Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Open Port from the internet to inside my organization isa2006

Posted on 2010-08-17
2
Medium Priority
?
515 Views
Last Modified: 2012-05-10
Hi


i need to open like 10 port from internet to inside my organization
this is what i did

firewall policy
new access rules
new protocol
let say port 3550 (tcp and UDP receive send)
from External / anywhere
to internal
all user


the bug is this
when i test on this site
http://www.yougetsignal.com/tools/open-ports/

my port is closed ????

i do know why
0
Comment
Question by:Victor Charpentier
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 2000 total points
ID: 33458763
Hi,

First of all, ISA makes difference between internal network (that you define by associating IP ranges to network objects in ISA) and the external network that is everything else...

For incoming traffic, meaning IP requests that come from the external network, you need to make "publishing rules", not "access rules". Access rules only apply to outgoing traffic, meaning IP request coming from one of the explicitely defined network.

Also, if your internal network uses private IP range (like 10.x.x.x, 172.16.x.x to 172.31.x.x, or 192.168.x.x) then your ISA server is NATing outgoing traffics. In this situation you can not create rules to allow incoming traffic to reach any IP address in the internal network. What you only can do is create a publishing rule to reach ONE internal IP address for ONE TCP port.

If you want some people on Internet to reach your whole internal network using some ports you need to configure VPN...


Have a good day.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33459036
I use access lists from external to internal or the perimeter quite a lot but this is always when I use route relationships from the source network to the target network.

If you are Natting from internal to external then the non-web-server publishing rules are your best option.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question