Firewall
 » 
Firewall Discussions
 » 
Firewall (securityfocus.com)

 « Return to Thread: Help to remove blocking of MS outlook through ISA 2004

RE: Help to remove blocking of MS outlook through ISA 2004

by Thor (Hammer of God) :: Rate this Message:

Reply to Author | View in Thread

Some parts of this message have been removed. Learn more about Nabble's security policy.

Sorry, but if you had to create an All outbound from int to ext, then you've done something wrong on your rule.  The firewall client is great, but it is not a necessity -- of course, you would want it to ensure authenticated access to rules based on domain membership for non-web traffic, but that's another story.

 

ISA blocks all traffic by default.  If you allow POP3 from the client to the server, it works, and without the need for adding the "enable" tag in the FWC config  (without question). 

 

Least Privilege dictates that you only allow what you need, only to where you need it, and only to those that need it.  Enabling outlook.exe itself for all access is overkill and unnecessary.  If you POP3 rule didn't work, you either had an authentication problem, or didn't create the rule properly (like you used POP3 Server instead of POP3 or something like that).  The logs will tell you everything you need to know in order to troubleshoot that.

 

t

 

-----------

Check out Tim Mullen's "Microsoft Ninjitsu" training at Blackhat Vegas 2008.
There are also some other great NGS classes lead by world-class researchers and trainers available.

http://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-tm-ms-bbe.html

 

 

 

From: listbounce@... [mailto:listbounce@...] On Behalf Of Faris Mlaeb
Sent: Thursday, June 26, 2008 9:25 AM
To: firewalls@...; Thor (Hammer of God)
Subject: RE: Help to remove blocking of MS outlook through ISA 2004

 

 

Hi
As it seem .. and even if he dont have Firewall Client installed, he should install it
I have Such a problem where client in my network have a problem can not connect to a POP3 Server using MS Outlook
I had Create a Rule that allow POP3 and also a Rule to Allow ALLOUTBOUND TRAFFIC From Internal To External To All Users, But as it seem that ISA Server is configured to Block the Connection for Outlook what ever the Portocol that is being sent to the external as its in ISA Server (( OutLook disable   1))
Anyway
As Qaisar Naseem says ((Even I created a firewall rule to allow all outbound traffic to external, but unable to solve the problem)), so it seem that enabling so will help
Anyway .. do you have a Better method for enabling this and Allowing the outlook to connect to the external without having to change it from ISA

Thanks alot


--- On Wed, 6/25/08, Thor (Hammer of God) <thor@...> wrote:

From: Thor (Hammer of God) <thor@...>
Subject: RE: Help to remove blocking of MS outlook through ISA 2004
To: firewalls@...
Date: Wednesday, June 25, 2008, 11:49 AM

A couple of things:

One, you don't know that he is running a firewall client.  Secondly it is never recommended to just enable full access to an overall application when you can more finely restrict access based on protocol.   The client may simply be using POP3 -- it would be silly to just "allow Outlook" as an application to all of your firewall clients when you can just allow POP3 (or whatever it is) to only the clients that need it. 

 

t

 

 

 

From: listbounce@... [mailto:listbounce@...] On Behalf Of Faris Mlaeb
Sent: Monday, June 23, 2008 2:20 PM
To: Thor (Hammer of God); Qaisar Naseem; firewalls@...
Subject: Re: Help to remove blocking of MS outlook through ISA 2004

 

HI

This is normal for ISA and you can fix this by going to:

 

Open the ISA Server Console and expand the Configuration, and select General, and then Click on "Define Firewall Client Settings", You will have a new Window for the "Firewall Client Settings"
Click on the Application Tab and from the list select Outlook
You will notice that its like this:
Outlook  Disable  1
change the value to be
Outlook  Disable  0

and on the Firewall client on the user PC  make sure that you click on Detect Now Or simply restart your Computer

This work for me perfect

Have a nice time

 

 

Note that if the value is not present .. then  simply create it

 


 

Faris Mlaeb

Technical Manager

Network Administrator

 

----- Original Message ----
From: Thor (Hammer of God) <thor@...>
To: Qaisar Naseem <qaisarn@...>; firewalls@...
Sent: Monday, June 23, 2008 5:33:33 PM
Subject: RE: Help to remove blocking of MS outlook through ISA 2004

What protocols are you using to connect to the server?  I'm assuming you are talking about an internal Outlook client connecting to an external server.  What kind of ISA client is the host?  Are you using SNAT or FWC?   A little infoz, please.

 

t

 

 

-----------

Check out Tim Mullen's "Microsoft Ninjitsu" training at Blackhat Vegas 2008.
There are also some other great NGS classes lead by world-class researchers and trainers available.

http://www.blackhat.com/html/bh-usa-08/train-bh-usa-08-tm-ms-bbe.html

 

 

 

From: listbounce@... [mailto:listbounce@...] On Behalf Of Qaisar Naseem
Sent: Friday, June 20, 2008 9:02 AM
To: firewalls@...
Subject: Help to remove blocking of MS outlook through ISA 2004

 

Hi,

 

I am using Windows server 2003 network with ISA 2004 as proxy. I am having problem in passing MS outlook requests. Even I created a firewall rule to allow all outbound traffic to external, but unable to solve the problem. Outlook configuration is quite OK as when I by pass proxy, it works fine.

--
Qaisar Naseem
Network Admin
Express News TV
+923457263848

 

 

 « Return to Thread: Help to remove blocking of MS outlook through ISA 2004

Free embeddable forum powered by Nabble Forum Help