How to Allow Ping from Selected Computers to an ISA Server Computer
Ping is evil, we know. Many will shout now but hold your horses and continue reading. ISA Server is a firewall. You do not want to give the key to your house for the thief to steal it. Ping is the same, don't give someone the tool to flood your firewall with an unwanted traffic! Once you install ISA Server, you can no longer ping the machine that ISA Server is installed on.
Enable ping to ISA Server, but not from a wide open source Network, just enable it from a short list of machines, from the Remote Management Computers
Configuration
Open ISA Server Management Console, click Start > All Programs > Microsoft ISA Server > **ISA Server Management
**http://www.elmajdal.net/ISAServer/Installing_ISA_Server_2006_Remotely/ISA_Page_15_Open_ISA.jpg
Click the Firewall Policy node. As you can see, this is a fresh install of ISA Server 2006, and it still has its default Deny rule. We will not create any new rule to allow ping to ISA Server, we will be working with ISA Server System Policy. Click here to read more about System Policy.
From the right-side panel, under the Tasks tab, click **Edit System Policy
http://www.elmajdal.net/ISAServer/Administrating_ISA_Server_2006_Remotely_Using_MMC_and_Remote_Desktop_Connection/Remote_administration_isa_2006.JPG http://www.elmajdal.net/ISAServer/Administrating_ISA_Server_2006_Remotely_Using_MMC_and_Remote_Desktop_Connection/Remote_administration_isa_2006_2.JPG
**The System Policy Editor will open. In this article, we will be working with one System Policy rule, which falls under the Remote Management configuration group. The System Policy that we are going to work with in the System Policy Editor is ICMP (Ping).
By default ICMP (Ping) is enabled. "But why no one can ping the server?" This is because you will need to specify which machine(s) you are going to allow ping to your ISA Server. This can be configured by clicking the From Tab. By default, the Remote Management Computers is included under the From tab, and by default, the Remote Management Computers is empty and you will need to populate it.
Click the Remote Management Computers and then click the Edit Button. The Remote Management Computers Properties page will open. Here you can add a single Computer, an address range, or a complete subnet to the remote management computers. In this article, we are the only administrator of ISA Server. We will only allow ping from a Vista Laptop so we will add a computer, click the Add button, then click Computer
Browse to the computer that you want to add by clicking the Browse button, or start filling its name, IP address and a brief description if you want, once its set. Click OK
The Computer will be listed as shown below. Click OK
Click Apply so the changes take effect
http://www.elmajdal.net/ISAServer/Allowing_FTP_Uploads_Through_ISA_Server_2004_2006/Apply_button.JPG
Now, we will go to the laptop and start pinging the ISA Server.
As you can see from the image below, request time out was the first result of the ping. Once the changes took place after the Apply operation completed, reply responses started to come back as shown.
Before we conclude, let's show the details of this allow ICMP (Ping) rule. From the left side panel, click Firewall Policy. Below the menu bar, click the Show/Hide System Policy Rules button shown below in the red rectangle
All the System Policy rules will be displayed in details.
As you can see, the System Policy rule that we worked with is rule number 11
Summary
In this article, we enabled Ping from only Selected Computers to ISA Server. Do not enable ping from a wide range of computers or from all your internal network. Enable it only from few selected machines as you do not want to flood your Firewall with unneeded traffic.
[This article is also posted at ElMajdal.Net website: http://www.elmajdal.net/ISAServer/How_to_Allow_Ping_From_Selected_Computers_To_ISA_Server_Machine.aspx ]