• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall Client problem?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall Client problem? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall Client problem? - 29.Mar.2002 7:02:00 PM   
jmlohren

 

Posts: 80
Joined: 7.Sep.2001
From: Spokane, WA USA
Status: offline
Is there any reason as to why, if I have a full access policy (wide open rules on ISA Server) that my Firewall clients wouldn't be able to recieve mail from a POP3 server, yet the SecureNAT clients can?
Post #: 1
RE: Firewall Client problem? - 29.Mar.2002 7:20:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jim,

I've had this problem a couple of times. It appeared to be (in my experience), to be a transient problem with the ISP hosting the POP site. Never was able to figure out what the exact problem was, but I did notice the same thing, that when I disabled the Firewall client, POP started working again. The problem resolved itself after the ISP handled its POP issues. I think it was a time-out problem.

HTH,
Tom

(in reply to jmlohren)
Post #: 2
RE: Firewall Client problem? - 29.Mar.2002 7:23:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jmlohren,

if it works for SecureNAT client it should work for Firewall clients also. Have you already checked the ISA logs if ISA blocks those requests? Make sure you enable ISA to log all fields. The fields Rule#1 and Rule#2 indicates which protocol rule and site&content rule allows the access.

Hope this helps,
Stefaan

[ March 29, 2002, 07:25 PM: Message edited by: spouseele ]

(in reply to jmlohren)
Post #: 3
RE: Firewall Client problem? - 29.Mar.2002 7:50:00 PM   
jmlohren

 

Posts: 80
Joined: 7.Sep.2001
From: Spokane, WA USA
Status: offline
I checked the logs and everything seems to be working just fine.
With the Firewall client it would usually say recieving 1 of x e-mails and then just eventually stop. With SecureNAT it would work fine.
I even went as far as removing the logs, starting ISA, and trying to get e-mail with the firewall client...copying the log files, clearing them out, and then doing it again with SecureNAT. both seem, according to the logs to be getting access to what they need.

I don't mind running them as SecureNAT, just liked the added abilities of the firewall client.

Any idea as far as what the ISP POP problem would be? This is our first site implementing ISA, so I might try the firewall client again at a different site.

Thanks again.

(in reply to jmlohren)
Post #: 4
RE: Firewall Client problem? - 29.Mar.2002 9:23:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jmlohren,

if the ISA log show no problems, then I would get out my Sniffer and start snooping on the external interface to see what is happening on the wire. If you don't have a Sniffer for that, install the Network Monitor on the external interface of ISA (included in W2K) and try to determine where the problem is situated: ISA or the ISP. Have a lot of fun... [Razz]

Hope this helps,
Stefaan

(in reply to jmlohren)
Post #: 5
RE: Firewall Client problem? - 29.Mar.2002 10:18:00 PM   
jmlohren

 

Posts: 80
Joined: 7.Sep.2001
From: Spokane, WA USA
Status: offline
Here's one thing I noticed on the log for my External interface incoming requests:

code:
#Software: Microsoft(R) Internet Security and Acceleration Server 2000
#Version: 1.0
#Date: 2002-03-19 01:37:30
#Fields: date time source-ip destination-ip protocol param#1 param#2 filter-rule interface
2002-03-19 01:37:30 208.56.253.32 63.228.110.201 Tcp 110 5943 BLOCKED 63.228.110.201
2002-03-19 01:38:35 208.56.253.32 63.228.110.201 Tcp 110 6058 BLOCKED 63.228.110.201
2002-03-19 01:39:29 208.56.253.32 63.228.110.201 Tcp 110 5943 BLOCKED 63.228.110.201

The source IP is my ISP's mail server. Not sure what is going on with this.

[ March 29, 2002, 10:20 PM: Message edited by: jmlohren ]

(in reply to jmlohren)
Post #: 6
RE: Firewall Client problem? - 29.Mar.2002 10:40:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi jmlohren,

the log indicates that packets coming from the POP3 server (port 110) are blocked by ISA. This should clearly not happen!

Double check your configuration for errors. If all seems OK, tell ISA to log all packets (blocked and allowed) and all fields. In this log extract, I cann't see if ISA is blocking data or the connection accept message and how long it takes between the TCP connection request and the TCP connection accept. It could be a timing issue also.

BTW --- you can test easily the rule set with telnet pop3_server 110. You should be able to make the connection.

Hope this helps,
Stefaan

(in reply to jmlohren)
Post #: 7
RE: Firewall Client problem? - 29.Mar.2002 10:51:00 PM   
jmlohren

 

Posts: 80
Joined: 7.Sep.2001
From: Spokane, WA USA
Status: offline
Thanks. I'll definately try that. I noticed that the default POP3 entries in ISA are for outbound connections only, so I think, and from looking at it it doesn't seem to be allowing the response through.
I'll try your suggestion and post back what I run into. Thanks for your quick responses! I greatly appreciate it!

(in reply to jmlohren)
Post #: 8
RE: Firewall Client problem? - 30.May2004 4:49:00 AM   
Johno

 

Posts: 23
Joined: 23.Dec.2002
From: Oz
Status: offline
I also have this problem with pop3.I get the exact same output in my logs even with an "All Open" rule in place. TCP 110 Blocked.
Did anyone solve this?
This is the second time I have had this problem which seems to show up after a series of unexpected shutdowns of the entire box due to power failures.Is it a fault in the ISA server installation needing a re-install. That was how I fixed it the first time however I changed the box so did a W2k server re-install also.

Please help

[ May 30, 2004, 05:19 AM: Message edited by: Johno ]

(in reply to jmlohren)
Post #: 9
RE: Firewall Client problem? - 11.Jun.2004 7:22:00 PM   
fyrish

 

Posts: 1
Joined: 11.Jun.2004
Status: offline
Hello, guys!
I've just solved this problem. I don't think it's 100% solution for everyone but still I hope it can help someone. I've inspected my Packet Filter logs and found blocked packets. The trick that fixed problem we're talking about is to disable and then enable Packet filtering in Packet Filter Options. And that's all! Now it works perfectly, my firewall clients get POP3 and IMAP protocols working. Sure, I've stopped isa services including mspfltex driver during this operation

(in reply to jmlohren)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> Firewall Client problem? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts