Configuring protocol definitions
Microsoft Internet Security and Acceleration (ISA) Server includes a wide variety of preconfigured protocol definitions, which you can use when you create protocol rules or server publishing rules. Server publishing rules use protocol definitions whose direction is inbound. For more information, see Server publishing rules and Protocol rules.
In addition, application filters may also include protocol definitions. They can be included when you install ISA Server, or you can install them later. You can further expand the set of protocol definitions by using ISA Management to create your own.
For more information, see Protocol rules and Create a protocol definition.
User-defined protocol definitions can be edited or deleted. Protocol definitions installed with application filters cannot be modified, although they can be deleted. Protocol definitions included with ISA Server cannot be modified or deleted.
When you create a protocol definition, you specify the following:
| • | Port number. This is a port number between 1 and 65535 that is used for the initial connection. |
| • | Low-level protocol. Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). |
| • | Direction. Send only, Receive only, Send receive, Receive send (for UDP protocol) or Inbound, Outbound (for TCP protocol). |
| • | (Optional) Secondary connections. This is the range of port numbers, protocol, and direction used for additional connections or packets that follow the initial connection. You can configure one or more secondary connections. |
Direction
You can configure the direction of the traffic flow when you create a protocol definition. The way you specify the direction of the traffic determines how packets will be communicated. For TCP, the direction determines the direction of the initial communication. For UDP, the direction determines the flow of traffic. For example, you can configure a protocol rule that allows internal clients to initiate TCP communication on port 80 by specifying the direction as Outbound. The server with which the client is communicating can respond to the client request but cannot initiate communication.
Web protocols
You can use the taskpad to create a protocol rule that allows users to access the Internet using only specific Web protocols. The table below lists the Web protocol definitions that are preconfigured when you install ISA Server, either by ISA Server or by an application filter installed with ISA Server.
| Name | Port number | Protocol type | Defined by | Description |
FTP | 21 | Transmission Control Protocol (TCP) | FTP access filter | File Transfer Protocol (FTP), used for copying files between hosts. |
FTP Download Only | 21 | TCP | FTP access filter | FTP, used for downloading files from FTP server to FTP client. |
Gopher | 70 | TCP | ISA Server | Menu-driven front end to other Internet services, including Archie and Wide Area Information Server (WAIS). |
HTTP | 80 | TCP | ISA Server | Hypertext Transfer Protocol (HTTP), used to implement the World Wide Web. |
HTTPS | 443 | TCP | ISA Server | Version of HTTP that uses Secure Sockets Layer (SSL) for encryption. |
Application filters and protocol definitions
Protocol definitions that are included with application filters do not have secondary connections. This is because the application filter itself informs the ISA Server computer which secondary connections to open for the client, according to the specific protocols. Here's how it works:
1. | The client opens a primary connection to a server on the Internet. |
2. | The ISA Server computer notifies the filter about the connection. |
3. | The filter examines the data that is flowing through the primary connection and determines which secondary connection the client is going to use. |
4. | The filter informs the ISA Server computer to allow that particular secondary connection. |
5. | The ISA Server computer opens the specific port, as indicated by the application filter. |
Some application filters create and install new protocol definitions. When the application filter is disabled, all its protocol definitions are also disabled. That is, traffic that uses the protocol definition is blocked. For example, if you disable the streaming media filter, then all traffic that uses the Windows media and Realnetworks protocol definitions is blocked.
Other application filters filter traffic of existing protocol definitions, either user-defined or configured by ISA Server. When these application filters are disabled, the protocol definitions that they filter are not disabled. For example, even if you disable the Simple Mail Transfer Protocol (SMTP) filter, SMTP protocol definitions might still be allowed to pass (unfiltered).
For more information, see Application filters.
