ftp site blocked 1

[amberlynn]

Hello,
Our company uses MS ISA Server 2004.
The policies were all set up before I started, and have never needed to be changed.
An FTP site we commonly used has recently changed it's address, and now we can no longer access it.
I'm new to ISA Server, and am not sure where to even look to find out how to allow this site.
Thanks for any help!
Amber

 

[Shad007]

log onto your isa server and open the isa management console. Expand the left-hand tree until you see 'Firewall Policy', click on this. You should see on the far right a '<' button indicating a popout sidewindow. Click on this and select 'Network Objects'. Your old FTP server should be defined in this list somewhere. Change the IP accordingly then apply the changes. Hopefully this is all you'll need to do.

ps I use isa2006 but from what i vaguely remember from 2004 its probably the same method to update an object.

 

[amberlynn]

Thanks.
Under the Network Objects, on the right side, I have:
networks
network sets
computers
address ranges
subnets
computer sets
URL sets
Domain name sets
web listeners

I've expanded all that could be expanded, but don't see the old FTP site anywhere..
Any other suggestions?

Amber

 

[amberlynn]

I should add that I'm not 100% sure the issues are coming from the firewall rules.

If I attempt to go to a site that is forbidden (eg. facebook) I get an error page "The page you are trying to reach has been denied" and the rule name that causes the denial.

If I attempt to go to this ftp site, I get a "Network Access Message: the page cannot be displayed"

As I said, I'm new to ISA Server, and am not sure how it behaves - maybe both error pages are caused by the firewall rules, but they don't look similar at all.

Thanks again,
Amber

 

[Shad007]

configuring ISA can be tricky. If it's to be your role to change the firewall rules for your business then I would suggest you tackle Microsoft websites to learn a bit more about how things should work. You can start here:

http://technet.microsoft.com/en-us/library/bb898435.aspx

The above link is for 2006 but it's very similar to 2004

a couple of quick notes, the rule that allows http outbound from your internal network may need to include https.

I would also suggest to learn how to use the traffic monitoring feature of ISA as it is very handy.

 

[amberlynn]

Thanks Shad007

I've been reading up on ISA 2004. Thanks for the link.
I've been playing with the monitoring/logging features.

I've looked at the log after attempting to connect to this ftp site - I'm unclear how to use this information to solve my problem. The "Action" is "Failled Connection Attempt" - so are rules not my issue here? - the 'Rule' is "Open to Everyone".

Thanks,
Amber

 

[Shad007]

so im assuming you have something like:

Allow FTP from Internal/Localhost to External with 'all authenticated users' selected?

 

[amberlynn]

The `Open to Everyone`rule has the following properties:

Actions = allow
Protocols = FTP, HTTP, HTTPS
From = Internal Network Set
To = Open to Everyone (details are an IP range - 192.168.1.71)
and Open to Everyone (details are a list of domain names - one of which is the one I`m trying to access).
Users = All users.

Amber