Register

Forgot Password

Site FAQ

Home > IT Answers > Security > Microsoft ISA Server 2000 – Firewall service deliberately stopped – Want to allow ping.

Macleodp

5 pts.

Microsoft ISA Server 2000 – Firewall service deliberately stopped – Want to allow ping.

Firewalls, ICMP, Internet Control Message Protocol, ISA Server, ISA Server 2000, Ping, Web security, Windows Server 2003

Hi. This may seem really stupid, and well it is. I have a customer who is running ISA 2000 primarily as a web cache. It is not used for security in any way, in fact, users can just turn off their proxy settings and access the internet, so security is not really an issue here. The box is 4 years old, and I have only just been engaged to allow a monitoring server access to ping the ISA server. Easy I hear you say, just create a packet filter rule and viola, problem solvered! No. Unfortunately since day one, the customer has had the "firewall service" deliberately stopped. Therefore adding/removing packet filter rule would appear to make zero difference. So my question is as follows. On an ISA Server 2000 box (running on Win2k3), how can I allow an external machine (be it on the "internal" or "external" network) the ability to ping the ISA server, WITHOUT starting the Firewall service. I know this doesn't seem like the right approach, but it's business contraints, not technical contraints under which I am working. So I need to be able to do this without starting the firewall service. Any advice would be most appreciated. Thanks Peter

Software/Hardware used:

ASKED: January 9, 2009 12:10 AM

UPDATED: December 14, 2011 4:09 AM

RELATED QUESTIONS

Answer Wiki:

It may be just a simple matter of opening any external firewall before the ISA box to permit ICMP to reach this ISA server. However, ICMP is not really a good thing to leave open really. It can be used as an attack vector. I would recommend enabling a firewall and permitting only ICMP from the trusted external partner to this host. Drop all ICMP from other sources. In the IT trenches? So am I - read my <a href="http://itknowledgeexchange.techtarget.com/it-trenches">IT-Trenches blog</a>

Last Wiki Answer Submitted: May 27, 2009 6:57 pm by Labnuke99

32,645 pts.

All Answer Wiki Contributors: Labnuke99

32,645 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Dec 14, 2011 4:09 AM (GMT)

Hi I have the same problem my ISA server 2000 is no more exist on network and i want this server pingable wihout uninstalling ISA server application and without starting firewall service.

Thanks in advance

Msexchange2003andISA

10 pts.

POSTED: Jul 30, 2012 9:41 AM (GMT)

this can be achieved preventing the startup of
mspfltex and mspnat service

sc config mspfltex startup= demand

sc config mspnat startup= demand

juicyjor

10 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags