• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1056
  • Last Modified:

I made a mistake by going with ISA 2006 - port 80 Denied Connection

I have committed to ISA2006 and have had one problem after another.  I am asking about two policies, the first is my Internet Access policy.  To me it looks like it should allow me to open a web page, but it is not triggered and I get a Denied Connection from the next policy Default rule.  The Internet Access policy reads:

Order  Name             Action  Protocols             From/Listener  To        Condition
14     Internet Access  Allow   All Outbound Traffic  Internal,      External  All Users
                                                      Local Host
The Logging screen shows:
Log Time    Dest IP               Dest Port  Protocol   Action                      Rule              Client IP  
Client Username   Source   Dest
8/8/07 5:57 209.73.189.69  80             HTTP                                                             192.168.1.x
                            External  External
8/8/07 5:58 209.73.189.69  80             HTTP        Denied Connection  Default rule  192.168.1.x
                            External External
 
The second is my DNS policy (Allow DNS).  The action says Initiated Connection, but my nslookup times out.  The policy reads:

Order  Name                  Action  Protocols                    From/Listener  To           Condition
14       Internet Access  Allow   All Outbound Traffic  Internal,            External  All Users
                                                                                     Local Host
The Logging screen shows:
Log Time    Dest IP                 Dest Port  Protocol   Action                       Rule             Client IP  
Client Username   Source    Dest
8/8/07 6:55 216.140.16.254  53             DNS         Initiated Connection  Allow DNS   192.168.1.y
                             External  External
8/8/07 6:55 216.140.17.254  53             DNS         Initiated Connection  Allow DNS   192.168.1.y
                            External External

As I write this I see that for the DNS policy the Source and Destination Networks are both External.  Is that an fundamental problem?  Why would it be saying External/External?
Any other ideas?  Thanks.

0
danorme
Asked:
danorme
  • 2
1 Solution
 
Keith AlabasterCommented:
I doubt you have made a mistake going with ISA Server as it is the best firewall/proxy server available. The mistake you may have made is in thinking it is just a stick the cd in the drive and away you go. ISA is a specialist product.

You have not identified whether you are running ISA as a firewall/proxy or just proxy?
You do not state either what the overall aims are of the configuration?

Assuming it is a firewall as well, then I would expect to see the following types of rule as a starting point:

An outbound rule to allow the 'normal types of traffic to the internet
1. allow smtp,dns, from internal to external
2. allow http, https, ftp from internal to external
3. Allow http, https from local host to external
4. allow all outbound protocols from internal & local host TO internal & local host
..
.. Your publishing rules to allow inbound access to mail servers, web servers, remote desktop etc etc
..
10. default rule deny everything
0
 
danormeAuthor Commented:
Thanks.  I reinstalled the OS and ISA and used your policies as a starting point.  Works good now.
0
 
Keith AlabasterCommented:
Thank you :)
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now