Opening a series of ports

[mwesol]

Ok.. I setup a Protocol definition called IDIS
with the following:

Port Number: 21455
Protocol Type: TCP
Direction: Outbound

Secondary Connections

21450-21459 TCP Outbound
21450-21459 TCP Inbound
21559 TCP Outbound
21559 TCP Inbound

I then setup a Protocol Access Rule and picked the protocol definition.

I get further on the page but something is still not quite right as after I get the logon screen it just says DONE and doesn't go anywhere. like it is still blocked.

Here is the info I got for accessing this application.

The IDIS WEB application requires a series of ports (21450-21459 and the
pseudo port 21559) to be accessible from the grantee's network connection. For
those grantee locations that have security (firewalls, proxy, etc.) in place
this may require configuration changes. Opening a port for a specific
application and host does not, by itself, create a security problem since
without open 'ports' the network would be inaccessible for any application.
IDIS ports are configured for IDIS application only and should not respond to
other traffics (IP address).

Can anyone help?

Thanks
Mike

 

[eruss]

I have run into that same issue, no luck yet. No support from Hud except for what the say on the web. The only thing that I have found, but have been unsuccessful in achieving is a post about running a VisualBasicScript to add a FPCtunnelPort Range. something like that. If you want I could send that to you.

 

[mwesol]

Thanks for the info but I was able to get one of my programming guys to write up a VBS script to do it. That did the trick. It sounds like the same thing you did.

Thanks again for the response

Mike

 

[dput]

Yes, we had also ran into this previously and worked around it with a vbs script. Dan

 

[eruss]

I have tried to write the script but I get errors, could anyone post it here or could you email it to me at eruss@warren.org It would be greatly greatly appreciated.

Thank you

 

[eruss]

Could anyone also explain this "pseudo port" to me? I havent been able to find any explanations of what it is.

 

[eruss]

I have figured out the pseudo port. I have also found out that each port in the range is based on geographic location from the map. But it would still be helpful to have the exact VBS script that either one of you guys used to open the range. Thanks

 

[dput]

Here is the script I used:

set isa=CreateObject("FPC.Root&quot
set _
tprange=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tprange.AddRange("SSL 21455", 21450, 21459)
set tmp=tprange.AddRange("SSL 21", 21, 21)
tprange.Save

I hope this helps. Dan

 

[eruss]

I typed it in exactly. I am getting an error for Line 2 character 1 It says type mismatch:'set_' Code 800a000D.

Sorry to be a pain, but I have no experience with VBS.

Any help would be appreciated.
Thanks, Eddie

 

[mwesol]

This is what we use

set isa=CreateObject("FPC.Root&quot
set tprange=isa.Arrays.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set tmp=tprange.AddRange("SSL HUD IDIS PORT 21559", 21559, 21559)
tprange.Save

 

[dput]

Sorry, it looks like an underscore got added on line 2 when I copied it and pasted it. Dan

 

[eruss]

That did the trick, now the emulation is available. One problem still, I can not download files through the IDISDOWN utility it stops on the FTP:10049 bind. Any solutions?

 

[eruss]

Thank you both very much for your help!

 

[dput]

No problem. It is crazy the way they have IDIS working. I am not sure why they can't follow standard protocols. Dan

 

[eruss]

Dan, do you have any problems with the IDISDOWN utility, from the ISA server it runs, but from clients I get a FTP bind 10049 error which means the connection has been dropped. Most likely another ISA rule

 

[dput]

We don't have a problem with that, but we do allow our users to use FTP, do you have that limited? Dan

 

[eruss]

As far as I can see FTP is open for all users.