Re: ssh publishing on ISA

2010-08-09 Thread S Powell 
ROCK ON!

FYI Y'all

the correct (for us YMMV) answer was:::

ISA 2006
_Publish Non-Web server protocol
==> to internal Server IP address
selected Protocol ==>  (user defined  "inbound SSH" port 22 TCP inbound)
Listen on ==> External

badda bing

thank you John and Devin.


Google.com  Learn it. Live it. Love it.



On Mon, Aug 9, 2010 at 14:47, Devin Meade  wrote:
> ISA 2004 - firewall policy - use the "New server publishing wizard":
> Enter the internal server IP address.
> Make a custom protocol with TCP / outbound / port 22.
> Select "External"
>
> I dont think you want the "Web server publishing wizard" as it requires a
> "listener".   Same goes for the other "new rule" types.
>
> After the wizard is done, you should get a policy like this:
> Name: Whatever you want
> Action: Allow
> Protocols: whatever you named it
> From / Listener: External
> To: Internal IP address
>
> You can add a schedule if you want.  IIRC the wizard got it 90% right, I
> always had to go change one of the parameters to make it work, go figure!  I
> did this quite often with Famatech RAdmin, but we don't use this anymore
>
> Hope this helps, Devin
>
>
> On Mon, Aug 9, 2010 at 3:57 PM, S Powell  wrote:
>>
>> yes it is the first rule.
>>
>>
>> Google.com  Learn it. Live it. Love it.
>>
>>
>>
>> On Mon, Aug 9, 2010 at 12:47, John Cook  wrote:
>> > Did you move that rule to the top?
>> > John W. Cook
>> > Systems Administrator
>> > Partnership for Strong Families
>> >
>> > - Original Message -
>> > From: S Powell 
>> > To: NT System Admin Issues 
>> > Sent: Mon Aug 09 15:39:55 2010
>> > Subject: ssh publishing on ISA
>> >
>> > Hello World!
>> >
>> > I'd be grateful to anyone out there who could give me a hand with this,
>> >
>> > I've got SSH running on a mac (xserve) and I cannot quite figure out
>> > how to publish it via our ISA.
>> >
>> > i've tried a non-web server rule allowing port 22 in and out. and yet
>> > this seems to not work.
>> >
>> > traffic seems to drop and is blocked by the default (enterprise deny
>> > all traffic) rule.
>> >
>> > TIA
>> >
>> >
>> > Google.com  Learn it. Live it. Love it.
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>> >
>> >
>> > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
>> > attached to or with this Notice is intended only for the person or entity 
>> > to
>> > which it is addressed and may contain Protected Health Information (PHI),
>> > confidential and/or privileged material. Any review, transmission,
>> > dissemination, or other use of, and taking any action in reliance upon this
>> > information by persons or entities other than the intended recipient 
>> > without
>> > the express written consent of the sender are prohibited. This information
>> > may be protected by the Health Insurance Portability and Accountability Act
>> > of 1996 (HIPAA), and other Federal and Florida laws. Improper or
>> > unauthorized use or disclosure of this information could result in civil
>> > and/or criminal penalties.
>> >  Consider the environment. Please don't print this e-mail unless you
>> > really need to.
>> >
>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>> >
>> >
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>>
>
>
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: ssh publishing on ISA

2010-08-09 Thread Devin Meade 
ISA 2004 - firewall policy - use the "New server publishing wizard":
Enter the internal server IP address.
Make a custom protocol with TCP / outbound / port 22.
Select "External"

I dont think you want the "Web server publishing wizard" as it requires a
"listener".   Same goes for the other "new rule" types.

After the wizard is done, you should get a policy like this:
Name: Whatever you want
Action: Allow
Protocols: whatever you named it
>From / Listener: External
To: Internal IP address

You can add a schedule if you want.  IIRC the wizard got it 90% right, I
always had to go change one of the parameters to make it work, go figure!  I
did this quite often with Famatech RAdmin, but we don't use this anymore

Hope this helps, Devin


On Mon, Aug 9, 2010 at 3:57 PM, S Powell  wrote:

