Solved

Allow peer-to-peer (P2P) file sharing programs with ISA Server 2006

Posted on 2007-11-23
7
2,199 Views
Last Modified: 2011-04-14
Hello
am new to ISA server , How can i  enable "ALLOW" the client to use ISA SERVER 2006 peer-to-peer (P2P) file sharing programs  Like especially "Emule" &Bearshare
the installed Version of ISA is ISA Server 2006 Standard Edition

0
Comment
Question by:ali_alannah
  • 4
  • 2
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340214
Most people install ISA Swerver specifically to stop this sort of traffic - first time i have ever been asked on how to 'allow' it....

open the ISA gui - select monitoring - logging - click on start query
try the connection from a client - what do you see appear in the ISA log window as denied?
make a note of the ports/protocols being denied and let me know.
0
 

Author Comment

by:ali_alannah
ID: 20340300
Hello keith_alabaster,
I know u r surprised for my reques but i just apply this rule for 1 client not all clients , that's all,
about the information u asked here you are
=================================================================================
Action                         I     Rule                      I    Protocol                     I  Destination Port  
=================================================================================
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  4672
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  35711
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  2100
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  50029
-------------------------------------------------------------------------------------------------------------------
I hope u got what u asked
Thanks in advance

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340472
Would have expected it to state udp or tcp also but may be not; its difficult to tell sometimes. Because of that you may need to play a little here.

Open the gui. Select the firewall policy then right-click it and select new - access rule.

Give it a name
Select allow
Select selected protocols - click add
select new - user-defined and add the ports that you want to allow for example
tcp 4672 - 4672
tcp 2100 - 2100
etc
select the new ports you have created for the rule and then finish the access rule - from internal & local host to external in the normal way.
Apply the policy

retest and check the logs again. You will need to fine tune this yourself as I do not know if all of these are tcp or udp or whatever....
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340474
PS - make sure the rule also includes any other ports that may be required for the user such as http, https etc.
0
 

Author Comment

by:ali_alannah
ID: 20343215
Hello: keith_alabaster
I appreciate your help and your patinet , Now i made what u saied but i have exprienced the folowing issue
1- i noticed that i added all port was appearing before and make it allowed but it doesnt work i start logging and i noticed there are NEW destinitaton Port comes in log i write it and add it to the access role as allowed port , but New Port comes !!
2- how do i know that the information in the column "Destination Port"  IS TCP OR UDF ? \

Thanks
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 20343597
because it will tell you in the log line under - right click the log titles and select edit columns and add all so you see all of the log fields.

As I mentioned - most people will not allow this on their network because so many ports need to be open. The software can select many ports and trhey are often not the same each time. On some, such as kazaa, you have to allow all ports fromsomething like 4000 - 6000. This is not good for a firewall......
0
 
LVL 2

Assisted Solution

by:alfalfa6945
alfalfa6945 earned 250 total points
ID: 20344033
Add 4 "user defined" protocols;
eMule TCP outbound 4000-5000
eMule_receive TCP inbound 4000-5000
eMule_udp_out UDP send_receive 4000-5000
eMule_udp_in UDP receive_send 4000-5000

Create a firewall rule called eMule and specify these new protocols in it (rather, "allow" them).

Check your eMule client and make sure in "options"  "connections" your ports for TCP/UDP are in the 4000-5000 range.

If you are using the firewall client, you'll likely have to do this as well;

Configuration/General/Application Settings/   New
Application        eMule
Key                   ServerBindTcpPorts
Value                4000-5000

Then click "New" again and add this;
Apllication         eMule
Key                   RemoteBindUdpPorts
Value                4000-5000

This will get you going, but not with high_id. As Keith touched on, apps like these are NOT recommended for use in a production environment. As you can see, we have to open a ton of ports thereby ripping a gaping hole in the firewall. And this still isn't enough ports, this just "hobbles" you onto their network. But, for what it's worth, you can start downloading with this setup.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question