"BG" <(E-Mail Removed)> wrote in message
news:9D233D00-6177-4001-A872-(E-Mail Removed)...
> I have the Firewall setup to block traffic on port 445, except for a
custom
> selection of addresses and I still see connections on local port 445 from
IP
> addresses outside the range. Does anyone have any experience on comparing
> how port reporter shows connections and the settings in the firewall?
>
> For example, say I have a network of computers with IP addresses of
> 131.180.240..xx and a subnet mask of 255.255.254.0. I only want traffic
to
> come from that network. I set the custom exception to
> 131.180.240.0/255.255.254.0. Is my custom exception list correct? Port
> reporter is showing connections to port 445 from an address like
> 131.180.200.20.
Don't know. Is the Device forcing "Classful Addressing"? If so, and if I'm
not mistaken, 131.x.x.x is a Class B,...therefore 131.180.200.x and
131.180.240.x would be in the same subnet (255.255.0.0) according to the
Class. I don't know,..it is just a shot in the dark.
Another thing to think about is that the Log may be showing "all" attempts
(allowed or denied) which would be the normal expected way for it to be
done. You can block them but you can never stop them from attempting,...it
just ain't gonna happen.
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html
Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------
Similar Threads
Linear Mode
