×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Security, hacker detection & forensics FAQ

ISA Logging

What does Rule #1 and Rule 2# Tell me in FWSEXTD-Logfile by Knutern
Posted: 11 Dec 03 (Edited 11 Dec 03)

Many customers have asked me how do they know if a request is either acceptet or not.

Right click on "ISA Server Firewall service" (open Servers and Arrays, Servername/Array, Monitoring Configuration, Logs)and select "Properties". On the "Field" page, scroll down and select Rule #1 and Rule 2#

Their meanings are:
Rule #1 This reflects the rule that either allowed or denied access to the request, as follows:
  • If an outgoing request is allowed, this field reflects the protocol rule that allowed the request.

  • If an outgoing request is denied by a protocol rule, this field reflects the protocol rule.

  • If an outgoing request is denied by a site and content rule, this field reflects the protocol rule that would have allowed the request.

  • If an incoming request was denied, this field reflects the Web publishing or server publishing rule that denied the request.

  • If no rule specifically allowed the outgoing or incoming request, the request is denied. In this case, the field is empty.

Rule #2 This reflects the second rule that either allowed or denied access to the request.
  • If an outgoing request is allowed, this field reflects the site and content rule that allowed the request.

  • If an outgoing request is denied by a site and content rule, this field reflects the site and content rule that denied the request.

  • If no rule specifically allowed the outgoing or incoming request, the request is denied. In this case, the field is empty.

Back to Security, hacker detection & forensics FAQ Index
Back to Security, hacker detection & forensics Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close