Solved

Allow peer-to-peer (P2P) file sharing programs with ISA Server 2006

Posted on 2007-11-23
7
2,183 Views
Last Modified: 2011-04-14
Hello
am new to ISA server , How can i  enable "ALLOW" the client to use ISA SERVER 2006 peer-to-peer (P2P) file sharing programs  Like especially "Emule" &Bearshare
the installed Version of ISA is ISA Server 2006 Standard Edition

0
Comment
Question by:ali_alannah
  • 4
  • 2
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340214
Most people install ISA Swerver specifically to stop this sort of traffic - first time i have ever been asked on how to 'allow' it....

open the ISA gui - select monitoring - logging - click on start query
try the connection from a client - what do you see appear in the ISA log window as denied?
make a note of the ports/protocols being denied and let me know.
0
 

Author Comment

by:ali_alannah
ID: 20340300
Hello keith_alabaster,
I know u r surprised for my reques but i just apply this rule for 1 client not all clients , that's all,
about the information u asked here you are
=================================================================================
Action                         I     Rule                      I    Protocol                     I  Destination Port  
=================================================================================
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  4672
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  35711
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  2100
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  50029
-------------------------------------------------------------------------------------------------------------------
I hope u got what u asked
Thanks in advance

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340472
Would have expected it to state udp or tcp also but may be not; its difficult to tell sometimes. Because of that you may need to play a little here.

Open the gui. Select the firewall policy then right-click it and select new - access rule.

Give it a name
Select allow
Select selected protocols - click add
select new - user-defined and add the ports that you want to allow for example
tcp 4672 - 4672
tcp 2100 - 2100
etc
select the new ports you have created for the rule and then finish the access rule - from internal & local host to external in the normal way.
Apply the policy

retest and check the logs again. You will need to fine tune this yourself as I do not know if all of these are tcp or udp or whatever....
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340474
PS - make sure the rule also includes any other ports that may be required for the user such as http, https etc.
0
 

Author Comment

by:ali_alannah
ID: 20343215
Hello: keith_alabaster
I appreciate your help and your patinet , Now i made what u saied but i have exprienced the folowing issue
1- i noticed that i added all port was appearing before and make it allowed but it doesnt work i start logging and i noticed there are NEW destinitaton Port comes in log i write it and add it to the access role as allowed port , but New Port comes !!
2- how do i know that the information in the column "Destination Port"  IS TCP OR UDF ? \

Thanks
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 20343597
because it will tell you in the log line under - right click the log titles and select edit columns and add all so you see all of the log fields.

As I mentioned - most people will not allow this on their network because so many ports need to be open. The software can select many ports and trhey are often not the same each time. On some, such as kazaa, you have to allow all ports fromsomething like 4000 - 6000. This is not good for a firewall......
0
 
LVL 2

Assisted Solution

by:alfalfa6945
alfalfa6945 earned 250 total points
ID: 20344033
Add 4 "user defined" protocols;
eMule TCP outbound 4000-5000
eMule_receive TCP inbound 4000-5000
eMule_udp_out UDP send_receive 4000-5000
eMule_udp_in UDP receive_send 4000-5000

Create a firewall rule called eMule and specify these new protocols in it (rather, "allow" them).

Check your eMule client and make sure in "options"  "connections" your ports for TCP/UDP are in the 4000-5000 range.

If you are using the firewall client, you'll likely have to do this as well;

Configuration/General/Application Settings/   New
Application        eMule
Key                   ServerBindTcpPorts
Value                4000-5000

Then click "New" again and add this;
Apllication         eMule
Key                   RemoteBindUdpPorts
Value                4000-5000

This will get you going, but not with high_id. As Keith touched on, apps like these are NOT recommended for use in a production environment. As you can see, we have to open a ton of ports thereby ripping a gaping hole in the firewall. And this still isn't enough ports, this just "hobbles" you onto their network. But, for what it's worth, you can start downloading with this setup.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now