Microsoft ISA Server 2000 – Firewall service deliberately stopped – Want to allow ping.

5 pts.
Internet Control Message Protocol
ISA Server
ISA Server 2000
Microsoft Windows Server 2003
Web security
Hi. This may seem really stupid, and well it is. I have a customer who is running ISA 2000 primarily as a web cache. It is not used for security in any way, in fact, users can just turn off their proxy settings and access the internet, so security is not really an issue here. The box is 4 years old, and I have only just been engaged to allow a monitoring server access to ping the ISA server. Easy I hear you say, just create a packet filter rule and viola, problem solvered! No. Unfortunately since day one, the customer has had the "firewall service" deliberately stopped. Therefore adding/removing packet filter rule would appear to make zero difference. So my question is as follows. On an ISA Server 2000 box (running on Win2k3), how can I allow an external machine (be it on the "internal" or "external" network) the ability to ping the ISA server, WITHOUT starting the Firewall service. I know this doesn't seem like the right approach, but it's business contraints, not technical contraints under which I am working. So I need to be able to do this without starting the firewall service. Any advice would be most appreciated. Thanks Peter

Answer Wiki

Thanks. We'll let you know when a new response is added.

It may be just a simple matter of opening any external firewall before the ISA box to permit ICMP to reach this ISA server. However, ICMP is not really a good thing to leave open really. It can be used as an attack vector. I would recommend enabling a firewall and permitting only ICMP from the trusted external partner to this host. Drop all ICMP from other sources.

In the IT trenches? So am I – read my IT-Trenches blog.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Msexchange2003andISA
    Hi I have the same problem my ISA server 2000 is no more exist on network and i want this server pingable wihout uninstalling ISA server application and without starting firewall service. Thanks in advance
    10 pointsBadges:
  • juicyjor
    this can be achieved preventing the startup of  mspfltex and mspnat service
    sc config mspfltex startup= demand
    sc config mspnat startup= demand
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: