Difference between Packet Filter and Protocol Rules ?????

[joeka77]

Hello! This question isn´t as easy as it sounds. I know, that Packet Filters and Protocol Rules are working on differnt layers. I can filter user names only at the Protocol Rules layer and so on. But why have i to define Ports at both layers for getting some services working, and not for others?? Example: For most Protocols (SMTP, POP3) i have to open the ports on the protocol layer as well as at the packet layer (ok so far). If i define a HTTP-Port at the protocol layer i don´t need a packet filter to get http running. Can anybody tell me, IN WHICH CASES I have do define packet AND protocol rules and IN WHICH CASES one of both is sufficient! Please help me understanding this connection between both layers!
Greetings Joe

 

[Sithl0rd]

Protocol Rules allow ISA clients to send traffic through the ISA Firewall. ISA dynamically opens the ports needed for the protocols when a client accesses them. You can have an ISA server working fine without any IP Packet Filters defined. IP packet filters just pass traffic at the packet level and statically opens ports on the ISA Server, which doesnt mean a client can use that port unless there is a protocol rule.
I use Packet filters only if i want a service to be seen only on the local ISA server or the ISA server needs access to a service, ie SMTP server, DNS lookups.
It also is a good idea to have packet filters defined if you have IP Routing enabled, to pass ICMP traffic.

 

[lck092580]

Woh.. i thought an if a IP packet filter exists then it wouldn't matter if there was a protocol rule or not. Thanks for the info SithLord..

Jedi