Solved

ISA 2006 Ignores Publish rules

Posted on 2008-10-08
15
1,060 Views
Last Modified: 2012-05-05
Hi
I have ISA 2006, and I successfully published both OWA and Activesync , now when I tried to Publish POP3 server and try to access the published server from outside but it fails and when I checked the log it seams that ISA server ignores the publishing rule and forward the request to the last deny rule.
I configured my Exchange server to have its default gateway the ISA server internal NIC.

any help about this
0
Comment
Question by:emiahmad
  • 7
  • 7
15 Comments
 
LVL 11

Assisted Solution

by:EricTViking
EricTViking earned 100 total points
ID: 22667961
Sounds like incoming POP3 traffic isn't matching with your POP3 rule.

What POP3 rule are you using?
0
 

Author Comment

by:emiahmad
ID: 22668392
I used the wizard to creat mail publishing rule and select client access , POP3 as a protocol
the destination is the internal IP address of Exchange server and the Network/Listener I select External
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22668442
Did you use "POP3 Server" as your protocol?

POP3 is outbound traffic
POP3 Server is inbound traffic.

You need to allow inbound.
0
 

Author Comment

by:emiahmad
ID: 22668501
Yes I used POP3 Server as a Protocol
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22672344
That's good. To confirm this your POP3 rule is somthing like Allow, POP3 Server, from Anywhere to x.x.x.x, for network External. Where x.x.x.x is your Exchange server IP address?

What happens if you move your POP3 rule to the top of you firewall policy rule list?

And are you  running Anti-Virus software on your ISA server that might be interfering with (filtering) POP3 traffic?
0
 

Author Comment

by:emiahmad
ID: 22676251
Yes that is exactly the configuration , and there is no Antivirus of endpoint protection installed in ISA.
also I tried to move the rule to the top of the rule list and got the same result.
I noticed that when a POP3 traffic comes to the ISA it interprets it as it distened from External Network as a source to the local host as a destination.
I attached a screen shoot showing the log
ISA-Log.JPG
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22676358
What happens if you change the 'From Anywhere' in your rule to 'From External'?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:emiahmad
ID: 22676575
I also tried this and got the same result , strange right ?!
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22681097
Yes, very strange - the incoming POP3 traffic is definitely not matching with your allow POP3 rule!

Can you try to dsiable the POP Intrusion filter on your POP3 firewall rule? (Double click POP3 Server protocol on your firewall rule -> Parameters tab -> Application Filters).
0
 

Author Comment

by:emiahmad
ID: 22681445
I also tried this and got the same result , I'll get mad :-)
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22681560
How about, create a new firewall rule (not a publishing rule), Allow, Selected Protocols (POP3 Server), from External, to Localhost & Internal for all users. Put it at the top of your rule list and see if incoming POP3 traffic still gets bounced by the default rule.
0
 

Author Comment

by:emiahmad
ID: 22692925
I tried also and got the same result
0
 
LVL 11

Expert Comment

by:EricTViking
ID: 22693555
In your screenshot, is the destination IP in your internal network?

And have you tried disabling the bandwidth splitter?
0
 

Accepted Solution

by:
emiahmad earned 0 total points
ID: 22693603
I got it , it was not the bandwidth splitter , I found that the customer created a Network Rule to route traffic from External to Internal and when I disable it all things go right.
thank you anyway for your cooperation and you deserve the point
0
 
LVL 1

Expert Comment

by:BrendanKing
ID: 25030865
I'm having the same issue trying to redirect port 3391 externally to 3389 internally - the policy is there but is getting ignored and the default rule is applying and denying.
Network rules do not have an external to internal route rule.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now