How can i open a port in ISA 2006 for an Application that wana connect to outside sites

Hi,
I have a scenario where A new library system applications need to access the outside sites on ports which are by default not open in ISA 2006.

Please tell me how to open those ports? how to create that policy ?
Amir4uAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hisham_ElkouhaCommented:
Create new Access Rule , and when it asks you about what protocols you want to open , click on Ports Button and select what ports you want to enable.

Good Luck
0
Keith AlabasterEnterprise ArchitectCommented:
What port numbers and what protocols? If the protocol is https, for example, you will need to add the additional port numbers through the port range extender.
0
Amir4uAuthor Commented:
thanx guys for the response. port 7090 is required to be open for a online library website.  So shall I add protocols any ?  or just enter the port(s) ?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Keith AlabasterEnterprise ArchitectCommented:
so is that via straight tcp calls or through https?

lets assume it is a normal tcp port.
open the gui - right-click the firewall policy on the left and select new - access rule
Give it a name, select allow
on the protocols, click add - click new
create a new protocol and give it the start and stop port number - in this case outbound 7090 - 7090 tcp, follow the rest of the wizard and select no to secondary connections then end that part of the wizard.

Now in the selected protocols, select the new protocol you just created - you'll find it in the user-defined section.
In the from box select internal and - if you want it it - from localhost
In the To box select external
In the users, select either ALL Users or - if the app is designed to carry user credentials, select an ad group or authenticated users. The likelihood is you will need to select All users.
Finish the wizard and apply.
Job done
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
As an aside, make sure this rule is above any deny rules.....
0
Amir4uAuthor Commented:
Hi Keith,

thanx for your reply,

I added the port ....shall i also add the url to which this port is suppose to contact.

After adding this rule i am testing if it is working or not.

Is this the correct way to test it?

telnet - url - 7090 ?

if this is correct then it is not telneting still to the port....
0
Amir4uAuthor Commented:
well the full url to which this port shud open is

telnet ****.loc.gov 7090

so should I add something in the policy also about this url ?
0
Keith AlabasterEnterprise ArchitectCommented:
If you use the telnet command to test the connection then you should just get back a black screen with a flashing cursor
0
Amir4uAuthor Commented:
it is working when i telnet the ipaddress and port of the url but it is still not working wen i telnet with the actual url and port ....is there any configuration problem ? why by IP and why not by name ?
0
Keith AlabasterEnterprise ArchitectCommented:
hang on - you need to sort out your terminiology here. A URL is not a 'Name' or ip address, it is a name AND a location within a structure. Telnet deals with a host name or an ip address and a particular port. Therefore Telnet can prove whether the host is available and listening on the specific port number specified.

Telnet cannot tell you whether the web service is running on that port number on that host. Telnet definitely cannot tell you whether that URL is available or even exists.

That is what the web browser does - on the assumption that the host allows access through its firewalls.
0
Keith AlabasterEnterprise ArchitectCommented:
thanks :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.