• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Allow winbox behind ISA?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Allow winbox behind ISA? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Allow winbox behind ISA? - 6.Jan.2012 10:03:51 AM   
ahmednight

 

Posts: 13
Joined: 3.Jan.2012
Status: offline 		Hi every one,

After I've installed ISA server I no longer able 2 use Winbox tool for detecting mitotic devices,

I knew Winbox use the following port

via IP address w/ winbox it will make an outbound TCP dst port 8291.
When you click on the ... (browse button), winbox will send out a UDP broadcast packet w/ src port 5678
Any Mikrotik box's that have discovery turned on should respond w/ a brodcast packet w/ dst port 5678

If connecting via MAC address w/ winbox it will send out UDP broadcast w/ dst port 20561

I add all this ports as new protocol and add an access policy for each of them but it still do get result when browse button press.

Here what my log shows,

Destination IP: 255.255.255.255
Soure IP: (My local IP): 192.168.0.2
Destination Port: 5678
Action: deny connection

Why ISA still deny the port ?? do I need some kind of allowing scan through this port?
Please Advise ...

Thanx in Advance
Post #: 1
RE: Allow winbox behind ISA? - 6.Jan.2012 5:34:52 PM   
hadideveloper

 

Posts: 156
Joined: 20.Jun.2011
Status: offline 		Hi,
the problem is not about port it's about the connection did you set the TO & FROM correctly?

(in reply to ahmednight)
Post #: 2
RE: Allow winbox behind ISA? - 7.Jan.2012 1:16:27 AM   
ahmednight

 

Posts: 13
Joined: 3.Jan.2012
Status: offline 		Thx for the Relay,

Indeed I was having problem with TO & From (UDP was Receive Send not the opposite).

Problem Now is I have device with IP 0.0.0.0 (default IP) Which Winbox still not detect it this is my setting


this is what appear

Denied Connection
Log type: Firewall service
Status:
Rule:
Source: (0.0.0.0:20561)
Destination: Local Host (255.255.255.255:30015)
Protocol: Unidentified UDP Traffic


If I enable 30015, same thing happen with different port number appear.

(in reply to hadideveloper)
Post #: 3
RE: Allow winbox behind ISA? - 7.Jan.2012 1:54:57 AM   
hadideveloper

 

Posts: 156
Joined: 20.Jun.2011
Status: offline 		Hi,
as you can see there is no rule assigned for the connection so the default rule (deny all) is used, add 30051 to the rule and the next port number too because there is no way.

(in reply to ahmednight)
Post #: 4
RE: Allow winbox behind ISA? - 7.Jan.2012 6:25:16 AM   
ahmednight

 

Posts: 13
Joined: 3.Jan.2012
Status: offline 		Thx again for the reply,

I tried to add this port 30015 and the other one that appear but no luck.
As u may notice in my previous post the deny rule is EMPTY and not equal to default rule.
Every time I run the application, different port number appear in the log.
I also add the Unidentified UDP protocol from the list (which content most of the ports) no luck.

As far as I know I should only care about the Source port (which is the one on my side),
after I've allow port 20561 as I show u in the previous post

why this keep appear

Denied Connection
Source: (0.0.0.0:20561)
Destination: Local Host (255.255.255.255:XXXXX"different every time")

What I'm missing here ???!!!

Can one allowed the IP 0.0.0.0 ??

(in reply to hadideveloper)
Post #: 5
RE: Allow winbox behind ISA? - 10.Jan.2012 4:18:32 AM   
PatrickM

 

Posts: 112
Joined: 23.May2001
From: Skutskär, Sweden
Status: offline 		I am trying to understand what your setup is.
Is ISA in betwean winbox and the network you are trying to communicate with (2 NIC's)?
BTW: routers (ISA/TMG) does not forward limited broadcasts (255.255.255.255), broadcasts are only valid in a local subnet..
Or, is winbox installed on ISA :}
I think you should configure rules so that From and To fields are more specified
[From]:Localhost(ISA)-[To]:Internal
and
[From]:Internal [To]:Localhost(ISA)

Do you have any loginformation about [Rule] and [Result Code]

Thanks

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to ahmednight)
Post #: 6
RE: Allow winbox behind ISA? - 10.Jan.2012 2:56:13 PM   
ahmednight

 

Posts: 13
Joined: 3.Jan.2012
Status: offline 		Thx 4 ur Reply,

I've a 2 NIC network, but as for Test, I'm running the Winbox from the ISA. Still wont work.
I've enable the port 5678 UDP FROM & TO every where as a false hope to allow traffic for 0.0.0.0

As u my know, WinBox search for MAC Addresses through port 5678. It can find IP but not the ones with 0.0.0.0 address. When I start the search with application

these logs appear, here as u also requested



Thax again ...

(in reply to PatrickM)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Allow winbox behind ISA? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts