27:11 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Cool

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to suprej)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Unidentified IP Traffic Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts