[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

PC Anywhere over ISA

Does anyone have experience giving PC Anywhere access through ISA server?  New versions of both.  How do you set this up?
0
Vendi
Asked:
Vendi
  • 4
  • 4
  • 2
  • +1
1 Solution
 
geoffrynCommented:
Do you need to be able to connect inbound through the ISA or outbound?
0
 
VendiAuthor Commented:
Inbound.  It will be used for support people off site to connect.
0
 
HousenetCommented:
I havent really worked with ISA server but it seems logical that you'd have to create a filter to allow inbound access to the ports 5631 TCP and 5632 UDP.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
SunBowCommented:
Housenet mostly correct. ISA default is nothing. Your turn.

Missing pieces here, are typically other kinds of firewall lingo, if these are new, were you born yesterday?

In other words, isn't there other equipment already invested in that may be filtering?

On filtering, I dunno if Housenet gave all the right ports, but it is simple enough, and Housenet did remind us to look at inbound and outbound tcp and udp. 1st, look at the manual if this is a bona fide licensed product, then, if manual was bent folded, mutilated or stapled, surf over to Symantec, there's good maintenance info kept there.

Last - uh, you know what firewall does? Know what pcAW does? Suppose my pc found yours on the net. Want to let me have a crack at it? As if I am you?

Just trying to use diff. methods here to encourage you to cya, cover your bases here. Back to beginning - ISA .doc did claim that default is nothing gets through.
0
 
SunBowCommented:
> Inbound.  It will be used for support people off site to connect.

This is exactly what common folk and VIPs want.
This is exactly what firewall folk try to prevent.

(therefor, seek accomodation whereby device on inside contacts the outside to initiate connection. Or, have exposure that leads to like the Microsoft network downtime)
0
 
HousenetCommented:
Hey Sunbow, can I ask you something ? Is enlish your first language ? This is probably the 4-5th comment Ive read that you've posted, & your words always sound like riddles or the thoughts of an insane person. We are here to provide basic technical support in plain english. To the point & clearly expressed. Maybe there is a poetry support site you can express your crazy rantings on or something..
0
 
VendiAuthor Commented:
Hi,
Thanks for all your comments.  Actually, we are aware of the security caveats involved.  Unfortunately, the vendor of a software package we use, needs this access to troubleshoot.  We are trying to get them to use Terminal Services instead but it is slow going.  Our idea is to enable this access long enough for them to get a look and decide that yes really their software is causing a problem.  Until then, we are getting nowhere with having our issues resolved by their support people, default answer is "we need access first."

I hope this explains why we need to do things this way.  Additionally, all our software is legal and licensed and so on.  We have checked with the manuals and nobody has a problem with describing outbound connections.  It is the inbound connection over ISA that trips things up.

Thanks again for any help you can give.  I am a "newbie" to firewall speak and appreciate your warnings and advice.

0
 
VendiAuthor Commented:
Well, we finally found out they will use terminal services even though they don't like to.  Which is a big relief!!I'm happy to split up points in whatever way you determine is fair or delete the question.  Let me know.  
0
 
HousenetCommented:
Vendi do whatever you like... Terminal server uses tcp port 3389....
-I dont know if this is an issue with ISA.. I guess being another MS product, it probably intergrates seemlessly with ISA...& no modifications are required.. Is this true ?

0
 
geoffrynCommented:
Yes.  There are built in protocol filters for RDP.  You have to build them for most third party serives.
0
 
VendiAuthor Commented:
Hi Housenet,
I talked to the Sys Admin who set up the terminal services access.  He described as follows:

In the ISA Management console:  
  Find Policy Elements | Protocol Definitions
     Right Click and choose new definition.
     There are 3 areas to fill in:
       3389
       TCP
       Inbound

Then go to Published Rule:
  Here is where you bind the external and internal ip addresses.  (Action tab)  Then in the Applies To tab you can create your restrictions on who can utilize this.

:)
 
 
0
 
HousenetCommented:
Cool Thanks..
-Since we started insisting our customers use hardware firewalls we've basically dropped proxy all together... I'm sure I'll have to install ISA at some point soon..
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now