Deb Shinder Blog RSS

All Blogs  »  Deb Shinder Blog  »  ISA Central  »  Blog article: What Happens in Lockdown Mode?

What Happens in Lockdown Mode?

I recently ran into a situation where a machine went into lockdown mode because of a lack of disk space. I won’t tell you how we got into that situation, but it wasn’t my fault :) image

What happens in lockdown mode? Check it out:

  • The Firewall Packet Filter Engine (fweng) applies the firewall policy.
  • Outgoing traffic from the Local Host network to all networks is allowed. If an outgoing connection is established, that connection can be used to respond to incoming traffic. For example, a DNS query can receive a DNS response, on the same connection.
  • No incoming traffic to the firewall is allowed, unless a system policy rule that specifically allows the traffic is enabled. The one exception is Dynamic Host Configuration Protocol (DHCP) traffic, which is always allowed. DHCP requests on User Datagram Protocol (UDP) port 67 are allowed from the Local Host network to all networks, and DHCP replies on UDP port 68 are allowed back in.
  • The following system policy rules are still applicable:
    • Allow Internet Control Message Protocol (ICMP) from trusted servers to the local host.
    • Allow remote management of the firewall using MMC (RPC through port 3847).
    • Allow remote management of the firewall using Remote Desktop Protocol (RDP).
  • VPN remote access clients cannot access ISA Server. Similarly, access is denied to remote site networks in site-to-site VPN scenarios.
  • Any changes to the network configuration while in lockdown mode are applied only after the Firewall service restarts and ISA Server exits lockdown mode. For example, if you physically move a network segment and reconfigure ISA Server to match the physical changes, the new topology is in effect only after ISA Server exits lockdown mode.
  • ISA Server does not trigger any alerts.

BTW – you should make sure that you don’t run out of disk space on your firewall. You can use System Center or other network management console to do this. If you want a Windows alert, here’s how you do it in Windows Server 2003 http://support.microsoft.com/kb/324796

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: tshinder@isaserver.org
MVP — Forefront Edge Security (ISA/TMG/IAG)

This entry was posted on Wednesday, June 3rd, 2009 at 4:43 pm and is filed under ISA Central. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “What Happens in Lockdown Mode?”

  1. Jeff Vandervoort Says:

    September 27th, 2009 at 12:04 pm

    Aside from disk space, what are the conditions that put ISA in lockdown mode?

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 5 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a




Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Follow TechGenix on Twitter