> yes it is the first rule.
>
>
> Google.com  Learn it. Live it. Love it.
>
>
>
> On Mon, Aug 9, 2010 at 12:47, John Cook  wrote:
> > Did you move that rule to the top?
> > John W. Cook
> > Systems Administrator
> > Partnership for Strong Families
> >
> > - Original Message -----
> > From: S Powell 
> > To: NT System Admin Issues 
> > Sent: Mon Aug 09 15:39:55 2010
> > Subject: ssh publishing on ISA
> >
> > Hello World!
> >
> > I'd be grateful to anyone out there who could give me a hand with this,
> >
> > I've got SSH running on a mac (xserve) and I cannot quite figure out
> > how to publish it via our ISA.
> >
> > i've tried a non-web server rule allowing port 22 in and out. and yet
> > this seems to not work.
> >
> > traffic seems to drop and is blocked by the default (enterprise deny
> > all traffic) rule.
> >
> > TIA
> >
> >
> > Google.com  Learn it. Live it. Love it.
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> >
> > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or
> attached to or with this Notice is intended only for the person or entity to
> which it is addressed and may contain Protected Health Information (PHI),
> confidential and/or privileged material. Any review, transmission,
> dissemination, or other use of, and taking any action in reliance upon this
> information by persons or entities other than the intended recipient without
> the express written consent of the sender are prohibited. This information
> may be protected by the Health Insurance Portability and Accountability Act
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or
> unauthorized use or disclosure of this information could result in civil
> and/or criminal penalties.
> >  Consider the environment. Please don't print this e-mail unless you
> really need to.
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
> >
> >
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: ssh publishing on ISA

2010-08-09 Thread S Powell 
yes it is the first rule.


Google.com  Learn it. Live it. Love it.



On Mon, Aug 9, 2010 at 12:47, John Cook  wrote:
> Did you move that rule to the top?
> John W. Cook
> Systems Administrator
> Partnership for Strong Families
>
> - Original Message -
> From: S Powell 
> To: NT System Admin Issues 
> Sent: Mon Aug 09 15:39:55 2010
> Subject: ssh publishing on ISA
>
> Hello World!
>
> I'd be grateful to anyone out there who could give me a hand with this,
>
> I've got SSH running on a mac (xserve) and I cannot quite figure out
> how to publish it via our ISA.
>
> i've tried a non-web server rule allowing port 22 in and out. and yet
> this seems to not work.
>
> traffic seems to drop and is blocked by the default (enterprise deny
> all traffic) rule.
>
> TIA
>
>
> Google.com  Learn it. Live it. Love it.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>
> CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
> attached to or with this Notice is intended only for the person or entity to 
> which it is addressed and may contain Protected Health Information (PHI), 
> confidential and/or privileged material. Any review, transmission, 
> dissemination, or other use of, and taking any action in reliance upon this 
> information by persons or entities other than the intended recipient without 
> the express written consent of the sender are prohibited. This information 
> may be protected by the Health Insurance Portability and Accountability Act 
> of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized 
> use or disclosure of this information could result in civil and/or criminal 
> penalties.
>  Consider the environment. Please don't print this e-mail unless you really 
> need to.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: ssh publishing on ISA

2010-08-09 Thread John Cook 
Did you move that rule to the top?
John W. Cook
Systems Administrator
Partnership for Strong Families

- Original Message -
From: S Powell 
To: NT System Admin Issues 
Sent: Mon Aug 09 15:39:55 2010
Subject: ssh publishing on ISA

Hello World!

I'd be grateful to anyone out there who could give me a hand with this,

I've got SSH running on a mac (xserve) and I cannot quite figure out
how to publish it via our ISA.

i've tried a non-web server rule allowing port 22 in and out. and yet
this seems to not work.

traffic seems to drop and is blocked by the default (enterprise deny
all traffic) rule.

TIA


Google.com  Learn it. Live it. Love it.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


CONFIDENTIALITY STATEMENT: The information transmitted, or contained or 
attached to or with this Notice is intended only for the person or entity to 
which it is addressed and may contain Protected Health Information (PHI), 
confidential and/or privileged material. Any review, transmission, 
dissemination, or other use of, and taking any action in reliance upon this 
information by persons or entities other than the intended recipient without 
the express written consent of the sender are prohibited. This information may 
be protected by the Health Insurance Portability and Accountability Act of 1996 
(HIPAA), and other Federal and Florida laws. Improper or unauthorized use or 
disclosure of this information could result in civil and/or criminal penalties.
 Consider the environment. Please don't print this e-mail unless you really 
need to.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

ssh publishing on ISA

2010-08-09 Thread S Powell 
Hello World!

I'd be grateful to anyone out there who could give me a hand with this,

I've got SSH running on a mac (xserve) and I cannot quite figure out
how to publish it via our ISA.

i've tried a non-web server rule allowing port 22 in and out. and yet
this seems to not work.

traffic seems to drop and is blocked by the default (enterprise deny
all traffic) rule.

TIA


Google.com  Learn it. Live it. Love it.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~