网络管理

Web Address: http://www.diigo.com/list/sunjianguo/wangluo

You are here: Diigo Home > sun jianguo > sun jianguo's lists

sun jianguo

Items:1 | Visits:17

Category:Computers & Internet | Tags:网络, network

Created:on 2008-04-15 | Updated:on 2008-04-18

1 - 1 of 1

Expand All

2Expand
Extending the ISA Firewall’s SSL Tunnel Port Range (2004)

Tags: isa on 2008-04-24 -All Annotations (0) -About

more fromwww.isaserver.org
- Perform the following steps to extend the ISA firewall’s SSL tunnel port range:
- Go to www.isatools.org and download the isa_tpr.js
  file (http://www.isatools.org/isa_tpr.js) and copy that
  file to your ISA firewall. Do not use the browser on the firewall.
  Download the file to a management workstation, scan the file, and then copy the
  file to removable media and then take it to the ISA firewall. Remember,
  never use client applications, such as browsers, e-mail clients, etc. on
  the firewall itself.
  Double click the isa_tpr.js file. The first dialog box you see states
  This is your current Tunnel Port Range list. Click OK.
  The NNTP port is displayed. Click OK.
  The SSL port is displayed. Click OK.
  Now copy the isa_tpr.js file to the root of the C: drive. Open a
  command prompt and enter the following:
  
  isa_tpr.js /?
  
  You will see the following dialog box.
  
  To add a new tunnel port, such as 8848 enter the following command
  and press ENTER:
  
  Cscript isa_tpr.js /add Ext8848 8848
  
  You will see something like what appears in the figure below after the
  command runs successfully.
  
  Alternatively, you can download the .NET application, ISATpre.zip file
  at http://www.isatools.org/ISAtrpe.zip (written by
  Steven Soekrasno) from the www.isatools.org site and install the application
  on the ISA firewall. This application provides an easy to use graphical
  interface that allows you to extend the SSL tunnel port range. The figure below
  shows what the GUI for this application looks like.
  
  Just enter the first port and last port you want to include in the SSL tunnel
  port range in the LowPort and HighPort text boxes and click the
  Add Tunnel Range button. Then click the Refresh button to see the
  new SSL tunnel port range in the list.
  
  Note that if you have unbound the Web Proxy filter from the HTTP protocol,
  then Firewall and SecureNAT client connections made through the ISA firewall
  will not be redirected to the Web Proxy Filter. In this case, you can create a
  Protocol Definition for the alternate SSL port and then create an Access Rule
  allowing outbound access to that protocol.
  
  I hope you enjoyed
  this article and found something in it that you can apply to your own network.
  If you have any questions on anything I discussed in this article, head on over
  to http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=34;t=000081 and post a message. I’ll
  be informed of your post and will answer your questions ASAP. Thanks!
  –Tom
  
  If you would like us to email you when Tom Shinder releases another
  article on ISAserver.org, subscribe to our 'Real-Time Article Update' by
  clicking here. Please note that we do NOT sell or rent the
  email addresses belonging to our subscribers; we respect your
  privacy.

Expand All

1 - 1 of 1

List 20 50 100

List Comments (0)

网络管理

Extending the ISA Firewall’s SSL Tunnel Port Range (2004)

Diigo - Highlight and Share the Web!