I am seeing the subject line in my ISA server log files:
Denied Connection IS02 6/16/2011 12:21:58 AM Log type: Firewall service Status: Rule: Source: Internal (10.x.x.81:4117) Destination: Local Host (x.x.x.x:8888) Protocol: Unidentified IP Traffic (TCP:8888) User: Additional information Number of bytes sent: 0 Number of bytes received: 0 Processing time: 0 ms Original Client IP: 10.x.x.81 Client agent:
What does that mean? The clientsuse that port for access and the workstations I see that have this error (and it doesn't happen all the time!) are part of the group allowed to access the ISA.
Thanks for the reply. It doesn't really make sense for that to be the case unless the workstation is producing traffic destined for the ISA server with a DESTINATION port of 8888. Why would that traffic exist? What the workstation should be doing in connecting to the ISA server with a source port of 8888 and a destination port of 80 or 443 requesting access to the proxy services for passing that traffic to the "Internet", correct? The firewall blocks are based on source IP, syn origin (the source of the session) and DESTINATION port , not source, doesn't it?
Thanks for the info Paulo, I finally got the point that the packets are forwarded based on the URL GET request. What I still don't understand is the mechanism for connection from the Internet Explorer browser (workstation) to the ISA server on port 8888 (or the default 8080) and why that traffic isn't identified in any rule I can see in the ISA installation.