Walking the Line – A New Blog

Walking the Line is my new blog on small business security. While this blog is exclusively about configuring ISA, the other blog will cover a wide variety of security topics. It also won’t be purely technical but will contain opinion. I’m a small business consultant out there in the field with my techs maintaining real life small business networks. If you’re into keeping it real and want to know what happens to your clients when you implement “best practices”, then this blog will be the place to be. I also plan to call out security screw ups by vendors. Yep, sometimes I’ll rant a bit.

I expect to post to Walking the Line a couple of times a month. So please check it out and subscribe.

Enable this App: Lacerte

How to Allow Lacerte. This information comes from Jim Page. My comments are in italics. However, take my comments with a grain of salt because I have no clients using Lacerte to test them.

Basically create an “New Access Rule”, “ALLOW”, “PROTOCOLS” create OUTBOUND TCP for 10010,10020,10030,10040,10050-10052,10060,10070,10099, and I did 1275,1277,1278 (was in the MS 839503 article. Not sure if it’s needed) Workstations running the Firewall client should be able to request use of any outbound protocol. So this step should not be necessary if you have installed the Firewall Client.
FROM=”All Protected Networks”
TO= Created two sets, 1 is range 198.31.208.130-198.31.208.145 the other is just 208.240.240.200

Users= “All users” Can’t get it to work if I pick anything else. This means that Lacerte doesn’t authenticate to the server when it requests access to the Internet.

Schedule=”Always”

Content Types=”All content types”

Now I have seen that Lacerte is using other ports to communicate to 208.240.240.200, and ISA denies access. These ports so far are 3106,3130,3132, and some in the 8000 range (didn’t right them all down) I have a call into Lacerte to see if they do anything.

The mistakes that I have seen in other articles: They say to setup INBOUND and that the FROM and TO objects were incorrect.