ROCK ON! FYI Y'all
the correct (for us YMMV) answer was::: ISA 2006 _Publish Non-Web server protocol ==> to internal Server IP address selected Protocol ==> (user defined "inbound SSH" port 22 TCP inbound) Listen on ==> External badda bing thank you John and Devin. Google.com Learn it. Live it. Love it. On Mon, Aug 9, 2010 at 14:47, Devin Meade <[email protected]> wrote: > ISA 2004 - firewall policy - use the "New server publishing wizard": > Enter the internal server IP address. > Make a custom protocol with TCP / outbound / port 22. > Select "External" > > I dont think you want the "Web server publishing wizard" as it requires a > "listener". Same goes for the other "new rule" types. > > After the wizard is done, you should get a policy like this: > Name: Whatever you want > Action: Allow > Protocols: whatever you named it > From / Listener: External > To: Internal IP address > > You can add a schedule if you want. IIRC the wizard got it 90% right, I > always had to go change one of the parameters to make it work, go figure! I > did this quite often with Famatech RAdmin, but we don't use this anymore > > Hope this helps, Devin > > > On Mon, Aug 9, 2010 at 3:57 PM, S Powell <[email protected]> wrote: >> >> yes it is the first rule. >> >> >> Google.com Learn it. Live it. Love it. >> >> >> >> On Mon, Aug 9, 2010 at 12:47, John Cook <[email protected]> wrote: >> > Did you move that rule to the top? >> > John W. Cook >> > Systems Administrator >> > Partnership for Strong Families >> > >> > ----- Original Message ----- >> > From: S Powell <[email protected]> >> > To: NT System Admin Issues <[email protected]> >> > Sent: Mon Aug 09 15:39:55 2010 >> > Subject: ssh publishing on ISA >> > >> > Hello World! >> > >> > I'd be grateful to anyone out there who could give me a hand with this, >> > >> > I've got SSH running on a mac (xserve) and I cannot quite figure out >> > how to publish it via our ISA. >> > >> > i've tried a non-web server rule allowing port 22 in and out. and yet >> > this seems to not work. >> > >> > traffic seems to drop and is blocked by the default (enterprise deny >> > all traffic) rule. >> > >> > TIA >> > >> > >> > Google.com Learn it. Live it. Love it. >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > >> > CONFIDENTIALITY STATEMENT: The information transmitted, or contained or >> > attached to or with this Notice is intended only for the person or entity >> > to >> > which it is addressed and may contain Protected Health Information (PHI), >> > confidential and/or privileged material. Any review, transmission, >> > dissemination, or other use of, and taking any action in reliance upon this >> > information by persons or entities other than the intended recipient >> > without >> > the express written consent of the sender are prohibited. This information >> > may be protected by the Health Insurance Portability and Accountability Act >> > of 1996 (HIPAA), and other Federal and Florida laws. Improper or >> > unauthorized use or disclosure of this information could result in civil >> > and/or criminal penalties. >> > Consider the environment. Please don't print this e-mail unless you >> > really need to. >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
