We are doing a trial version of SOS. It works great on our LAN and across our internal VPN connections. We have the test server in Canada with our remote users in other countries around the world.
We would like to now try to expose our SOS server to our remote users via the internet and through our Microsoft ISA firewall.
Can you give me some direction on how to configure this. We've done a fair amount of research but no luck on this so far.
Thanks for your help.
Brian
Access SOS via internet through Microsoft ISA firewall
Moderator: SourceGear
We don't provide any official support for firewalls. However an SOS user shared this configuration with one of our mailing lists:
The following information was recently provided by one of the SOS users on our SOS technical mailing list regarding configuring MS ISA on Windows 2000 to give access to port 8080:
Depends which side of the firewall the SOS server will be. For these
purposes, "Client" means the SOS client is behind the firewall, and "Server"
means the SOS server is behind the firewall.
First, you need to define the protocols that SOS uses:
In ISA Management, go to Policy Elements / Protocol Definitions
Go Actions... New... Definition
Enter a name for the protocol, e.g. "SOS Client"
Set the following:
Port Number : 8080
Protocol: TCP
Direction: Outbound
Secondary Connections: NONE
For secure client, do the same but with Port Number = 8081
Then for the server side: Create a new definition. e.g. "SOS Server"
Set the following:
Port Number : 8080
Protocol : TCP
Direction: Inbound
Secondary connections: NONE
Repeat with port 8890 for secure connections.
To allow client access:
Go to "Access Policy / Protocol Rules"
Action... New... Rule
Give it a name, e.g. "allow SOS client"
Rule action: ALLOW
Apply rule to: "SOS CLient" (or whatever you named the protocol
definition)
Set scheduling and client-set options according to your needs.
For the server case (server behind the firewall)
Go to "Publishing / Server Publishing Rules"
Action... New... Rules
Enter a name, e.g. "Publish SOS Server"
Enter the IP address of the internal server.
Enter the IP address on the ISA server (or choose "browse" and select the IP
address.
Select the SOS Server protocol defined earlier.
Set "Client Type" as appropriate.
Done... within a couple of minutes, the ISA services will update.
I hope this information is of help.
The following information was recently provided by one of the SOS users on our SOS technical mailing list regarding configuring MS ISA on Windows 2000 to give access to port 8080:
Depends which side of the firewall the SOS server will be. For these
purposes, "Client" means the SOS client is behind the firewall, and "Server"
means the SOS server is behind the firewall.
First, you need to define the protocols that SOS uses:
In ISA Management, go to Policy Elements / Protocol Definitions
Go Actions... New... Definition
Enter a name for the protocol, e.g. "SOS Client"
Set the following:
Port Number : 8080
Protocol: TCP
Direction: Outbound
Secondary Connections: NONE
For secure client, do the same but with Port Number = 8081
Then for the server side: Create a new definition. e.g. "SOS Server"
Set the following:
Port Number : 8080
Protocol : TCP
Direction: Inbound
Secondary connections: NONE
Repeat with port 8890 for secure connections.
To allow client access:
Go to "Access Policy / Protocol Rules"
Action... New... Rule
Give it a name, e.g. "allow SOS client"
Rule action: ALLOW
Apply rule to: "SOS CLient" (or whatever you named the protocol
definition)
Set scheduling and client-set options according to your needs.
For the server case (server behind the firewall)
Go to "Publishing / Server Publishing Rules"
Action... New... Rules
Enter a name, e.g. "Publish SOS Server"
Enter the IP address of the internal server.
Enter the IP address on the ISA server (or choose "browse" and select the IP
address.
Select the SOS Server protocol defined earlier.
Set "Client Type" as appropriate.
Done... within a couple of minutes, the ISA services will update.
I hope this information is of help.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager