Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
open ports for special sites
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
open ports for special sites - 6.Feb.2008 3:09:26 AM
|
|
|
sesek
Posts: 3
Joined: 5.Feb.2008
Status: offline
|
Hello
I’m working right now in a company in Zambia
we are using ISA 2004 with SP1 ( we will upgrade soon), WIN2003 SP1
one of our executive wants to use a special program
he will need special ports open (see later)
our guy who was doing the FW is after an accident unavailable… so its my job now
\\.
This info I’ve got ...
To connect to the various data vendors supported by The DownLoader through a network firewall, you will need to have your network administrator arrange to allow access to the following ports and addresses.
Please note. The collection from Dial/Data is a two-step process and therefore will be more difficult.
Reuters DataLink: Port 7983, Address: rmn.moneynet.com
Dial/Data: Port 7373 First, Address: dd.trackdata.com. An address is returned to our query and then we use Port 23 and an Internet Host Name provided each time.
Telescan: Port 15327. Address: telegate.telescan.com
\\
- On the one side I just want to open the ports for these special websites
- Is there any danger to open these ports
- And how can I do it
Sorry maybe these are very stupid questions, but I want to make sure that everything will be ok
Thank a Million times in advance
Sebastian
|
|
|
|
|
RE: open ports for special sites - 6.Feb.2008 8:44:05 AM
|
|
|
hrsanchez
Posts: 77
Joined: 30.Nov.2007
From: Argentina
Status: offline
|
Hi, Sebastian,
You can define protocols with the ports that you need to open:
Example: In the Isa console, goto right pane -> protocols - user defined -> new. Using wizard create the protocol with the ports you need to open.
Then you should create and access rule with this protocols. In the access rule you can permit access to only one particular user or group or computers and to only special destinations ( for example url sets ) .
To create computer elements: In the Isa console , go to right pane -> network objects -> computers -> new and follow the wizard.
You can create url sets to define special destinations ( in your case rmn.moneynet.com ).
To create url sets: In the isa console, go to rigth pane -> network objets -> url sets -> new , and follow the wizard.
Now you can create and apply the access rule:
Right click Firewall policies on the left pane -> new -> access rule and wizard opens.
Example access rule:
Name: Permit Reuters
Action: Allow
Selected protocols: Reuterports ( Protocol that you defined before)
From: Computerboss ( Computer that you defined before )
To: Reuter ( Url set that you defined before )
Users: All users ( Here you can restrict accesss to a particular user or group)
Schedule: Always ( here you can restrict time by hours able to access )
Content Type : All content types
Hector
|
|
|
|
|
RE: open ports for special sites - 7.Feb.2008 4:47:00 AM
|
|
|
sesek
Posts: 3
Joined: 5.Feb.2008
Status: offline
|
Hello Hector
Thx for the answer
but i still have some problems
I was follwing your script, after i checked it with netstat -an |find /i "listening" but it seems that these ports are still closed
after i tried just with port 23
i created rule Nr 1
protocols 23 TCP outbound
23 tcp inbound ( i did both way just to make sure)
From internal ( 192.168.11.0-192.168.11.255)
To external
content all, user all
but still i cant find the port 23 open
THx in advance again
sebastian
|
|
|
|
|
RE: open ports for special sites - 7.Feb.2008 8:02:36 AM
|
|
|
hrsanchez
Posts: 77
Joined: 30.Nov.2007
From: Argentina
Status: offline
|
Hi, Sebastian,
In order to view ports Listening you have to run the application that use this ports in the particular machine. When you make the access rule , you permit access through Isa server but you are not open listening ports in a particular machine.
In order to resolve your problem, I suggest to you to investigate whats ports you really need to open:
1- verify what Ip has the PC
2.- In the Isa server console, go to Monitoring -> Logging -> Edit Filter -> make a filter with: Client Ip Equal to the Ip of the PC, and Action Equal Denied
3.- Start the filter
4.- Open the application in the PC. 5.- Go to Isa server console and see whats ports Isa server are denying from the PC´s Ip.
At this moment, you will know whats ports you need to add in the access rule and what rule are denying this ports.
Hector
|
|
|
|
|
RE: open ports for special sites - 7.Feb.2008 8:43:10 AM
|
|
|
sesek
Posts: 3
Joined: 5.Feb.2008
Status: offline
|
Hi Hector
THx for your replies
That means the ports are open i just dont see it because nobody is using it
If it is like this i can borrow the machien and try it.
Greeting from Zambia
seba
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
