ISA server blocking internal ports? (Full Version)

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure



Message


butcherman -> ISA server blocking internal ports? (5.Apr.2011 6:56:37 PM)

I recently installed a phone system into a customer’s site. We have a soft phone application that we loaded on a few of the customers PC’s. When we open one it works fine. When we open the second we get an error, “Server.exe.config Only one usage of each socket address”.

In this Server.exe.config file on the local pc it is set to point to “url=’tcp://localhost:8000/MyApp/’”. Working with tech support we found that the software uses tcp port 8000 to open up the GUI for the application on the localhost, and this is somehow being blocked.

The customer has an ISA server, we have found that when we remove the computers with the soft phone application from the domain or disconnect the ISA server from the network the problem goes away.

What I’m trying to find out is how if one computer starts the software it ties up port 8000 for all the other computers and how the ISA server is involved. From my understanding the ISA server should only block external traffic. I know that I don’t have a lot of information to give, I’m sorry for that. I’m just trying to find things that might help, things that I can test or tools that I can use to identify this problem.

Thanks guys.




01blackerado -> RE: ISA server blocking internal ports? (19.Jul.2012 10:25:06 AM)

Sounds like they just dont have the rules setup properly. I know it's not a "BEST PRACTICE" but have you tried creating an access rule with all outbound on it?

Try this:

Open ISA management console
Firewall
Right click and create new access rule
Protocol= ALL outbound traffic
Source= internal and localhost
Destination = internal

couple things to check...
in the management console under "networks"
be sure that ALL INTERNAL ip address ranges are associated to the internal interface

Then, once this is all in place,try it again. If it works, then you know the firewall was blocking it. Now all you have to do to figure out why, is disable the new rule for all outbound, then go to the dashboard and click the logging tab. Start a query and you should see denied for the soft phones as they're denied...along with a reason why. Most likely and most obvious, it is block network communications on a specific port. Figure out which port it is then create a new protocol. Call is "soft phones" TCP outbound "port number" save and add this protocol to the current Internal Access rule that they have already.

Done and done




Page: [1]