Firewall client channel setup-Just before the Data channel setup


 Firewall client channel setup-Just before the Data channel setup

This is in response to a query posted by one of the readers on My blog post http://blogs.technet.com/b/sooraj-sec/archive/2010/07/28/firewall-client-and-isa-server-how-a-data-channel-is-negotiated-over-firewall-client-control-channel.aspx

After the initial TCP handshake on the port1745 by the Firewall client.

Firewall client sends the Channel setup request as below, please notice the OpCode that says that its a request for firewall client control channel setup. it also has the username who has logged on to the machine sending the request along with the process i.e. iexplore.exe and the name of the machine surajsinghLaptop-01 and the operating system on that machine i.e Windows 7 x32

  - RwstPacket: Channel setup request (ISA Server compatible) for iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
     NullChar: 0 (0x0)
     ProtoSig: RWS
     PktLen: 365 (0x16D)
     Reserved1: 0 (0x0)
     Flags: 0 (0x0)
     Reserved2: 0 (0x0)
     OpCode: Channel setup
   - RwsMessage: request (ISA Server compatible) for iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
    - SetupData: request (ISA Server compatible) for iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
       Padding: Binary Large Object (18 Bytes)
       MinVersion: ISA Server compatible
       MaxVersion: ISA Server compatible
       Authentication: not required
       Reserved: 0 (0x0)
     + SetupFlags: KeepSession: False; RouteMode: True; ServerEncrypt: False; ClientEncrypt: False
       dwReserved: 0 (0x0)
     + DiagBuf:
       Padding: Binary Large Object (178 Bytes)
     - ClientInfo: iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
        Size: 84 (0x54)
      + OsVerInfo: running Windows 7 x32
        CPU: 586 (0x24A)
      + DosVer:
        Reserved: 0 (0x0)
        offUserName: 48 (0x30)
        offMachineName: 58 (0x3A)
        offAppName: 71 (0x47)
        UserName: testuser
        HostName: surajsinghLaptop-01
        AppName: iexplore.exe

Then ISA server Responds with following

 - RWS: Channel setup response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
  - RwstPacket: Channel setup response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
     NullChar: 0 (0x0)
     ProtoSig: RWS
     PktLen: 281 (0x119)
     Reserved1: 0 (0x0)
     Flags: 0 (0x0)
     Reserved2: 0 (0x0)
     OpCode: Channel setup
   - RwsMessage: response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
    - SetupData: response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
       Padding: Binary Large Object (18 Bytes)
       MinVersion: ISA Server compatible
       MaxVersion: ISA Server compatible
       Authentication: not required
       Reserved: 0 (0x0)
     + SetupFlags: KeepSession: False; RouteMode: True; ServerEncrypt: False; ClientEncrypt: False
       dwReserved: 0 (0x0)
     + DiagBuf:
     Unparsed: Binary Large Object (178 Bytes)

In reply it tells if encryption is required for this control channel or not similary if authentication is required or not. Depending upon the settings on the ISA server for its Firewall clients as Firewall clients receive these settings from the ISA server everytime the Firewall client machine is rebooted or firewall client service is restarted.

Comments (0)

Skip to main content