Solved

Firewall Rule UDP - what is send/receive and such?

Posted on 2008-10-29
6
1,626 Views
Last Modified: 2013-11-29
When creating an access rule for a firewall, UDP traffic can be specified as Send, Receive, Send/Receive or Receive/Send. Can someone provide or reference the definition of each, and how to select the right one for a given access rule?
0
Comment
Question by:Vadim Rapp
  • 3
  • 3
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22838642
Hey mate - your on the wrong side of the table aren't you?  lol

Bear in mind that UDP is a connectionless protocol, so unlike tcp which has the three-way handshake to establish communications, udp has to have a different method of working.

For ISAS rules, it operates from the standpoint that you are sitting inside the ISA server.....
for  example.

send is outbound from inside to external
receive is from external to internal
however, send is ALSO inbound OR outbound when the source is ISA itself.
receive is ALSO inbound OR outbound when the destination is ISA itself.

the send/receive  and receive/send are exactly the same as above but allow a response to return back through the filters.

Hope that clarifies a little?

Keith
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 22839770
> the send/receive  and receive/send are exactly the same as above but allow a response to return back through the filters.
if it's connectionless, how does it know it's the response? maybe just timing coincidence?
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 22839785
however, send is ALSO inbound OR outbound when the source is ISA itself.receive is ALSO inbound OR outbound when the destination is ISA itself.

Didn't quite follow this one, could you clarify a little, maybe with example.
0
Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22843664
Although it is connectionless - ISA still makes a session so records that it has had an outbound or inbound request

For your second query, if the traffic is flowing between internal to external OR external to internal it passes 'through' the ISA interfaces from one area to the other.

However, what if the udp traffic is actually coming FROM the ISA server itself  ie localhost?

It would not matter if ISA was sending the traffic internally or if ISA sent it externally, in each case the localhost (ISA) is SENDING the traffic. Likewise, if the recipient of the UDP traffic was the ISA ITSELF, regardless of whether the traffic was coming from the internal interface OR the external interface, ISA/localhost would be RECEIVING the udp traffic.
0
 
LVL 40

Author Closing Comment

by:Vadim Rapp
ID: 31511248
Thanks, I see.

Re. being on the wrong side of the table - I guess EE's intent was exactly the _exchange_, rather than assisting the illiterate...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22843931
lol - hardly. Just used to seeing you answering questions rather than asking them :)
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Understanding TLS version that is sent in a Client Hello message 1 80
Create remote access home server 4 95
OSPF Design NSSA 5 55
EIGRP on point-to-point vlan 14 65
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now