i hate isa, say i hate isa

[Panda On Smack]

ok, this is getting on my tits now. ISA firewall is evil and i wish to stab it.

just got a new win 2000 server at work running sbs. also got sql 2000 on it. i need to log into sql from outside the network i.e. my home pc.

I can get into it from inside the lan no problems but when i try to connect from home it cant find the server. now ive checked the isa logs and i can see im getting blocked.

ive opened up the ports in isa etc (1433 and 1434 both ways on tcp) but it still blocks me.

im confused and tired.

anybody got any ideas or use isa?

ta

 

[adams901]

i have never used ISA and probally am about to make myself look like a complete idiot but...

Instead of opening ports cant you just give your home IP address permission to access to the network.

I know when I worked at Mplayer-Europe we had permissions set in the firewall for certain IPs so we could access what we needed to from home.

 

[Panda On Smack]

yeah this was my intial thought but i'll be fucked if i can figure out how to do it

cheers for the reply though old chap

 

[adams901]

this of any use to you?

http://www.isaserver.org/tutorials/How_to_Allow_Internet_Access_on_ISA_Server_Machine.html

 

[Panda On Smack]

not really ta though

I need to get into the server from outside where as thats how you get out from the isa server itself.

 

[Summo]

Do you have any Network Address Translation going on at work, or is your SQL server using a 'real' public IP address?

 

[Panda On Smack]

im not sure

 

[Panda On Smack]

If anyone cares which im sure you currently don't the problem was solved by adding my protocol rules into the packet filter table as well.

You will thank me when you cross paths with ISA.

 

[Testin da Cable]

so you have to allow it twice so to speak?

 

[Panda On Smack]

heh, you have to add in rules and protocols everywhere! i spose its ok just not what im used to.

bit hardcore really.

 

[Xavier]

unlikely, most places I've worked have opted for checkpoint


uke:

 

[lecter]

I do hope your SQL server is fully patched up.

I'd actually think about sorting out some kind of VPN software, rather than opening up ports. You are just asking for trouble otherwise.

ISA is neither hardcore nor easy to use. Checkpoint is both of these things but nevermind.

 

[Xavier]

Originally posted by lecter
ISA is neither hardcore nor easy to use. Checkpoint is both of these things but nevermind.

Oh, I agree checkpoint is a top firewall, but when we had network issues relating to a whole host of other apps and servers, listserv for instance, 8/10 times it was checkpoint with some 'known issue' or 'clash'