Skip to main contentdfsdf

sun jianguo's List: 网络管理

    • Perform the following steps to extend the ISA firewall’s SSL tunnel port range:
      •  
           
        1. Go to www.isatools.org and download the isa_tpr.js  file (http://www.isatools.org/isa_tpr.js) and copy that  file to your ISA firewall. Do not use the browser on the firewall.  Download the file to a management workstation, scan the file, and then copy the  file to removable media and then take it to the ISA firewall. Remember,  never use client applications, such as browsers, e-mail clients, etc. on  the firewall itself.  
        2. Double click the isa_tpr.js file. The first dialog box you see states  This is your current Tunnel Port Range list. Click OK.  
        3. The NNTP port is displayed. Click OK.  
        4. The SSL port is displayed. Click OK.  
        5. Now copy the isa_tpr.js file to the root of the C: drive. Open a  command prompt and enter the following:
         

        isa_tpr.js /?

         
           
        1. You will see the following dialog box.
         

         
           
        1. To add a new tunnel port, such as 8848 enter the following command  and press ENTER:
         

        Cscript isa_tpr.js /add Ext8848 8848

         
           
        1. You will see something like what appears in the figure below after the  command runs successfully.
         

         

        Alternatively, you can download the .NET application, ISATpre.zip file  at http://www.isatools.org/ISAtrpe.zip (written by  Steven Soekrasno) from the www.isatools.org site and install the application  on the ISA firewall. This application provides an easy to use graphical  interface that allows you to extend the SSL tunnel port range. The figure below  shows what the GUI for this application looks like.

         

         

        Just enter the first port and last port you want to include in the SSL tunnel  port range in the LowPort and HighPort text boxes and click the  Add Tunnel Range button. Then click the Refresh button to see the  new SSL tunnel port range in the list.

         

        Note that if you have unbound the Web Proxy filter from the HTTP protocol,  then Firewall and SecureNAT client connections made through the ISA firewall  will not be redirected to the Web Proxy Filter. In this case, you can create a  Protocol Definition for the alternate SSL port and then create an Access Rule  allowing outbound access to that protocol.

         

        Get the New Book!

         

        I hope you enjoyed  this article and found something in it that you can apply to your own network.  If you have any questions on anything I discussed in this article, head on over  to http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=34;t=000081 and post a message. I’ll  be informed of your post and will answer your questions ASAP. Thanks!  –Tom

        If you would like us to email you when Tom Shinder releases another  article on ISAserver.org, subscribe to our 'Real-Time Article Update' by  clicking here. Please note that we do NOT sell or rent the  email addresses belonging to our subscribers; we respect your  privacy.

1 - 1 of 1
20 items/page
List Comments (0)