?
Solved

ISA firewall mystery has me stumped

Posted on 2006-06-22
10
Medium Priority
?
228 Views
Last Modified: 2013-11-16
Setup is:
SBS 2003 with ISA 2004
4 client PC with XP Pro and Outlook 2003

Problem:
Three of the four client PC are able to retrieve/send  POP/SMTP email using Outlook 2003.  We are not using Exchange at this time.  Each client goes directly to the Internet to retrieve email.  All four PC use the same ISP for email.

The fourth client PC was unable to retrieve email like the others until I added two rules to the ISA firewall.  One rule to allow POP and one rule to allow SMTP.

Question 1:
Why could the fourth PC client not pass through the firewall while the other three could?  I even added the email account from the fourth PC user on one of the other PC’s and we were able to retrieve and send email before the ISA rules were added.

Question 2:
We are using the ISA client on all four PC but I noticed if I disable the ISA client the user can still surf the Internet.  What is the purpose for the ISA client?

Any insight would be appreciated.
0
Comment
Question by:dalva
  • 6
  • 4
10 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16967529
You say its SBS?
Did you add all four PC's in exactly the same way? As you probably know, SBS has a precise way of adding both machines and users which is totally different to the way you would add them through a standard windows 2003 system. If you have done this 4th machine differently then it is likely not in all of the correct groups etc that the other three are in.
This is even further likely based on your comment about disabling the isa firewall client.

The purpose of the ISA firewall client is varied. predominantly it is the preferred interface between the the ISA Server and active directory, authentication and control.

ISA client also allows you to send all traffic to the ISA server even when you are not using SecureNAT (where the client machine's default gateway points to the internal NIC of the ISA server).

What is the control mechanism you have placed in your ISA firewall rules? If you have used named active directory groups, then this restriction should operate assuming that all required users are actually within this group. If you have used the 'All Users' as the limiter then AD is not referenced.

regards
keith
0
 
LVL 1

Author Comment

by:dalva
ID: 16970222
One of the first things I looked at was to make certain all users belonged to the same groups.  I thought perhaps a rule was preventing the fourth PC from passing thru ISA firewall rules because it was not a member in all the needed groups.  Turned out all users had the same groups.

I am not an expert with SBS and ISA.  Is there such a thing as PC's (not users) belonging to certain groups which might cause certain ISA firewall rules to be actived from some PC's and not others?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16970460
Yes there is. If you look in Active directory you will see a OU called computers and another OU along the lines of 'My Business' and in here you will find another computers OU. Check out to see if all four are in the my business\computers OU
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16970470
This is one of the reasons that it is so important to follow the correct process for adding users and computers to SBS. SBS 2003 is not Windows 2003
0
 
LVL 1

Author Comment

by:dalva
ID: 16970759
It won't be until next Friday before I am at that site to follow up on your suggestions.  I'll let you know what I discover.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16970900
No sweat. Have a good weekend.
0
 
LVL 1

Author Comment

by:dalva
ID: 17142476
Keith,
I followed up on your suggestion.  What I saw was the same OU which contained the fourth PC also contained some of the other PC's which are not having the problem.  This leaves the issue still clouded.  I am inclind to believe your suggestion that it is somehow tied to the OU because when we set up the same email account on a good PC it worked.  This seems to point to a PC issue.  I'll be stopping by there again next week.  Any more suggestions otherwise this will have to sit on the back burner until later this summer when I get deep into AD.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1000 total points
ID: 17146660
Have a look at this link; it may clarify things a little.

http://sbsurl.com/itpro

Look at the add user & add computer section. Not saying it applies to you but many people get knocked off their feet when they see how it 'should' be done....
0
 
LVL 1

Author Comment

by:dalva
ID: 17189207
Keith,

Your suggestions and the link to the document really made it clear that SBS 2003 is more than just having Win 2003 Server and Exchange 2003 combined.  SBS management requires a different approach.
Thanks for your assistance.
dalva
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17190323
Excellent. Thanks :)
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month16 days, 5 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question