?
Solved

Allow peer-to-peer (P2P) file sharing programs with ISA Server 2006

Posted on 2007-11-23
7
Medium Priority
?
2,277 Views
Last Modified: 2011-04-14
Hello
am new to ISA server , How can i  enable "ALLOW" the client to use ISA SERVER 2006 peer-to-peer (P2P) file sharing programs  Like especially "Emule" &Bearshare
the installed Version of ISA is ISA Server 2006 Standard Edition

0
Comment
Question by:ali_alannah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340214
Most people install ISA Swerver specifically to stop this sort of traffic - first time i have ever been asked on how to 'allow' it....

open the ISA gui - select monitoring - logging - click on start query
try the connection from a client - what do you see appear in the ISA log window as denied?
make a note of the ports/protocols being denied and let me know.
0
 

Author Comment

by:ali_alannah
ID: 20340300
Hello keith_alabaster,
I know u r surprised for my reques but i just apply this rule for 1 client not all clients , that's all,
about the information u asked here you are
=================================================================================
Action                         I     Rule                      I    Protocol                     I  Destination Port  
=================================================================================
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  4672
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  35711
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  2100
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  50029
-------------------------------------------------------------------------------------------------------------------
I hope u got what u asked
Thanks in advance

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340472
Would have expected it to state udp or tcp also but may be not; its difficult to tell sometimes. Because of that you may need to play a little here.

Open the gui. Select the firewall policy then right-click it and select new - access rule.

Give it a name
Select allow
Select selected protocols - click add
select new - user-defined and add the ports that you want to allow for example
tcp 4672 - 4672
tcp 2100 - 2100
etc
select the new ports you have created for the rule and then finish the access rule - from internal & local host to external in the normal way.
Apply the policy

retest and check the logs again. You will need to fine tune this yourself as I do not know if all of these are tcp or udp or whatever....
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340474
PS - make sure the rule also includes any other ports that may be required for the user such as http, https etc.
0
 

Author Comment

by:ali_alannah
ID: 20343215
Hello: keith_alabaster
I appreciate your help and your patinet , Now i made what u saied but i have exprienced the folowing issue
1- i noticed that i added all port was appearing before and make it allowed but it doesnt work i start logging and i noticed there are NEW destinitaton Port comes in log i write it and add it to the access role as allowed port , but New Port comes !!
2- how do i know that the information in the column "Destination Port"  IS TCP OR UDF ? \

Thanks
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 750 total points
ID: 20343597
because it will tell you in the log line under - right click the log titles and select edit columns and add all so you see all of the log fields.

As I mentioned - most people will not allow this on their network because so many ports need to be open. The software can select many ports and trhey are often not the same each time. On some, such as kazaa, you have to allow all ports fromsomething like 4000 - 6000. This is not good for a firewall......
0
 
LVL 2

Assisted Solution

by:alfalfa6945
alfalfa6945 earned 750 total points
ID: 20344033
Add 4 "user defined" protocols;
eMule TCP outbound 4000-5000
eMule_receive TCP inbound 4000-5000
eMule_udp_out UDP send_receive 4000-5000
eMule_udp_in UDP receive_send 4000-5000

Create a firewall rule called eMule and specify these new protocols in it (rather, "allow" them).

Check your eMule client and make sure in "options"  "connections" your ports for TCP/UDP are in the 4000-5000 range.

If you are using the firewall client, you'll likely have to do this as well;

Configuration/General/Application Settings/   New
Application        eMule
Key                   ServerBindTcpPorts
Value                4000-5000

Then click "New" again and add this;
Apllication         eMule
Key                   RemoteBindUdpPorts
Value                4000-5000

This will get you going, but not with high_id. As Keith touched on, apps like these are NOT recommended for use in a production environment. As you can see, we have to open a ton of ports thereby ripping a gaping hole in the firewall. And this still isn't enough ports, this just "hobbles" you onto their network. But, for what it's worth, you can start downloading with this setup.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question