IP packet filters

  • Article
Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

With Internet Protocol (IP) packet filters, you can intercept and either allow or block packets destined for specific computers on your corporate network. You can configure two types of static IP packet filters: allow filters and block filters.

Allow filters are exception filters—all packet types are blocked except for those you specify. If you do not have a packet filter activated for a specific port, then the service cannot listen on that port unless the port is opened dynamically.

Block filters close the specified ports. You can create and configure block filters to further define the traffic allowed through the Microsoft Internet Security and Acceleration (ISA) Server computer. For example, you can create an allow filter that allows Transmission Control Protocol (TCP) traffic on port 25 between all internal and external hosts—in other words, Simple Mail Transfer Protocol (SMTP) communication is activated. You can then limit access, creating a block filter that blocks a set of external hosts—potential intruders—from sending TCP packets to port 25 on your ISA Server computer.

For more background information, see Packet filtering. For an example of how IP packet filters are used in a deployment scenario, see Three-homed perimeter network configuration.

IP packet filters are defined by the following parameters:

  • Servers. The filter allows or blocks communication on the specified server.

  • Protocol, port, and direction. The filter allows or blocks traffic at the specified port, using the specified protocol.

  • Local computer. The IP address of the computer in the internal network for which communication is open or blocked. You can specify a range or a single IP address on the ISA Server computer.

  • Remote computer. The IP address of the computer on the Internet for which communication is allowed or blocked.

For configuration instructions, see Apply an IP packet filter to a server, Configure a protocol for an IP packet filter, Configure an IP packet filter for a local computer, and Configure an IP packet filter for a remote computer.

Typically, you will follow these steps to create IP packet filters:

  1. Enable packet filtering. For more information, see Enable packet filtering.

  2. Create allow filters. This allows access between specified IP addresses at the specified ports and using the specified protocols.

  3. Create block filters. This blocks access to specific ports or from specific IPs completely. Block filters can be used to create exception to the allow filters.

For more background information on packet filters, see Packet filtering.

Logging dropped packets

When packet filter logging is active, ISA Server logs rejected packets. This helps you monitor attempts to break into the ISA Server computer. For more information, see Log blocked packets.