Forefront Edge Security TechCenter >
Forefront Edge Security Forums
>
Forefront Edge Security - Firewall Client
>
Running a Windows Service behind ISA Firewall
Running a Windows Service behind ISA Firewall
- I'm not sure this is the correct forum, but hopefully I can get pointed in the right direction.
I have a custom windows service (.Net 3.5) that FTPs files out to some servers across the internet. The server hosting my service (Windows 2003) is behind an ISA firewall, and I need to connect through this proxy to transfer the files.
I had installed the ISA Firewall Client and all seemed well. The service (which runs under it's own domain level account) was able to FTP out okay. I even logged out of the server and started the custom service remotely to make sure there wasn't anything special about me being logged in that made everything work (my Infrastructure team tells me the server is okay to use the ISA proxy, and it's not account based).
Only there was.
It seems the ISA client cached me being logged into the server and allowed the service to FTP without issue for about a hour or so before it started getting denied.
I've been searching the net and docs trying to find guidance on how to configure ISA Server and Client to allow a Windows Service to use the ISA Firewall Client while no one is logged in, but so far nothing. Any help or guidance is greatly appreciated - even if it's "idiot, you use X for this" cause I'm having to make this stuff up as I go!
Thanks,
Mike
Answers
- Hi,
You can simply set this machine as a SecureNet client. That is to set its default gateway to point to ISA Server Internal IP .
and on ISA Server, create a rule to allow this machine for outbound connection.
ALLOW > Protocols > From This FTP Server Computer > To External > ALL Users
With the ALL Users condition, you will grant this machine an outbound connection with no authentication required.
HTH,
Tarek
_________________________
Tarek Majdalani
MS Forefront Edge Security MVP
http://www.elmajdal.net- Unmarked As Answer byKeith AlabasterMVP, ModeratorSaturday, June 06, 2009 12:24 PM
- Marked As Answer byKeith AlabasterMVP, ModeratorSaturday, June 06, 2009 12:23 PM
- Marked As Answer byMichael C. NeelMVPSaturday, June 06, 2009 3:10 PM
All Replies
- Hi,
You can simply set this machine as a SecureNet client. That is to set its default gateway to point to ISA Server Internal IP .
and on ISA Server, create a rule to allow this machine for outbound connection.
ALLOW > Protocols > From This FTP Server Computer > To External > ALL Users
With the ALL Users condition, you will grant this machine an outbound connection with no authentication required.
HTH,
Tarek
_________________________
Tarek Majdalani
MS Forefront Edge Security MVP
http://www.elmajdal.net- Unmarked As Answer byKeith AlabasterMVP, ModeratorSaturday, June 06, 2009 12:24 PM
- Marked As Answer byKeith AlabasterMVP, ModeratorSaturday, June 06, 2009 12:23 PM
- Marked As Answer byMichael C. NeelMVPSaturday, June 06, 2009 3:10 PM
- Thanks Tarek - I never got an email from the forums that there was a reply, sorry for the delay in marking as answer.
- Hey Michael,
Thats ok......Glad that it worked and Thanks for the follow up
BR;
Tarek
_________________________
Tarek Majdalani
MS Forefront Edge Security MVP
http://www.elmajdal.net
