Ghost Solution Suite

Have Ghost 8.0 and am trying to get working on a new default install of Windows SBS 2003 server with ISA 2004.
The server has two NICs and has ISA 2004 as the firewall on the external NIC.

Am trying to use Ghostcast server on the internal side with no luck.
Basically the client cant attach to the session

I have no doubt it is the ISA 2004 causing the problem.
What rules would i need in the firewall policy to have this work?
I have tried an allow all rule on the internal side to no avail
even tried custom ports with an allow rule - no luck.

I'm not personally familiar with ISA, but we should probably do some testing against it here in our QA labs. I'm assuming that you're trying to run GhostCast on the SBS2003 machine itself - if not, then it might not have anything to do with the ISA firewall and might have more to do with your switch configuration and whether you have multicasting enabled on your switches (which is usually best to check by running packet captures using something like Wireshark).

The omens are not good for running GhostCast with ISA; the ISA docs and FAQs basically never mention multicast, and according to numerous Usenet postings by Microsoft employees, ISA flat out refuses to pass any multicast traffic either inbound or outbound and cannot be configured to do otherwise: see http://groups.google.co.nz/group/microsoft.public.isa/msg/0e2ae90a18dac96b for a typical example.

Normally, GhostCast's normal session discovery mechanism works by the clients sending a session request to multicast group 224.77.1.0 on port 6666, and the multicast transfer itself will be sent to a random multicast address in the 224.77.x.x range on port 7777. You can try writing a set of explicit permit rules to allow this traffic from internal->local and local->internal, but it may not honour the rules and you might be out of luck in terms of running GhostCast on the SBS2003 machine because of ISA. It's just a matter of trying it and seeing.

Note that if the multicast session discovery fails, the Ghost clients do try to locate the session using the WINS protocol which is port 137. If the MSFT employees are right and ISA won't let any form of multicast or broadcast go through, then the best you can hope for is to enable WINS and run GhostCast in Unicast mode only, or to just not run the GhostCast on the SBS2003 machine and host it on regular Windows XP box or something of that kind on a machine in the internal network so ISA doesn't get involved.

Yes we are trying to run the ghostcast on the SBS2003 Premium server.
(Premium includes ISA and SQL - we are not running SQL)

Have pretty much tried as you stated with opening custom ports etc

I have other SBS2003 Standard servers with ghost working fine
These do not have ISA so i know it is an ISA issue

I think this is something you should look into.
SBS2003 Premium is designed to be the only server really needed in a small business.
To not be able to then use ghost is a pain.

Have to admit that it is probably more an issue with microsoft.
hmmm... do i fork out the $400AUS to find out the answer i already fear...

thanks for the quick response

> I think this is something you should look into.

We can spend some time looking into finding a workaround, but my feeling is that there isn't really anything we can do if this is just how ISA is designed to be.

> To not be able to then use ghost is a pain.

Absolutely it is. Fortunately it does run pretty well on a plain old workstation, so you can probably set up a small headless XP box on your internal network and remote desktop to it for not much money.