Comments on: Route Relationships, Server Publishing Rules, and Port Stealing http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/ Written by Dr Thomas W Shinder, consultant to Microsoft, HP and many Fortune 500 companies on ISA firewall and Web proxy deployments this blog is where administrators get information about ISA Server Universal Threat Management firewalls. Topics include how to manage, deploy, and troubleshoot ISA Server as a network firewall, Web proxy/Web cache, remote access VPN server and VPN gateway to provide a high level of network security for all corporate computers. Wed, 7 Jan 2009 17:47:34 +0000 http://wordpress.org/?v=MU by: Fard http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-29167 Tue, 05 Dec 2006 11:16:39 +0000 http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-29167 Hi Please help me for publish isa server 2006 service for use exchange server 2003 please with example for define rules on the isa server 2006 Hi
Please help me for publish isa server 2006 service for use exchange server 2003
please with example for define rules on the isa server 2006

]]> by: M.N.P.Fard http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-29166 Tue, 05 Dec 2006 11:08:55 +0000 http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-29166 Hello. Please Help Me Hello. Please Help Me

]]> by: Jason Jones http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-28223 Sat, 02 Dec 2006 00:17:39 +0000 http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-28223 Tom, The RPC filter is another good example - IIRC with access rules the filter is only able to handle the dynamic ports element of RPC, whereas when you use server publishing for RPC you gain access to filter based upon the actual UUID's (RPC interfaces) Exchange RPC Publishing is a good example of where using server publishing with route relationships is very cool! JJ Tom,

The RPC filter is another good example - IIRC with access rules the filter is only able to handle the dynamic ports element of RPC, whereas when you use server publishing for RPC you gain access to filter based upon the actual UUID’s (RPC interfaces)

Exchange RPC Publishing is a good example of where using server publishing with route relationships is very cool!

JJ

]]> by: Stefaan http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-27593 Thu, 30 Nov 2006 10:25:25 +0000 http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-27593 Hi Tom, are you sure about the address translation behavior with a route relationship? According to my findings as documented in http://blogs.isaserver.org/pouseele/2006/09/29/how-does-a-server-publishing-rule-behave-when-the-network-relationship-is-route/ I came to a different conclusion. Thanks, Stefaan Hi Tom,

are you sure about the address translation behavior with a route relationship?

According to my findings as documented in http://blogs.isaserver.org/pouseele/2006/09/29/how...route/ I came to a different conclusion.

Thanks,
Stefaan

]]> by: Steven Hope http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-27441 Thu, 30 Nov 2006 03:15:42 +0000 http://blogs.isaserver.org/shinder/2006/11/29/route-relationships-server-publishing-rules-and-port-stealing/#comment-27441 Nice write up Tom! I've always know you can use server publishing over a routed connection, but I haven’t ever really found a reason to do it as access rules always seem to do the job. Another filter that is only used in server publishing rules is the DNS filter, that is a GOOD reason to server publish your HQ AD DNS server instead of using an access rule! I need to play with more scenarios around this again, especially since you can connect to the destination IP which you can't do with NAT. It does make you wander why filters have a "direction" though considering you can just reverse a publishing rule into an access rule anyway to make a filter work in both directions. Steven Hope Architectural Consultant ViRCOM Microsoft Gold Certified Partner Web: www.vircom.co.uk Email: steven@vircom.co.uk Mobile: +44-780-188-1085 Blog: http://spaces.msn.com/members/stevenhope "There are 10 kinds of people in this world, those who understand binary and those who don't." Nice write up Tom!

I’ve always know you can use server publishing over a routed connection, but I haven’t ever really found a reason to do it as access rules always seem to do the job.

Another filter that is only used in server publishing rules is the DNS filter, that is a GOOD reason to server publish your HQ AD DNS server instead of using an access rule!

I need to play with more scenarios around this again, especially since you can connect to the destination IP which you can’t do with NAT. It does make you wander why filters have a “direction” though considering you can just reverse a publishing rule into an access rule anyway to make a filter work in both directions.

Steven Hope
Architectural Consultant
ViRCOM
Microsoft Gold Certified Partner
Web: www.vircom.co.uk
Email: steven@vircom.co.uk
Mobile: +44-780-188-1085
Blog: http://spaces.msn.com/members/stevenhope
“There are 10 kinds of people in this world, those who understand binary and those who don’t.”

]]>