Firewall client channel setup-Just before the Data channel setup

  • Article

 Firewall client channel setup-Just before the Data channel setup

This is in response to a query posted by one of the readers on My blog post https://blogs.technet.com/b/sooraj-sec/archive/2010/07/28/firewall-client-and-isa-server-how-a-data-channel-is-negotiated-over-firewall-client-control-channel.aspx

After the initial TCP handshake on the port1745 by the Firewall client.

Firewall client sends the Channel setup request as below, please notice the OpCode that says that its a request for firewall client control channel setup. it also has the username who has logged on to the machine sending the request along with the process i.e. iexplore.exe and the name of the machine surajsinghLaptop-01 and the operating system on that machine i.e Windows 7 x32

  - RwstPacket: Channel setup request (ISA Server compatible) for iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
NullChar: 0 (0x0)
ProtoSig: RWS
PktLen: 365 (0x16D)
Reserved1: 0 (0x0)
Flags: 0 (0x0)
Reserved2: 0 (0x0)
OpCode: Channel setup
- RwsMessage: request (ISA Server compatible) for iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
- SetupData: request (ISA Server compatible) for iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
Padding: Binary Large Object (18 Bytes)
MinVersion: ISA Server compatible
MaxVersion: ISA Server compatible
Authentication: not required
Reserved: 0 (0x0)
+ SetupFlags: KeepSession: False; RouteMode: True; ServerEncrypt: False; ClientEncrypt: False
dwReserved: 0 (0x0)
+ DiagBuf:
Padding: Binary Large Object (178 Bytes)
- ClientInfo: iexplore.exe as testuser on surajsinghLaptop-01 running Windows 7 x32
Size: 84 (0x54)
+ OsVerInfo: running Windows 7 x32
CPU: 586 (0x24A)
+ DosVer:
Reserved: 0 (0x0)
offUserName: 48 (0x30)
offMachineName: 58 (0x3A)
offAppName: 71 (0x47)
UserName: testuser
HostName: surajsinghLaptop-01
AppName: iexplore.exe

Then ISA server Responds with following

 - RWS: Channel setup response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
- RwstPacket: Channel setup response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
NullChar: 0 (0x0)
ProtoSig: RWS
PktLen: 281 (0x119)
Reserved1: 0 (0x0)
Flags: 0 (0x0)
Reserved2: 0 (0x0)
OpCode: Channel setup
- RwsMessage: response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
- SetupData: response to iexplore.exe (ISA Server compatible), authentication not required; encryption not required
Padding: Binary Large Object (18 Bytes)
MinVersion: ISA Server compatible
MaxVersion: ISA Server compatible
Authentication: not required
Reserved: 0 (0x0)
+ SetupFlags: KeepSession: False; RouteMode: True; ServerEncrypt: False; ClientEncrypt: False
dwReserved: 0 (0x0)
+ DiagBuf:
Unparsed: Binary Large Object (178 Bytes)

In reply it tells if encryption is required for this control channel or not similary if authentication is required or not. Depending upon the settings on the ISA server for its Firewall clients as Firewall clients receive these settings from the ISA server everytime the Firewall client machine is rebooted or firewall client service is restarted.