Forum

Utm-1 Checkpoint FT...
 
Bildirimler
Hepsini Temizle

Utm-1 Checkpoint FTP izinleri

5 Yazılar
2 Üyeler
0 Reactions
636 Görüntüleme
(@cozumpark)
Gönderiler: 16307
Illustrious Member Yönetici
Konu başlatıcı
 

Merhaba
Şirket ağındaki makinalar ftp sunucularına bağlanamıyorlar.
2 Adet güvenlik duvarı aktif durumdadır.
Önde Utm Checkpoint, Arkasında Isa firewall 2006 mevcut.
Isa üzerideki rule tanımlamamda ftp ye izin verdim. Read only seçeneğinide kaldırdım.

Ancak utm üzerinde ftp ye erişkin hiç bir ayar yapmadım. Utm üzerinde ftp ye ilişkin bir ayar yapmam gerekiyormu?
Gerekiyorsa nasıl bir kural oluşturmalıyım..

 
Gönderildi : 09/07/2008 15:25

(@esersolmaz)
Gönderiler: 3204
Illustrious Member Yönetici
 

Merhaba;


UTM üzerindeki kurallar nasıl bilmek lazım ?


UTM e gelen bütün istekler ISA danmı gelir ? Eğer böle ise ısa dan any ye ftp servisleri için accept dersen sorun düzelmeli.


İyi çalışmalar.

 
Gönderildi : 09/07/2008 20:03

(@cozumpark)
Gönderiler: 16307
Illustrious Member Yönetici
Konu başlatıcı
 

İstekler proxy den geliyor. Söylemiş olduğunuz kuralı yaptım. Ancak çözüm olmadı. Browser'da adresi yazınca şöyle bir hata alıyorum.
Error Code: 502 Proxy Error. The login request was denied. The logon account might have been disabled or logon information might have changed. Log on again to verify that the information was typed correctly. If the problem continues, report the problem to the administrator of the Internet server you are requesting. (12015)

 
Gönderildi : 10/07/2008 12:41

(@esersolmaz)
Gönderiler: 3204
Illustrious Member Yönetici
 

Users receive an "Error Code 502: Proxy error. The parameter is incorrect. (87)" error when they visit certain URLs after you configure HTTP content filtering based on signatures or on extensions in ISA Server 2004



function loadTOCNode(){}















Article ID : 894483
Last Review : December 4, 2007
Revision : 3.7


var sectionFilter = "type != 'notice' && type != 'securedata' && type != 'querywords'";
var tocArrow = "/library/images/support/kbgraphics/public/en-us/downarrow.gif";
var depthLimit = 10;
var depth3Limit = 10;
var depth4Limit = 5;
var depth5Limit = 3;
var tocEntryMinimum = 1;


SYMPTOMS


loadTOCNode(1, 'symptoms');

After you configure Microsoft Internet Security and Acceleration (ISA) Server 2004 to filter HTTP content based on signatures or on extensions, users in your organization experience the following symptom.

When a user visits certain URLs, that user receives the following error message in the Web browser:
Error Code 502: Proxy error. The parameter is incorrect. (87)
If you remove all signatures and extensions from the HTTP Filter settings, and if you configure the HTTP Filter component to allow all signatures and extensions, you no longer experience this problem.

Note For more information about how to configure the ISA Server 2004 HTTP Filter component, see the "More Information" section.

Back to the top


CAUSE


loadTOCNode(1, 'cause');

This problem occurs because of a problem in the ISA Server 2004 HTTP Security Filter component. This component is named HTTPFilter.dll.

Back to the top


RESOLUTION


loadTOCNode(1, 'resolution');


Service pack information


loadTOCNode(2, 'resolution');
To resolve this problem, obtain the latest service pack for Internet Security and Acceleration Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
891024 ( http://support.microsoft.com/kb/891024/) How to obtain the latest ISA Server 2004 service pack

Back to the top


Hotfix Information


loadTOCNode(2, 'resolution');
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites


loadTOCNode(3, 'resolution');
If you are running ISA Server 2004, Standard Edition, you must have ISA Server 2004 Service Pack 1 installed to apply this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
891024 ( http://support.microsoft.com/kb/891024/) How to obtain the latest ISA Server 2004 service pack

Restart requirement


loadTOCNode(3, 'resolution');
You do not have to restart your computer after you apply this hotfix.

Hotfix replacement information


loadTOCNode(3, 'resolution');
This hotfix does not replace any other hotfixes.

File information


loadTOCNode(3, 'resolution');
The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.
ISA Server 2004, Standard Edition

loadTOCNode(4, 'resolution');
   Date         Time   Version       Size     File name
---------------------------------------------------------
31-Mar-2005 18:22 4.0.2163.251 120.320 HTTPFilter.dll

ISA Server 2004, Enterprise Edition

loadTOCNode(4, 'resolution');
   Date         Time   Version       Size     File name
---------------------------------------------------------
03-Apr-2005 14:00 4.0.3440.251 128.792 HTTPFilter.dll

Back to the top


WORKAROUND


loadTOCNode(1, 'workaround');

To work around this problem, configure the options on the Signatures tab and on the Extensions tab of the HTTP Filter settings. To do this, follow these steps:







1. Remove all the signatures and extensions that are listed on these tabs.
2. Configure the HTTP Filter to allow all signatures and extensions.
For more information about how to configure the ISA Server 2004 HTTP Filter component, see the "More Information" section.

Back to the top


STATUS


loadTOCNode(1, 'status');

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Internet Security and Acceleration Server 2004 Service Pack 2.

Back to the top


MORE INFORMATION


loadTOCNode(1, 'moreinformation');

To configure the ISA Server 2004 HTTP Filter component to block or to allow all signatures and extensions for HTTP traffic, follow these steps:






















1. Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
2. In the left pane, expand ServerName, where ServerName is the name of the computer that is running ISA Server.

Note If you are running ISA Server 2004, Enterprise Edition, expand Arrays in the left pane, and then expand ServerName.
3. Click Firewall Policy.
4. In the center pane, right-click the access rule that you want to configure, and then click Configure HTTP.
5. In the Configure HTTP policy for rule dialog box, take one of the following actions:







To configure content blocking for content that contains certain signatures, click the Signatures tab.
To configure content blocking for content that contains certain extensions, click the Extensions tab.
6. Configure the options on the Signatures tab or on the Extensions tab to allow or to block the content that you want, and then click OK.
7. Click Apply to save your changes to the firewall policy, and then click OK.
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
824684 ( http://support.microsoft.com/kb/824684/) Description of the standard terminology that is used to describe Microsoft software updates

885957 ( http://support.microsoft.com/kb/885957/) How to install ISA Server hotfixes and updates

Back to the top

 
Gönderildi : 10/07/2008 13:49

(@cozumpark)
Gönderiler: 16307
Illustrious Member Yönetici
Konu başlatıcı
 

Bu ayarlar yapılı eser.
Ayrıca utm deki engeller kalktı.(Teşekkür ederim.) Ancak isa monitörden baktığımda ftp de hata olduğunu görüyorum.
Bunun için Isa nın altında bir başlık açtım.

 
Gönderildi : 10/07/2008 14:23

Paylaş: