Solved

How to block video and audio streaming in ISA 2006 but allow downloading video and audio

Posted on 2007-11-17
15
8,884 Views
Last Modified: 2012-08-13
I have an ISA 2006 Front end fire wall on a windows 2003 system. I just want to block only the streaming of video and audio but allow users to download video and audio. I tried many rules on my ISA. Tried to block streaming protocols except http, tried by blocking content types and also tried to block by extensions. All of these rules simply block both streaming and downloading but not only streaming.

Can any one tell me a way around. I know that I can block it by ports but I am not sure which ports are to be blocked.
0
Comment
Question by:Zacharia Kurian
  • 4
  • 3
  • 3
  • +1
15 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20308161
Open the ISA gui.
Select monitoring - logging - click on start query.

make a connection using whatever processes you see fit to download the 'things' you want to block.
What traffic, ports, protocols etc do you see in the log?
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 20311074
I don't think that I would be able to do what I want because when I did the logging I am getting http port 80 which I can't disable.I tried many video streaming and audio too. They all are giving me http port 80!
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 20313813
As far as I know, Microsoft Media Server (MMS) and Real-time streaming protocol (RTSP)  are two of the most popular protocols/services used for streaming Audio/Video over the Internet.
ISA Server 2006 includes filters for regulating both these protocols.

You may find the following useful:
http://www.microsoft.com/technet/isa/2006/application_filters.mspx
http://download.microsoft.com/download/7/a/d/7ad19879-0ca9-4541-890b-8c07887e02ae/ISA2004SE_wp_appfiltering.doc

Hope this helps. Comments/Suggestions/Corrections welcome.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20583954
The asker has not responded to either section really. Drilling down into the monitor log shows the agent string being used by the applications. Of course they use port 80 - however, each application as a user agent (also known as an application signature) that will identify the flow. This is what is used to block the traffic.

Saran has also alluded to the option with his/her post also.

Not fussed on whether the question is closed or not but would agree on a delete -no-refund based on the asker responses so far. This is a common question and we know the solution works.

Keith
0
 
LVL 9

Accepted Solution

by:
Zacharia Kurian earned 0 total points
ID: 20588646
I found a better solution by installing GFI web monitor on my ISA 2006. I bought the software and now I can allow/block the streaming based on the User Account. I waited for a long time to get response to my last post and in desperate need I contacted the GFI and they gave me a solution. So I want this question to be closed and refund the points.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 12

Expert Comment

by:sarangk_14
ID: 20588685
After seeing Zackur's comment, I would agree with keith as well.
As far as the comments are concerned, I had provided specific documents advising how to do things, and would like to point out that it was Zackur and not us who did not respond.

I would like to reiterate my stand that the question can be closed but would agree on a delete -no-refund based on the asker responses so far.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 20589026
In the ISA related questions so far I found useful suggestions from keith_alabaster.

I did responded to most of his reviews and answers mostly in the ISA related doubts. Sometime I am sure that all of us do miss a response to some of the reviews/answers you get. This is what happened to me too.

At the same time "a rule is a rule" no matter what was the situation or the disposition of the user. So if you experts feel that my question has to be closed with out refunding- go ahead. I have no objection to it.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20589303
Personal view - if the answer to the question, in this instance, is that you have installed GFI and job done then thats fine.  

Zackur, all we ask is that you respond to the posts made - if this was a valid oversight on your side then so be it, but lets try to keep those to a minimum. I note from your question history that you have quite a few open questions including a number that I closed for you myself due to non-response. What we do not want to end up with is a position whereby we don't even bother responding to your questions when they are posted as we assume the question will never complete.

Lets use this as a wake-up call - If the installation of GFI is your working solution then lets paq - refund in this case but I would hope not to see a repeat position ever again.

Keith
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 20589318
I'll second that.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 20775078
just delete the question with out refunding my points
0
 
LVL 1

Expert Comment

by:Vee_Mod
ID: 20780627
Closed, 125 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now