General discussion

Locked

How do i open a port in SBS 2000

By amikucki ·
The software I?m running is Microsoft Small Business Server 2000 with Exchange. What I need to do is initiate a TCP/IP connection to an outside server that is listening on port 3101. From my understanding I need to make sure that my firewall is configured to accommodate these types of outbound-initiated connections bi-directionally. So in a nutshell I need to open port 3101. Now I think you can do this by using a wizard in SBS 2000 called ?New IP Packet Filtering?, but I really have no clue where to go from here. Can anyone explain this to me and give me some type of detailed directions on how to go about this successfully without jeopardizing my network security? When I open this wizard there are a few different options but to me it?s all foreign. Can anyone offer some insight? Thank You!

This conversation is currently closed to new comments.

13 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Comments

Collapse -

by CG IT In reply to How do i open a port in S ...

ISA server 2000 on SBS 2000 has different levels for allowing communications. User level, program level, packet level, etc. The hiearchy is broad to narrow with user level being a broad level and packet filters/content filters being a very restrictive level. Just creating a packet filter alone will not automatically allow communications.

If you already have internet access on SBS 2000 with ISA server 2000 e.g.run the SBS internet connection wizard then you must look at access policies, site and content rules, AND also the "applies to" properties. Normally if you install AD the AD domain users group is added to the applies to properties for site and content rules. If the user account that your trying to use is not a member of the administrators group or domain users group they will be denied access. even if you create a packet filter allowing communications. Ensure that the account you are trying to use is is listed in the "applies to" properties of the domain access rule in ISA server. If not, you can manually add that user or the group that user belongs to, to the "applies to" properties of the site/content rule governing SBS 2000, Or you can remove the domain users group and add in the everyone group. the everyone group will allow all in the domain internet access.

Since you've created a packet filter for blackberry comm device, I'll assume you have the correct port or range of ports that need to be open. If you have a firewall appliance in front of ISA server, you need [must] have port fowarding configured on the firewall to foward all inbound traffic over that port to ISA servers external NIC ip address. If you don't do this step, inbound traffic over those ports will be dropped by the firewall.

Collapse -

by CG IT In reply to

Next is don't run the create a new packet filter from the administrators console in SBS 2000. click start, programs, ISA server and choose ISA management. you configure ISA server from the ISA mangement console. once in the ISA server management console, in the left pane, expand servers and arrays, expand your server name, navigate to Access Policy. Expand access policy and click on site and content rules. you should have a default rule. Click edit the default rule in the left pane and click on the "applies to" tab. Ensure that the domain users group is listed in the "applies to" section of the access policy rule.

next expand packet filters. If you created a packet filter it will be listed here. Verify that the packet filter you created for the blackberry device is listed and that there are not red dots on the filter. A red dot signifies that the filter is not enbable. To enable the filter right click and from the menue choose enable.

Collapse -

by amikucki In reply to

About your last comment: When i click on site and content rules, in the right pane displays 2 items. "Allow Rule" and "Back office internet access site and content rule". Which one is my default rule and i don't see the option to "edit default rule".

Also, the packet filter that i created doesn't have a red dot on it. It's enabled.

Back to Security Forum
13 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums