• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

blocking access to a destination set disrupts other rules

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 General] >> General >> blocking access to a destination set disrupts other rules Page: [1]
Login
Message << Older Topic   Newer Topic >>
blocking access to a destination set disrupts other rules - 23.Apr.2002 3:44:00 PM   
abeeber

 

Posts: 31
Joined: 24.Oct.2001
From: Norwell, MA, USA
Status: offline
Hi everyone,
I have a weird problem. I have a fairly liberal access rules policy (allow all outbound access). However, I wanted to deny access to a streaming media site (media.mediaxtranet.net). So I created a destination set to that site (in my testing I tried both domain name ie *.mediaxtranet.net and IP address and IP address range). When I enable it the rule works. Users who are streaming from that site get disconnected.

HOWEVER, and here is my problem. My DBA has a job that connects to a sql server to pull data from this data service. When my deny rule to mediaxtranet.net is enabled. This job fails. The sql server is on a different domain and IP address.

Also I have tried deny only audio traffic to the mediaxtranet.net site and still sql connect gets blocked.

Andrew
Post #: 1
RE: blocking access to a destination set disrupts other... - 24.Apr.2002 12:22:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Andrew,

That's quite odd. I don't see how a site not at all related to the one that is blocked would have an effect on the other. What do the log files say about these connections?

Thanks!

Tom

(in reply to abeeber)
Post #: 2
RE: blocking access to a destination set disrupts other... - 24.Apr.2002 3:35:00 PM   
abeeber

 

Posts: 31
Joined: 24.Oct.2001
From: Norwell, MA, USA
Status: offline
Hi Tom,
This is the frustrating part. When I check the firewall log, it shows a sucessful connection via TCP 1433.

However, then my deny rule is enabled. I see on the packet filter log Blocked UDP packets from the SQL Server we are trying to pull data from.

I check microsoft's knowledge base and they meantion the use of UDP 1024-5000 as part of a 3-way handshake between a sql client and a server.

What frustrates me is that the connect works when my deny rule is disabled.

I have also tried creating a protocol definition for this UDP range and still no luck.

Andrew

(in reply to abeeber)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 General] >> General >> blocking access to a destination set disrupts other rules Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts