We use a commerce module that uses TCP to process information on a server securely over the Internet. According to the company that provides the module we need port 1139 open on our firewall (ISA).
We created an outbound Protocol Definition for this port with an inbound secondary connection using the same port. We then created a Protocol Rule to allow access from a secure NAT test workstation where this component is being tested.
The component provider said that if the network is configured properly, we should be able to telnet to their server. However, we are unable to telnet to the server. The component must be able to communicate both ways (inbound and outbound) and I believe we have it configured to do so.
What could we be missing? I understand ISA does not immediately pickup rule changes. How long should I need to wait?
Most of the time when a vendor say you have to open port 1139, he should say: allow the protocol TCP port 1139 outbound. So, make a protocol definition with the parameters TCP port 1139 outbound (no secondary connections) and allow it in a protocol rule. Also, make sure there is a site&content rule in place to allow access to that site. To make the change immediately active, bounce the firewall service. Test it with the command 'telnet IP_destination 1139'.
If something isn't working as expected, you should consult the ISA logfiles. They are your primary resource for debugging. To get the most information out of the logfiles, I strongly recommend to enable the logging of all fields. In the MMC, go to the node Monitoring Configuration, then select Logs. In the details pane, right-click the applicable service and then click Properties. On the Fields tab, click Select All.
A lot of people seem to have problems with interpreting the logfiles. It isn't that difficult, but you should first understand what is logged. In the ISA helpfile there is a section called Firewall and Web Proxy log fields, a must read. Additional information can be found in the article http://support.microsoft.com/default.aspx?scid=kb;en-us;Q284818 .