We help IT Professionals succeed at work.

ISA 2006 and Ports

Arabsoft_AD
Arabsoft_AD used Ask the Experts™
on
I have ISA 2006 and i want to open a port from our network for our DVR to send traffic and receive traffic from outside, the ports are 7000 to 7000 and 7001 to 7001 and the IP address is 192.168.10.223 and 192.168.10.224.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Ok, you will need to identify the mentioned ports for outbound and inbound firstly as a custom ports and then create a custom Address range for your servers as follow:


outbound ports:

Go to firewall policy------>open Toolbox tab in the right pane---->Open Protocols---->Select New---->choose protocol----->Define a name for the new custom protocol such as DVR_ SEND_PORTS then press next----->New-->Choose protocol type ( TCP or UDP ) and choose the direction to be outbound and the port range from 7000 to 7001---->then next and ok to close the wizard.

inbound ports:

Go to firewall policy------>open Toolbox tab in the right pane---->Open Protocols---->Select New---->choose protocol----->Define a name for the new custom protocol such as DVR_ RECEIVE_PORTS then press next----->New-->Choose protocol type ( TCP or UDP ) and choose the direction to be inboundand the port range from 7000 to 7001---->then next and ok to close the wizard.

Custom Address Range:


Go to firewall policy------>open Toolbox tab in the right pane---->Open Network objects---->Select New---->choose Address Range  ----->Define a name for the new custom Address Range such as DVR_ Computers then put your address range----->Now press ok and close the wizard.

Now you have to create a new access rules using the new ports and address range as follow:

Go to firewall policy------>open Tasks tab in the right pane----> Select Create Access Rule---->Define  a name for it---->choose Allow  ----->Now you will choose the ports that you have created before----->Choose selected protocols and click add------> Select User Defined and then add your DVR ports----->Next----> Add your server range which have been created before and external -------->press next ----> add again external and your DVR address range.

Now press next and then apply the new settings Then test your DVR servers.

Regards,
MKhairy



Mohamed KhairyEnterprise Solutions Architect

Commented:
Dear Arabsoft_AD,

If the previous solution is succesfuly works for you, please assign the points to my avvont because the other account is shared between my corporate colleagues.

Thank You,
MKhairy
You also have to make sure that the network relationship is not NAT for it to work in mkhairy's way.

Unless by outside you mean the internet. Then it has  to be NAT and you will have to publish the two DVR's IPs.
Keith AlabasterEnterprise Architect
Top Expert 2008

Commented:
No offence but none of the above is likely to work as there is nowhere near enough information.
What protocol is being used - as the dvr needs to talk to external devices, it is likely to be tcp traffic rather than udp and using the https on the assumption that it needs to be secure. If it IS https then ports 7000 and 7001 are not supported by default within ISA Server and the ISA Tunnel Port Range Extender utility will be required. You can get it directly from the www.isatools.org web site if this is the case, courtesy of Jim Harrison. http://www.isatools.org/tools.asp?Context=ISA2006

If you can give some more fulsome information on what the requirement is then the more likely we can give you a definitive answer.

Secondly, the points can only be assigned to respondents within this question that point to the answer. If you wish to have an answer accepted then please use that account when you submit your reply. It is not good policy to push points to a different account. Whilst I do not doubt your integrity in pointing out that you are both of the user names (one corporate, one your own) it would not be abn acceptable practice.

Keith
MS ISA & Forefront MVP




Enterprise Solutions Architect
Commented:
Dear Keith,

First of all, I enjoyed your answers becaus it explain the isue in a very professional way and this what I aim and wish to learn during my stay here.
Now let me explain the accounts confusion issue, I've used the corporate account during the my previous working period at the company but now II left the job there and moved to another place so I decided to open another private account that will be always with me regardless the company I working on.
Finally, I am really sorry for any inconvenience caused because of this.
Regards,
MKhairy
Mohamed KhairyEnterprise Solutions Architect

Commented:
Than you so much Keith for your kind welcome and I am really happy to gain more knowledge and learn from an expertise like you.

@  Arabsoft: I am glad to help.

Regards,
MKhairy