Solved

Clients can't surf!

Posted on 2004-09-09
5
341 Views
Last Modified: 2012-05-05
Hi all,
This is my situation now..

I have a Standard server (STDSRV) and an ISA server (ISASRV). They are connected together thru a hub and the ISASRV is connected to the Internet Router. My client PCs are all connected to the STDSRV. The client PCs are able to access the internet. But recently, my ISASRV crashed and I'm forced to reformat it. No backup was done, so I need to reconfigure the entire ISASRV.

But after I've completed my configuration, my STDSRV can't ping to the ISASRV. After I disabled these four services namely: Microsoft Firewall, Microsoft Web Proxy, Microsoft Scheduled Cache Download and Microsoft ISA Server Control, my STDSRV is able to ping to the ISASRV.

Even if the two servers are able to ping each other now, my STDSRV still can't access the internet. When the 4 services are up, I tried pinging the STDSRV from ISASRV and Router from ISASRV. I got a "Destination Host Unreachable" msg.

Any suggestions would be greatly appreciated. Thanks!
0
Comment
Question by:Ouzo85
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12024400
It sounds like you didn't set any rules up for the ISA server after you reinstalled.  By default, ISA blocks all requests to it (incoming and outgoing) - which is a good thing.  I don't know how familiar you are with setting up and ISA server or what version you are running.  Your best bet is to go to www.isaserver.org and read up on installing and configuring the server.  As with all firewalls, there isn't an easy way to determine what rules you should setup as every environment has its own needs.

Just to start however, do not ever disable the Firewall service.  That basically leaves your network open to the outside.

Setup a new rule that allows the Internal LAN to access the External WAN using the HTTP and HTTPS protocol.  That rule alone should get your users browsing the Internet right away - I hope they are not complaining.

If you want to be able to ping the ISA server from the STDSRV, just setup a rule that allows the STDSRV to access the Firewall server using the Ping protocol.  Remember to set the From and To fields correct as you don't really want the outside Pinging to the inside.

Again... sorry to hear about your server crash but ISA server isn't the only thing you need to setup again as the Windows OS that is on the firewall server needs to also be hardened (security patches, some security tweaks, etc.)  As I mentioned this before, you will find all this info at www.isaserver.org  Good luck.
0
 

Author Comment

by:Ouzo85
ID: 12024899
--LimeSMJ
Thanks for your reply. Sadly, I've already inputted the default rules into the ISASRV already and the rule that supposedly allows my clients to access the Internet is already in place.

For your second suggestion abt setting a rule "that allows the STDSRV to access the Firewall server using the Ping protocol..", I will try that out.

In the meantime, do you have other suggestions? I'm ruling out any tweakings to be done on my STDSRV as its the ISASRV that crashed and naturally, if there's any rules/filters missing, it would be on the ISASRV side. Correct me if I'm wrong.

Thanks.
0
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 125 total points
ID: 12024961
I should've been clearer in my server hardening... you don't need to do anything on STDSRV.  However the ISASRV machine is running Windows itself - that operating system needs to be locked down... things like the lastest service packs, disabling services that you don't need (like IIS - unless you are doing an SMTP relay), etc.

Here's an article that I used to secure the Windows setup on my ISA server machine:
http://www.isaserver.org/tutorials/ISA_Server_Security_Checklist__Part_1_Securing_the_Operating_System_and_the_Interface.html

The article was written for Win 2000 Server but there are some similarities that you can use for Win 2003 (I myself am using Win 2003 Server to run ISA 2004).

Regards.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows 10 being blocked by AVG 3 80
Best firewall recommendation 12 217
Firewall attack 16 198
Forwarding web requests to different web servers 15 222
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question