Ресурсы для ИТ-профессионалов >
Форумы
>
Forefront Edge Security - Firewall Client
>
Running a Windows Service behind ISA Firewall
Running a Windows Service behind ISA Firewall
- I'm not sure this is the correct forum, but hopefully I can get pointed in the right direction.
I have a custom windows service (.Net 3.5) that FTPs files out to some servers across the internet. The server hosting my service (Windows 2003) is behind an ISA firewall, and I need to connect through this proxy to transfer the files.
I had installed the ISA Firewall Client and all seemed well. The service (which runs under it's own domain level account) was able to FTP out okay. I even logged out of the server and started the custom service remotely to make sure there wasn't anything special about me being logged in that made everything work (my Infrastructure team tells me the server is okay to use the ISA proxy, and it's not account based).
Only there was.
It seems the ISA client cached me being logged into the server and allowed the service to FTP without issue for about a hour or so before it started getting denied.
I've been searching the net and docs trying to find guidance on how to configure ISA Server and Client to allow a Windows Service to use the ISA Firewall Client while no one is logged in, but so far nothing. Any help or guidance is greatly appreciated - even if it's "idiot, you use X for this" cause I'm having to make this stuff up as I go!
Thanks,
Mike
Ответы
- Hi,
You can simply set this machine as a SecureNet client. That is to set its default gateway to point to ISA Server Internal IP .
and on ISA Server, create a rule to allow this machine for outbound connection.
ALLOW > Protocols > From This FTP Server Computer > To External > ALL Users
With the ALL Users condition, you will grant this machine an outbound connection with no authentication required.
HTH,
Tarek
_________________________
Tarek Majdalani
MS Forefront Edge Security MVP
http://www.elmajdal.net- Снята пометка об ответеKeith AlabasterMVP, Модератор6 июня 2009 г. 12:24
- Помечено в качестве ответаKeith AlabasterMVP, Модератор6 июня 2009 г. 12:23
- Помечено в качестве ответаMichael C. NeelMVP6 июня 2009 г. 15:10
Все ответы
- Hi,
You can simply set this machine as a SecureNet client. That is to set its default gateway to point to ISA Server Internal IP .
and on ISA Server, create a rule to allow this machine for outbound connection.
ALLOW > Protocols > From This FTP Server Computer > To External > ALL Users
With the ALL Users condition, you will grant this machine an outbound connection with no authentication required.
HTH,
Tarek
_________________________
Tarek Majdalani
MS Forefront Edge Security MVP
http://www.elmajdal.net- Снята пометка об ответеKeith AlabasterMVP, Модератор6 июня 2009 г. 12:24
- Помечено в качестве ответаKeith AlabasterMVP, Модератор6 июня 2009 г. 12:23
- Помечено в качестве ответаMichael C. NeelMVP6 июня 2009 г. 15:10
- Thanks Tarek - I never got an email from the forums that there was a reply, sorry for the delay in marking as answer.
- Hey Michael,
Thats ok......Glad that it worked and Thanks for the follow up
BR;
Tarek
_________________________
Tarek Majdalani
MS Forefront Edge Security MVP
http://www.elmajdal.net
