[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2298
  • Last Modified:

Allow peer-to-peer (P2P) file sharing programs with ISA Server 2006

Hello
am new to ISA server , How can i  enable "ALLOW" the client to use ISA SERVER 2006 peer-to-peer (P2P) file sharing programs  Like especially "Emule" &Bearshare
the installed Version of ISA is ISA Server 2006 Standard Edition

0
ali_alannah
Asked:
ali_alannah
  • 4
  • 2
2 Solutions
 
Keith AlabasterCommented:
Most people install ISA Swerver specifically to stop this sort of traffic - first time i have ever been asked on how to 'allow' it....

open the ISA gui - select monitoring - logging - click on start query
try the connection from a client - what do you see appear in the ISA log window as denied?
make a note of the ports/protocols being denied and let me know.
0
 
ali_alannahAuthor Commented:
Hello keith_alabaster,
I know u r surprised for my reques but i just apply this rule for 1 client not all clients , that's all,
about the information u asked here you are
=================================================================================
Action                         I     Rule                      I    Protocol                     I  Destination Port  
=================================================================================
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  4672
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  35711
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  2100
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  50029
-------------------------------------------------------------------------------------------------------------------
I hope u got what u asked
Thanks in advance

0
 
Keith AlabasterCommented:
Would have expected it to state udp or tcp also but may be not; its difficult to tell sometimes. Because of that you may need to play a little here.

Open the gui. Select the firewall policy then right-click it and select new - access rule.

Give it a name
Select allow
Select selected protocols - click add
select new - user-defined and add the ports that you want to allow for example
tcp 4672 - 4672
tcp 2100 - 2100
etc
select the new ports you have created for the rule and then finish the access rule - from internal & local host to external in the normal way.
Apply the policy

retest and check the logs again. You will need to fine tune this yourself as I do not know if all of these are tcp or udp or whatever....
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
Keith AlabasterCommented:
PS - make sure the rule also includes any other ports that may be required for the user such as http, https etc.
0
 
ali_alannahAuthor Commented:
Hello: keith_alabaster
I appreciate your help and your patinet , Now i made what u saied but i have exprienced the folowing issue
1- i noticed that i added all port was appearing before and make it allowed but it doesnt work i start logging and i noticed there are NEW destinitaton Port comes in log i write it and add it to the access role as allowed port , but New Port comes !!
2- how do i know that the information in the column "Destination Port"  IS TCP OR UDF ? \

Thanks
0
 
Keith AlabasterCommented:
because it will tell you in the log line under - right click the log titles and select edit columns and add all so you see all of the log fields.

As I mentioned - most people will not allow this on their network because so many ports need to be open. The software can select many ports and trhey are often not the same each time. On some, such as kazaa, you have to allow all ports fromsomething like 4000 - 6000. This is not good for a firewall......
0
 
alfalfa6945Commented:
Add 4 "user defined" protocols;
eMule TCP outbound 4000-5000
eMule_receive TCP inbound 4000-5000
eMule_udp_out UDP send_receive 4000-5000
eMule_udp_in UDP receive_send 4000-5000

Create a firewall rule called eMule and specify these new protocols in it (rather, "allow" them).

Check your eMule client and make sure in "options"  "connections" your ports for TCP/UDP are in the 4000-5000 range.

If you are using the firewall client, you'll likely have to do this as well;

Configuration/General/Application Settings/   New
Application        eMule
Key                   ServerBindTcpPorts
Value                4000-5000

Then click "New" again and add this;
Apllication         eMule
Key                   RemoteBindUdpPorts
Value                4000-5000

This will get you going, but not with high_id. As Keith touched on, apps like these are NOT recommended for use in a production environment. As you can see, we have to open a ton of ports thereby ripping a gaping hole in the firewall. And this still isn't enough ports, this just "hobbles" you onto their network. But, for what it's worth, you can start downloading with this setup.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now