Solved

Bypass Stateful Packet Inspection - ISA 2006

Posted on 2011-03-16
5
1,390 Views
Last Modified: 2012-05-11
Good Afternoon,

I need to disable SPI between a couple of IP Addresses from an external network to a device on my internal network through ISA 2006.

We are running a clinical trial and the application/device that needs to upload the data is being blocked by ISA due to it's inbuilt SPI

Has anyone done this before?

Thanks,

Gerald
0
Comment
Question by:gezzam
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35154326
Not a chance. Stateful packet inspection is a fundamental process that is responsible - in part - for  the integrity of sessions and connections. No way you'd turn that off.
0
 

Author Comment

by:gezzam
ID: 35154338
Can I create a rule between the two IP addresses that disable SPI for that rule only?

The documentation from the trial company states that

Stateful Packet Inspection (SPI): If your network uses SPI, consider setting rules in the Firewall to not perform SPI on traffic originating from or terminating to the IP addresses listed in this document.

or

Could I turn it off temporarily just to see if this is the cause so I can investigate further
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35154455
Not as far as I am aware, it is an inherent feature. The only devices that allow this sort of thing are routers - and ISA Server is not a router.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 35167097
The "Trial company" is wrong.  They are misuing and abusing the term "Stateful Inspection".   Stateful Inspection means to inspect the "State" of the Connection to be sure that it is valid and intact.  This is done at the connection itself and is primarily to determine that the Source and Destiantion have remained consistant as opposed to being hyjacked and one of them being impersonated.

What they probably really mean is Application Layer Inspection (ALI),...some times also called Deep Inspection.  This can be turned off but is a real hassle to configure.  What really needs to be done here is inform us enough about how this product works and the nature of how it communicates, like the traffic profile and the actual Protocol it uses.
0
 

Author Comment

by:gezzam
ID: 35177181
Thanks for the update, the trail company is supplying the client with a Wireless 3G Modem to upload, so it's not going on our network now so it has ceased to be an issue.

Thanks for the responses though.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
switch connecting to ISA server 8 327
TMG 2010 ISP Redudancy 29 987
FOPE 1 day Quarantine Notifications 4 269
ISA 2006 Allow specific client access to a HTTPS site 17 416
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question