Solved

ISA/TMG Firewall policy with multiple allowed ports?

Posted on 2010-09-16
6
602 Views
Last Modified: 2012-05-10
Am I missing something or do you really need to create a separate policy for every port you want to allow?  For example, if I want to allow ports 80, 443, 1207, 8080 and 15000 to specific internal server, do I really need to create 5 policies?  This would get messy really quick for a large number of servers/policies.  
0
Comment
Question by:dkraut
  • 2
  • 2
  • 2
6 Comments
 
LVL 9

Assisted Solution

by:araberuni
araberuni earned 50 total points
Comment Utility
If its allowing ports to specific internal server such as

Policy name: xxz
Action: Allow
Protocol: http,https, user-defined (1207,8080,15000)
Source:Internal/?
Destination:ComputerName or internal server
Users:All-users /your users

Then it should be ok. No need to create 5 rules. However, if you are publishing web server then use web publishing rule for each of them. It would not be messy just select all similar rules>right click>group them. you will be organised.
0
 

Author Comment

by:dkraut
Comment Utility
Then I must be missing something.  I don't see any way to select more than a single protocol/port per policy or create a custom protocol object that includes more than 1 port?   Is it "secondary connections" maybe?
0
 
LVL 49

Accepted Solution

by:
Akhater earned 450 total points
Comment Utility
No actually you are not missing anything when you are publishing a server you can only specify one protocol/port

in your case you will need 5 rules
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 9

Expert Comment

by:araberuni
Comment Utility
Please let me know, is it a web publishing rule or allowing protocols?? Please explain a bit.
0
 
LVL 49

Expert Comment

by:Akhater
Comment Utility
@araberuni the OP is obviously talking about server publishing rules and he is right he will need to create 5 rules as I said earlier
0
 

Author Closing Comment

by:dkraut
Comment Utility
thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now