Steps to enable 2X Traffic over port 80 using MS ISA 2004

Discussion in 'Parallels Remote Application Server' started by Cedric, Nov 21, 2006.

  1. Cedric

    Cedric Guest

    Create a new Access Rule

    Access rule name: 2X Traffic over port 80

    Action to take when rule conditions are met: Allow

    This rule applies to: Selected Protocols
    Click ‘Add...’ Select All Protocols > HTTP [ADD]

    Select HTTP Protocol and click ‘Edit...’
    Description (optional): 2X Traffic over HTTP

    In the Application Filters list [a list of application filters that can be applied to the protocol definition] MAKE SURE THAT NONE IS SELECTED
    By Default Web Proxy Filter is enabled - UNCHECK THIS OPTION

    This rule applies to traffic from these sources:
    Add Network Entities where 2X Clients are located

    This rule applies to traffic sent to these destinations:
    Add Network Entities where 2X Client Gateway is located

    Choose the users if you want to limit access to specific users sets.

    Finish.

    To save changes and update the configuration, click Apply.


    Clients will be able to connect over port 80 through MS ISA 2004.
     
  2. ITF1

    ITF1 Guest

    ...then you better uninstall ISA, you disable one of the core components of ISA. (Application Filter)
     
  3. Cedric

    Cedric Guest

  4. rajthampi

    rajthampi Guest

    What could be the solution then?

    Hello guys
    I read Cedric's work around for access 2x application server through ISA 2004 (we are using ISA 2006)
    Out of curiosity I flexed as Cedric has mentioned about HTTP web proxy filter and I was able to access the 2x application server located in Jordan from Kuwait.
    Then the second post said, if we disable the web proxy filter with HTTP, it is better not to have ISA.
    Guys, Connecting to 2x Application server through ISA on port 80 is my immediate requirement and I am already running out of options. Could one of you please explain me the potential threats I would invite by disabling the HTTP web proxy filter?

    regards,
     
  5. armopop

    armopop Guest

    This is only an outbound access rule

    Cedric is explaining how to give access to 2X application server to clients that are behind an ISA server. This is not about publishing a 2X server using ISA, so filtering has no meaning in here, as well proxy filter is not enabled by default to any access rules in ISA.
     
  6. althearim

    althearim Guest

    Re:

    Hi! I would like to disable mine nut i'm having a hard time..Any suggestions? Hope you'll post some guides soon..Thanks!

    Regards,
    althearim
    Pret voiture
     
  7. rishishah

    rishishah Guest

    Re: What could be the solution then?

    Its a very bad idea to disable the web proxy filter. This means your ISA would basically be nothing more than a aport filter for that traffic. Hence your ISA would not inspect any malicious attacks comming down the HTTP channel of which there are far too many.

    In SSL/TLS mode, again you should make sure that the ISA is configured as a reverse proxy...i.e. the SSL certificate in installed on the ISA, the connection is de-crypted by the ISA< inspected by the ISA and than sent to the 2X server. However i think because 2X does not actually use the HTTP Protocol correctly, this wil not work either. I could be wrong but if you have to simply let SSL/TLS traffic straight through into your environment without the ISA inspecting it, than it is a very poor application open to abuse.

    The whole point of the ISA is to inspect the traffic, not to act as a port filter... if you want a port filter you can get a US$20 router to do that for you.
     

Share This Page