| |
 |
|
|
|
|
|
Published
|
: |
January 21, 2008 |
|
Last Updated |
: |
January 21, 2008 |
|
|
|
|
|
Introduction |
Ping is evil, yes I know. Many will shout on me now, hold
your
horses and continue reading. ISA Server is a
Firewall, you do not want to give the key of your house
for the thief to steal it, ping is the same, don't give someone the tool to flood your Firewall with an unwanted traffic ! Once you
install ISA Server, you can no longer ping the machine
that ISA Server is installed on.
|
|
|
Enable ping to
ISA Server, but not from a wide open source Network,
just enable it from a short list of machines, from the
Remote Management Computers
Configuration
-
Open ISA Server Management
Console, Click on
Start
> All Programs > Microsoft
ISA Server >
ISA
Server Management
- Click on the
Firewall
Policy node, as you can see, this is a
fresh install of ISA Server 2006, and it still has
its default Deny rule. We will not
create any new rule to allow Ping to ISA Server, we
will be working with ISA Server System Policy,
Click
here
to read more about System Policy.
-
From the right side panel, under the
Tasks tab, click on the
Edit
System Policy
The System Policy Editor will open, in this
article we will be working with one System Policy
rule, which falls under the Remote
Management configuration group, the System
Policy that we are going to work with in this
article from the System Policy Editor is ICMP (Ping)
-
By default ICMP
(Ping) is Enabled, it is ? OK ! then why no one can
ping the server ? This is because you will need to
specify from which machine(s) you are going to allow
ping to your ISA Server, this can be configure by
clicking on the From Tab, by
default the
Remote Management
Computers
is included under the From tab, and by
default , the Remote Management Computers is empty
and you will need to populate it.
- Click on the
Remote Management Computers
and then click on the Edit Button,
the Remote Management Computers Properties
page will open, here you can add a single Computer,
an address range, or a complete subnet to the remote
management computers, in this article, I am the only
administrator of ISA Server, and I will only allow
ping from my Vista Laptop, so I will add a
Computer, click the Add button ,
then click on Computer
- Click on the
Remote Management Computers
and then click on the Edit Button,
the Remote Management Computers Properties
page will open, here you can add a single Computer,
an address range, or a complete subnet to the remote
management computers, in this article, I am the only
administrator of ISA Server, and I will only allow
ping from my Vista Laptop, so I will add a
Computer, click the Add button ,
then click on Computer
-
Browse to the computer that you want
to add by clicking on the
Browse button, or start filling its
name, IP address and a brief description if you
want, once its set, click on the OK
Button
The Computer will be listed as shown below, Click on
the OK button
- Click the
Apply button so the changes take effect
- Now, I will go to my laptop and start pinging my ISA
Server.
As you can see from the image below, request time
out was the first result of the ping, then once the
changes took place after the Apply operation
completed, reply responses started to come back as
shown.
Before I conclude , I want to show the details of
this allow ICMP (Ping) rule. From the left side
panel, click on Firewall Policy, then below the menu
bar, click on the Show/Hide
System Policy Rules button shown below in the red rectangle
All the System Policy rules will be displayed in
details.
As you can see, the System Policy rule that we
worked with is rule number 11
Summary
In
this article, we enabled Ping from only
Selected Computers to ISA Server. Do not enable ping from a wide range of computers or from all your Internal Network, enable it only from few
selected machines. Believe me you do
not want to flood your Firewall with unneeded traffic.
|
|
|
|
| |
|
|
|
