Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Firewall Rule UDP - what is send/receive and such?

Posted on 2008-10-29
6
Medium Priority
?
1,701 Views
Last Modified: 2013-11-29
When creating an access rule for a firewall, UDP traffic can be specified as Send, Receive, Send/Receive or Receive/Send. Can someone provide or reference the definition of each, and how to select the right one for a given access rule?
0
Comment
Question by:Vadim Rapp
  • 3
  • 3
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22838642
Hey mate - your on the wrong side of the table aren't you?  lol

Bear in mind that UDP is a connectionless protocol, so unlike tcp which has the three-way handshake to establish communications, udp has to have a different method of working.

For ISAS rules, it operates from the standpoint that you are sitting inside the ISA server.....
for  example.

send is outbound from inside to external
receive is from external to internal
however, send is ALSO inbound OR outbound when the source is ISA itself.
receive is ALSO inbound OR outbound when the destination is ISA itself.

the send/receive  and receive/send are exactly the same as above but allow a response to return back through the filters.

Hope that clarifies a little?

Keith
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 22839770
> the send/receive  and receive/send are exactly the same as above but allow a response to return back through the filters.
if it's connectionless, how does it know it's the response? maybe just timing coincidence?
0
 
LVL 40

Author Comment

by:Vadim Rapp
ID: 22839785
however, send is ALSO inbound OR outbound when the source is ISA itself.receive is ALSO inbound OR outbound when the destination is ISA itself.

Didn't quite follow this one, could you clarify a little, maybe with example.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 22843664
Although it is connectionless - ISA still makes a session so records that it has had an outbound or inbound request

For your second query, if the traffic is flowing between internal to external OR external to internal it passes 'through' the ISA interfaces from one area to the other.

However, what if the udp traffic is actually coming FROM the ISA server itself  ie localhost?

It would not matter if ISA was sending the traffic internally or if ISA sent it externally, in each case the localhost (ISA) is SENDING the traffic. Likewise, if the recipient of the UDP traffic was the ISA ITSELF, regardless of whether the traffic was coming from the internal interface OR the external interface, ISA/localhost would be RECEIVING the udp traffic.
0
 
LVL 40

Author Closing Comment

by:Vadim Rapp
ID: 31511248
Thanks, I see.

Re. being on the wrong side of the table - I guess EE's intent was exactly the _exchange_, rather than assisting the illiterate...
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22843931
lol - hardly. Just used to seeing you answering questions rather than asking them :)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month11 days, 2 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question