Solved

Allow peer-to-peer (P2P) file sharing programs with ISA Server 2006

Posted on 2007-11-23
7
2,163 Views
Last Modified: 2011-04-14
Hello
am new to ISA server , How can i  enable "ALLOW" the client to use ISA SERVER 2006 peer-to-peer (P2P) file sharing programs  Like especially "Emule" &Bearshare
the installed Version of ISA is ISA Server 2006 Standard Edition

0
Comment
Question by:ali_alannah
  • 4
  • 2
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340214
Most people install ISA Swerver specifically to stop this sort of traffic - first time i have ever been asked on how to 'allow' it....

open the ISA gui - select monitoring - logging - click on start query
try the connection from a client - what do you see appear in the ISA log window as denied?
make a note of the ports/protocols being denied and let me know.
0
 

Author Comment

by:ali_alannah
ID: 20340300
Hello keith_alabaster,
I know u r surprised for my reques but i just apply this rule for 1 client not all clients , that's all,
about the information u asked here you are
=================================================================================
Action                         I     Rule                      I    Protocol                     I  Destination Port  
=================================================================================
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  4672
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  35711
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  2100
Denied Connection      I   Default Rule           I   Undefined Ip Traffic   I  50029
-------------------------------------------------------------------------------------------------------------------
I hope u got what u asked
Thanks in advance

0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340472
Would have expected it to state udp or tcp also but may be not; its difficult to tell sometimes. Because of that you may need to play a little here.

Open the gui. Select the firewall policy then right-click it and select new - access rule.

Give it a name
Select allow
Select selected protocols - click add
select new - user-defined and add the ports that you want to allow for example
tcp 4672 - 4672
tcp 2100 - 2100
etc
select the new ports you have created for the rule and then finish the access rule - from internal & local host to external in the normal way.
Apply the policy

retest and check the logs again. You will need to fine tune this yourself as I do not know if all of these are tcp or udp or whatever....
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 20340474
PS - make sure the rule also includes any other ports that may be required for the user such as http, https etc.
0
 

Author Comment

by:ali_alannah
ID: 20343215
Hello: keith_alabaster
I appreciate your help and your patinet , Now i made what u saied but i have exprienced the folowing issue
1- i noticed that i added all port was appearing before and make it allowed but it doesnt work i start logging and i noticed there are NEW destinitaton Port comes in log i write it and add it to the access role as allowed port , but New Port comes !!
2- how do i know that the information in the column "Destination Port"  IS TCP OR UDF ? \

Thanks
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 20343597
because it will tell you in the log line under - right click the log titles and select edit columns and add all so you see all of the log fields.

As I mentioned - most people will not allow this on their network because so many ports need to be open. The software can select many ports and trhey are often not the same each time. On some, such as kazaa, you have to allow all ports fromsomething like 4000 - 6000. This is not good for a firewall......
0
 
LVL 2

Assisted Solution

by:alfalfa6945
alfalfa6945 earned 250 total points
ID: 20344033
Add 4 "user defined" protocols;
eMule TCP outbound 4000-5000
eMule_receive TCP inbound 4000-5000
eMule_udp_out UDP send_receive 4000-5000
eMule_udp_in UDP receive_send 4000-5000

Create a firewall rule called eMule and specify these new protocols in it (rather, "allow" them).

Check your eMule client and make sure in "options"  "connections" your ports for TCP/UDP are in the 4000-5000 range.

If you are using the firewall client, you'll likely have to do this as well;

Configuration/General/Application Settings/   New
Application        eMule
Key                   ServerBindTcpPorts
Value                4000-5000

Then click "New" again and add this;
Apllication         eMule
Key                   RemoteBindUdpPorts
Value                4000-5000

This will get you going, but not with high_id. As Keith touched on, apps like these are NOT recommended for use in a production environment. As you can see, we have to open a ton of ports thereby ripping a gaping hole in the firewall. And this still isn't enough ports, this just "hobbles" you onto their network. But, for what it's worth, you can start downloading with this setup.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now