Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Is Our ISA2004 Compromised?

2 views
Skip to first unread message

W

unread,
Sep 17, 2010, 11:17:21 PM9/17/10
to
We have an ISA2004 firewall that has been fully debugged and working for
many years. I needed to block all traffic going to a subnet
64.156.192.0/22. I created both a subnet with that parameter and
separately created an address range 64.156.192.0 to 64.156.192.255. I
then made rule #1 on the ISA firewall:

DENY
ALL Traffic Types
From ALL Networks
To the subnet and address range as specified above
ALL Users

After Applying the rule change, the rule is simply being ignored. A
sniffer clearly shows the traffic continues right past the firewall as if
nothing has happened. The ISA Monitor shows the traffic going through, and
it references a rule way down in the ruleset that approves the traffic.
Rule #1 simply gets ignored.

What would cause this?

--
W


W

unread,
Sep 18, 2010, 1:35:45 AM9/18/10
to
"W" <persis...@spamarrest.com> wrote in message
news:KradnQQq0fO9sgnR...@giganews.com...

If the client's browser is configured to use Web Proxy, does that completely
bypass Firewall rules that are based on target IP addresses?

It appears yes. It looks like in the case of Web Proxy that all of the
requests are handled based on the target FQDN and any Firewall Rules based
on target IP address are ignored?

That's kind of horrific isn't it? How can that be a desirable feature?

--
W


0 new messages