Protocol definitions that are installed with ISA Server
The table below lists some of the protocol definitions that are included with ISA Server.
| Protocol Name | Description |
AOL | AOL Internet Access |
AOL Instant Messenger |
|
Archie |
|
BOOTP | Bootstrap |
Chargen (TCP) | Character generator (TCP) |
Chargen (UDP) | Character generator (UDP) |
Daytime (TCP) |
|
Daytime (UDP) |
|
Destination Unreachable |
|
Discard (TCP) |
|
Discard (UDP) |
|
DNS | Domain Name System |
DNS (Zone transfer) |
|
DNS Server | Domain Name System (server) |
DNS Server - zone transfer |
|
Echo (TCP) |
|
Echo (UDP) |
|
Echo Reply |
|
Echo Request |
|
Exchange RPC Server |
|
Finger |
|
FTP | File Transfer Protocol |
FTP Download-only | File Transfer Protocol - Download only |
FTP Server | File Transfer Protocol (server) |
FTP Server - Read only | File Transfer Protocol (server) - Read only |
Gopher |
|
H.323 | H.323 video conferencing |
HTTP | Hypertext Transfer Protocol |
HTTP Server | Hypertext Transfer Protocol (server) |
HTTPS | Secure Hypertext Transfer Protocol |
HTTPS Server | Secure Hypertext Transfer Protocol (server) |
ICA | Citrix Intelligent Console Architecture |
ICQ | ICQ instant messenger |
Ident |
|
IKE | Internet Key Exchange |
IMAP4 | Interactive Mail Access Protocol |
IMAPS | Secure Interactive Mail Access Protocol |
IRC | Internet Relay Chat |
Kerberos-Adm | Kerberos administration |
Kerberos-IV | Kerberos IV authentication |
Kerberos-Sec | Kerberos V authentication |
LDAP | Lightweight Directory Access Protocol |
LDAP GC (Global Catalog) |
|
LDAPS | Secure Lightweight Directory Access Protocol |
Microsoft SQL Server |
|
MSN | MSN Internet Access |
MSN Messenger |
|
Net2Phone |
|
Net2Phone Registration |
|
NetBIOS Datagram |
|
NetBIOS Name Service |
|
NetBIOS Session |
|
NNTP | Network News Transfer Protocol |
NNTPS | Secure Network News Transfer Protocol |
NTP (UDP) | Network Time Protocol (UDP) |
Parameter Problem |
|
POP2 | Post Office Protocol v.2 |
POP3 | Post Office Protocol v.3 |
POP3S | Secure Post Office Protocol v.3 |
PPTP | Point-to-Point Tunneling Protocol |
Quote (TCP) | Quote of the day (TCP) |
Quote (UDP) | Quote of the day (UDP) |
RADIUS | Remote Authentication Dial-In User Service |
RADIUS Accounting |
|
RDP (Terminal Services) | Remote Desktop Protocol (Terminal Services) |
RealAudio / RealVideo | RealNetworks streaming media (PNM) |
RealAudio / RealVideo Server | RealNetworks streaming media (PNM) (server) |
Redirect |
|
RIP | Routing Information Protocol |
Rlogin | Remote login |
RPC | Remote Procedure Call |
RPC port mapper | Remote Procedure Call port mapper (server) |
RTSP | Real Time Streaming Protocol |
RTSP Server | Real Time Streaming Protocol (server) |
SMTP | Simple Mail Transfer Protocol |
SMTP Server | Simple Mail Transfer Protocol (server) |
SMTPS | Secure Simple Mail Transfer Protocol |
SNMP | Simple Network Management Protocol |
SNMP Trap | Simple Network Management Protocol - Trap |
Source Quence |
|
SSH | Secure Shell |
Syslog |
|
Telnet |
|
Telnet Server |
|
TFTP | Trivial File Transfer Protocol |
Time (TCP) |
|
Time (UDP) |
|
Time Exceeded |
|
Timestamp Reply |
|
Timestamp Request |
|
Whois | Nickname/Whois protocol |
Windows Media | Microsoft streaming media |
Windows Media Server | Microsoft streaming media (server) |