Solved

Bypass Stateful Packet Inspection - ISA 2006

Posted on 2011-03-16
5
1,377 Views
Last Modified: 2012-05-11
Good Afternoon,

I need to disable SPI between a couple of IP Addresses from an external network to a device on my internal network through ISA 2006.

We are running a clinical trial and the application/device that needs to upload the data is being blocked by ISA due to it's inbuilt SPI

Has anyone done this before?

Thanks,

Gerald
0
Comment
Question by:gezzam
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35154326
Not a chance. Stateful packet inspection is a fundamental process that is responsible - in part - for  the integrity of sessions and connections. No way you'd turn that off.
0
 

Author Comment

by:gezzam
ID: 35154338
Can I create a rule between the two IP addresses that disable SPI for that rule only?

The documentation from the trial company states that

Stateful Packet Inspection (SPI): If your network uses SPI, consider setting rules in the Firewall to not perform SPI on traffic originating from or terminating to the IP addresses listed in this document.

or

Could I turn it off temporarily just to see if this is the cause so I can investigate further
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35154455
Not as far as I am aware, it is an inherent feature. The only devices that allow this sort of thing are routers - and ISA Server is not a router.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 35167097
The "Trial company" is wrong.  They are misuing and abusing the term "Stateful Inspection".   Stateful Inspection means to inspect the "State" of the Connection to be sure that it is valid and intact.  This is done at the connection itself and is primarily to determine that the Source and Destiantion have remained consistant as opposed to being hyjacked and one of them being impersonated.

What they probably really mean is Application Layer Inspection (ALI),...some times also called Deep Inspection.  This can be turned off but is a real hassle to configure.  What really needs to be done here is inform us enough about how this product works and the nature of how it communicates, like the traffic profile and the actual Protocol it uses.
0
 

Author Comment

by:gezzam
ID: 35177181
Thanks for the update, the trail company is supplying the client with a Wireless 3G Modem to upload, so it's not going on our network now so it has ceased to be an issue.

Thanks for the responses though.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configure TMG 2010 as a transparent Proxy 9 830
TMG Proxy issues 1 546
Outlook Anywhere on ISA 2006 6 137
TMG Firewall website policy 2 160
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now