ISA/TMG Firewall policy with multiple allowed ports?

Posted on 2010-09-16
Last Modified: 2012-05-10
Am I missing something or do you really need to create a separate policy for every port you want to allow?  For example, if I want to allow ports 80, 443, 1207, 8080 and 15000 to specific internal server, do I really need to create 5 policies?  This would get messy really quick for a large number of servers/policies.  
Question by:dkraut
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2

Assisted Solution

araberuni earned 50 total points
ID: 33699417
If its allowing ports to specific internal server such as

Policy name: xxz
Action: Allow
Protocol: http,https, user-defined (1207,8080,15000)
Destination:ComputerName or internal server
Users:All-users /your users

Then it should be ok. No need to create 5 rules. However, if you are publishing web server then use web publishing rule for each of them. It would not be messy just select all similar rules>right click>group them. you will be organised.

Author Comment

ID: 33700072
Then I must be missing something.  I don't see any way to select more than a single protocol/port per policy or create a custom protocol object that includes more than 1 port?   Is it "secondary connections" maybe?
LVL 49

Accepted Solution

Akhater earned 450 total points
ID: 33704777
No actually you are not missing anything when you are publishing a server you can only specify one protocol/port

in your case you will need 5 rules
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Expert Comment

ID: 33710403
Please let me know, is it a web publishing rule or allowing protocols?? Please explain a bit.
LVL 49

Expert Comment

ID: 33710543
@araberuni the OP is obviously talking about server publishing rules and he is right he will need to create 5 rules as I said earlier

Author Closing Comment

ID: 33827608

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question