• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FIrewall Client installation on ISA Server

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> FIrewall Client installation on ISA Server Page: [1]
Login
Message << Older Topic   Newer Topic >>
FIrewall Client installation on ISA Server - 20.Sep.2002 10:27:00 PM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
Im using a dialup & ISDN each with standaloone ISA sever. On both PCs two of our manager do their day to day work. They also needed outlook. To configure it properly I installed ISA Firewall Client on ISA server. During installation it says, it is not recommended to install it on ISA. But without it outlook wasn't working. Even I''ve configured POP3 & SMTP including the access rules.

But some times it create problems of outlook unable to connect POP3/SMTP server on ISA. While ISA clients use outlook on the same POP3/SMTP server withoooout any error.

What are the problems which arises after using client on ISA itself?

Also are there any problems in using MS Terminal service on ISA. We are using it for some tasks which we need to do on remote or on ISA server.
Post #: 1
RE: FIrewall Client installation on ISA Server - 20.Sep.2002 10:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi FNF,

Never, EVER install the Firewall client on the ISA Server. It is a *forbidden* configuration.

HTH,
Tom

(in reply to faisy)
Post #: 2
RE: FIrewall Client installation on ISA Server - 20.Sep.2002 11:02:00 PM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
quote:
Originally posted by tshinder:
Hi FNF,

Never, EVER install the Firewall client on the ISA Server. It is a *forbidden* configuration.

HTH,
Tom

Ok fine. But tell me how to enable outlook to access remote POP3/SMTP account, if I use to work on ISA server instead of being on client machine?

Secondly what are the effects on ISA if I do so?

(in reply to faisy)
Post #: 3
RE: FIrewall Client installation on ISA Server - 20.Sep.2002 11:06:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi FNF,

for applications on ISA itself, you'll have to define packet filters to get outbound access. POP3 uses TCP port 110 outbound and SMTP uses TCP port 25 outbound.

HTH,
Stefaan

(in reply to faisy)
Post #: 4
RE: FIrewall Client installation on ISA Server - 21.Sep.2002 1:32:00 PM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
quote:
Originally posted by spouseele:
Hi FNF,

for applications on ISA itself, you'll have to define packet filters to get outbound access. POP3 uses TCP port 110 outbound and SMTP uses TCP port 25 outbound.

HTH,
Stefaan

I've defined the POP3 & SMTP packet filters to allow traffic of these protocols. But when I use outlook on ISA server, it doesn't work witout firewall client. Some times it does if I disable firewall client. Web browsing works fine. Any reason for that strange behaviour of outlook on ISA server?

(in reply to faisy)
Post #: 5
RE: FIrewall Client installation on ISA Server - 21.Sep.2002 1:45:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi FNF,

I assumed you have first followed Tom's advice "Never, EVER install the Firewall client on the ISA Server. It is a *forbidden* configuration." and de-installed the Firewall client on ISA. Once that done, use packet filters to get outbound POP3/SMTP access with Outlook on ISA.

HTH,
Stefaan

(in reply to faisy)
Post #: 6
RE: FIrewall Client installation on ISA Server - 23.Sep.2002 10:35:00 AM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
quote:
Originally posted by spouseele:
Hi FNF,

I assumed you have first followed Tom's advice "Never, EVER install the Firewall client on the ISA Server. It is a *forbidden* configuration." and de-installed the Firewall client on ISA. Once that done, use packet filters to get outbound POP3/SMTP access with Outlook on ISA.

HTH,
Stefaan

I've already defined POP3 & SMTP packet filters. Now I've even uninstalled the Firewall Client.

Now guess what? Every client is able to connect to remote POP3 server. But on ISA I'm unable to connect to that POP server using MS Outlook.

Any idea how to make it work on ISA server? Its not working after uninstalling Firewall Client.

(in reply to faisy)
Post #: 7
RE: FIrewall Client installation on ISA Server - 23.Sep.2002 9:01:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi FNF,

hmm... I've reread the complete topic and now I see you are using a dialup connection for the external interface. I have never used dialup connections on ISA, but If I remember well that will *not* work. Only the web proxy and firewall service seems to trigger the dialup connection, not traffic originating on the ISA server itself and allowed by packet filters. So, ...

BTW --- ISA is supposed to be a firewall, not a general purpose workstation or application server! [Razz]

HTH,
Stefaan

(in reply to faisy)
Post #: 8
RE: FIrewall Client installation on ISA Server - 23.Sep.2002 9:56:00 PM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
quote:
Originally posted by spouseele:
Hi FNF,

I've reread the topic and now I see you are using a dialup connection for the external interface. I have never used dialup connections on ISA, but If I remember well that will *not* work. Only the web proxy and firewall service seems to trigger the dialup connection, not traffic originating on the ISA server itself and allowed by packet filters. So, ...

BTW --- ISA is supposed to be a firewall, not a general purpose workstation or application server! [Razz]

HTH,
Stefaan

Hi Spouseele,

I'm using one ISA on Dialup connection for almost 8 months & it was & is working perfectly. (except that POP / SMTP issue) Same is the case with our 2nd ISA, which is having ISDN connection.

