Solved

How to block video and audio streaming in ISA 2006 but allow downloading video and audio

Posted on 2007-11-17
15
8,859 Views
Last Modified: 2012-08-13
I have an ISA 2006 Front end fire wall on a windows 2003 system. I just want to block only the streaming of video and audio but allow users to download video and audio. I tried many rules on my ISA. Tried to block streaming protocols except http, tried by blocking content types and also tried to block by extensions. All of these rules simply block both streaming and downloading but not only streaming.

Can any one tell me a way around. I know that I can block it by ports but I am not sure which ports are to be blocked.
0
Comment
Question by:Zacharia Kurian
  • 4
  • 3
  • 3
  • +1
15 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20308161
Open the ISA gui.
Select monitoring - logging - click on start query.

make a connection using whatever processes you see fit to download the 'things' you want to block.
What traffic, ports, protocols etc do you see in the log?
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 20311074
I don't think that I would be able to do what I want because when I did the logging I am getting http port 80 which I can't disable.I tried many video streaming and audio too. They all are giving me http port 80!
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 20313813
As far as I know, Microsoft Media Server (MMS) and Real-time streaming protocol (RTSP)  are two of the most popular protocols/services used for streaming Audio/Video over the Internet.
ISA Server 2006 includes filters for regulating both these protocols.

You may find the following useful:
http://www.microsoft.com/technet/isa/2006/application_filters.mspx
http://download.microsoft.com/download/7/a/d/7ad19879-0ca9-4541-890b-8c07887e02ae/ISA2004SE_wp_appfiltering.doc

Hope this helps. Comments/Suggestions/Corrections welcome.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20583954
The asker has not responded to either section really. Drilling down into the monitor log shows the agent string being used by the applications. Of course they use port 80 - however, each application as a user agent (also known as an application signature) that will identify the flow. This is what is used to block the traffic.

Saran has also alluded to the option with his/her post also.

Not fussed on whether the question is closed or not but would agree on a delete -no-refund based on the asker responses so far. This is a common question and we know the solution works.

Keith
0
 
LVL 9

Accepted Solution

by:
Zacharia Kurian earned 0 total points
ID: 20588646
I found a better solution by installing GFI web monitor on my ISA 2006. I bought the software and now I can allow/block the streaming based on the User Account. I waited for a long time to get response to my last post and in desperate need I contacted the GFI and they gave me a solution. So I want this question to be closed and refund the points.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 12

Expert Comment

by:sarangk_14
ID: 20588685
After seeing Zackur's comment, I would agree with keith as well.
As far as the comments are concerned, I had provided specific documents advising how to do things, and would like to point out that it was Zackur and not us who did not respond.

I would like to reiterate my stand that the question can be closed but would agree on a delete -no-refund based on the asker responses so far.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 20589026
In the ISA related questions so far I found useful suggestions from keith_alabaster.

I did responded to most of his reviews and answers mostly in the ISA related doubts. Sometime I am sure that all of us do miss a response to some of the reviews/answers you get. This is what happened to me too.

At the same time "a rule is a rule" no matter what was the situation or the disposition of the user. So if you experts feel that my question has to be closed with out refunding- go ahead. I have no objection to it.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20589303
Personal view - if the answer to the question, in this instance, is that you have installed GFI and job done then thats fine.  

Zackur, all we ask is that you respond to the posts made - if this was a valid oversight on your side then so be it, but lets try to keep those to a minimum. I note from your question history that you have quite a few open questions including a number that I closed for you myself due to non-response. What we do not want to end up with is a position whereby we don't even bother responding to your questions when they are posted as we assume the question will never complete.

Lets use this as a wake-up call - If the installation of GFI is your working solution then lets paq - refund in this case but I would hope not to see a repeat position ever again.

Keith
0
 
LVL 12

Expert Comment

by:sarangk_14
ID: 20589318
I'll second that.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 20775078
just delete the question with out refunding my points
0
 
LVL 1

Expert Comment

by:Vee_Mod
ID: 20780627
Closed, 125 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now