How to configure the firewall policy if pcAnywhere is installed on a computer that is running ISA Server 2006 or ISA Server 2004 (838111)

INTRODUCTION

This article describes how to configure the Microsoft Internet Security and Acceleration (ISA) Server 2006 or ISA Server 2004 firewall policy to permit Symantec Corporation pcAnywhere version 9.0 or later to function correctly when the third-party program is installed on the ISA Server-based computer. To permit pcAnywhere functionality, you must configure protocol definitions and an access rule to permit the following traffic:

• Transmission Control Protocol (TCP) traffic on port 5631.
• User Datagram Protocol (UDP) traffic on port 5632.

Note This article describes how to publish pcAnywhere only if pcAnywhere is installed on the computer that is running ISA Server. If pcAnywhere is installed on a client computer that is behind ISA Server, use the procedure that is described in the following Microsoft Knowledge Base article: back to the top

Configure the TCP port 5631 protocol definition

Create a protocol definition for TCP port 5631. To do so, follow these steps:

1. Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
2. In the left pane, expand ServerName, where ServerName is the name of the ISA Server computer, and then click Firewall Policy.
3. In the right pane, click the Toolbox tab.
4. In the Protocols area, click New, and then click Protocol.
5. In the Protocol definition name box, type a descriptive name for the protocol definition, and then click Next.
6. In the Primary Connection Information dialog box, click New.
7. In the Protocol type list, click TCP.
8. In the Direction list, click Inbound.
9. In the Port Range area, type 5631 in the From box, type 5631 in the To box, and then click OK.
10. Click Next.
11. When you are prompted if you want to use secondary connections, click No, and then click Next.
12. Click Finish.

back to the top

Configure the UDP port 5632 protocol definition

Create a protocol definition for UDP port 5632. To do so, follow these steps:

1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Server Management.
2. In the left pane, click Firewall Policy.
3. In the right pane, click the Toolbox tab.
4. In the Protocols area, click New, and then click Protocol.
5. In the Protocol definition name box, type a descriptive name for the protocol definition, and then click Next.
6. In the Primary Connection Information dialog box, click New.
7. In the Protocol type list, click UDP.
8. In the Direction list, click Receive Send.
9. In the Port Range area, type 5632 in the From box, type 5632 in the To box, and then click OK.
10. Click Next.
11. When you are prompted if you want to use secondary connections, click No, and then click Next.
12. Click Finish.

back to the top

Configure the TCP port 5631 and UDP port 5632 access rule

Create an access rule that is based on the protocol definitions. To do so, follow these steps:

1. In ISA Server Management, click Firewall Policy in the left pane.
2. In the right pane, click the Tasks tab, and then click Create New Access Rule.
   
   Note In ISA Server 2006, click Create Access Rule.
3. In the Access rule name box, type a descriptive name for the access rule, and then click Next.
4. In the Rule Action dialog box, click Allow, and then click Next.
5. In the This rule applies to list, click Selected protocols.
6. Click Add.
7. Expand User-Defined, click the protocol definition that you created for TCP port 5631, click Add, click the protocol definition that you created for UDP port 5632, click Add, click Close, and then click Next.
8. In the Access Rule Sources dialog box, click Add.
9. Locate, and then click the network entity that you want to add, and then click Add. For example, to permit access from the external network, expand Networks, click External, and then click Add.
10. To add more than one network entity, repeat step 9 for each network entity that you want to add, click Close, and then click Next.
    
    Note Because ISA Server 2006 and ISA Server 2004 apply policies regardless of source network, you may have to permit access from the internal network to the local host. This depends on the specific access rules that you have defined.
11. In the Access Rules Destinations dialog box, click Add.
12. Expand Networks, click Local Host, click Add, click Close, and then click Next.
13. In the User Sets dialog box, click Next if you want to leave the default All Users user set option.
    
    Note If you do not want the rule to apply to all users, click All Users under This rule applies to requests from the following user sets, and then click Remove.
14. To add a user set, click Add, locate and then click the user set that you want to add, and then click Add.
15. To add more than one user set, repeat step 14 for each user set that you want to add, click Close, and then click Next.
16. Click Finish.
17. Click Apply to save the changes and to update the firewall policy, and then click OK.

Note If there is a service failure and the ISA Server 2004-based computer goes in lockdown mode, pcAnywhere traffic will be blocked because lockdown mode restricts the type of traffic that is permitted through the ISA Server 2004.

For more information about Microsoft Internet Security and Acceleration (ISA) Server lockdown mode, in the ISA Server Management console, click Help on the Action menu, type lockdown mode in the Type in the word(s) to search for box, and then click List Topics to view the list of topics returned.

back to the top

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.