Any way now I've uninstalled Firewall client on my ISA server. For POP & SMTP I temporarily enable All Incoming / Outgoing Traffic & then disable that filter.That is how now Im using Outlook on ISA. (I know its even worst that earlier case. [Frown] )

I think you are right by saying " ISA is supposed to be a firewall, not a general purpose workstation or application server "

Now can any one tell me why Firewall Client is not recommended on ISA. (I know even during its installation, it says its not recommended..)

(in reply to faisy)
Post #: 9
RE: FIrewall Client installation on ISA Server - 23.Sep.2002 11:15:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi FNF,

you will have to ask that question to Microsoft! [Razz]

The Firewall client is a Winsock Redirector and is implemented as a Winsock LSP (Layered Service Provider) service. Basically, it intercepts all winsock requests (TCP/UDP), checks if the requested destination is in the LAT and if that's not the case forward the request to the Firewall service on ISA. If you want more information on how it works, check out my article http://www.isaserver.org/pages/article.asp?id=347 .

So, it seems rather obvious to me that intercepting requests on the firewall itself and forwarding them to the firewall service on the same server is asking for trouble. The Firewall client is just not designed to be implemented on ISA itself! [Big Grin]

HTH,
Stefaan

(in reply to faisy)
Post #: 10
RE: FIrewall Client installation on ISA Server - 23.Sep.2002 11:18:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi FNF,

If you're running applications on the ISA Server itself (POP, SMTP, NNTP, etc), you need to create packet filters to support them. Since you're sitting at the ISA Server, you can manually dial up the connection.

HTH,
Tom

(in reply to faisy)
Post #: 11
RE: FIrewall Client installation on ISA Server - 23.Sep.2002 11:30:00 PM   
spouseele

 

Posts: 12830
Joined: 1.Jun.2001
From: Belgium
Status: offline
Hi Tom,

thanks for dropping in because I have no experience with dialup connections! [Big Grin]

Thanks,
Stefaan

(in reply to faisy)
Post #: 12
RE: FIrewall Client installation on ISA Server - 24.Sep.2002 11:44:00 AM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
quote:
Originally posted by tshinder:
Hi FNF,

If you're running applications on the ISA Server itself (POP, SMTP, NNTP, etc), you need to create packet filters to support them. Since you're sitting at the ISA Server, you can manually dial up the connection.

HTH,
Tom

I've defined POP3 & SMTP packet filters to allow traffic of these protocols. On clients its working perfectly, but on ISA server it isn't working.

Im really thankful to you & spouseele for giving me your ideas on this topic.

(in reply to faisy)
Post #: 13
RE: FIrewall Client installation on ISA Server - 24.Sep.2002 2:35:00 PM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
I forgot to mention that my dialup & ISDN accounts have Static IPs on external interfaces. [Smile]

(in reply to faisy)
Post #: 14
RE: FIrewall Client installation on ISA Server - 27.Sep.2002 3:36:00 PM   
T_Lawson

 

Posts: 50
Joined: 6.Jun.2002
Status: offline
Here is what Microsoft has to say...

The Internet Security and Acceleration Server 2000 Firewall Client Is Not Supported on Internet Security and Acceleration Server 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q304919

You Do Not Receive a Warning Not to Install ISA Firewall Client on ISA Server 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313430

(in reply to faisy)
Post #: 15
RE: FIrewall Client installation on ISA Server - 30.Sep.2002 8:19:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by spouseele:
Hi Tom,

thanks for dropping in because I have no experience with dialup connections! [Big Grin]

Thanks,
Stefaan

Hi Stefaan,

Thanks! I support a good number of ISDN connections, so I have experience with that. All those ISDN links have dedicated IP addresses though.

Thanks!

Tom

(in reply to faisy)
Post #: 16
RE: FIrewall Client installation on ISA Server - 30.Sep.2002 8:21:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:
Originally posted by FastNFurious:
I forgot to mention that my dialup & ISDN accounts have Static IPs on external interfaces. [Smile]

Hi FNF,

If you have packet filters for POP3 and the other protocols, you will be able to use the client apps on the ISA Server.

How do you have the packet filters configured?

Thanks!

Tom

(in reply to faisy)
Post #: 17
RE: FIrewall Client installation on ISA Server - 1.Oct.2002 11:21:00 AM   
faisy

 

Posts: 19
Joined: 19.Sep.2002
From: Minneapolis, Minnesota
Status: offline
quote:
If you have packet filters for POP3 and the other protocols, you will be able to use the client apps on the ISA Server.

How do you have the packet filters configured?

Under Access Policy > IP Packet Filters I've created two filters for SMTP & POP3 using predefined filters for POP3 & SMTP. Under Local Computer tab its Default IP on the external interface. Under Remote Computer its for All REmote Computers.

(in reply to faisy)
Post #: 18
RE: FIrewall Client installation on ISA Server - 1.Oct.2002 5:49:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi FNF,

You better check the directions on those packet filters [Big Grin]

(you need to create your own).

HTH,
Tom

(in reply to faisy)
Post #: 19

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> Firewall Client >> FIrewall Client installation on ISA Server Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts