On the ISA Server forums and newsgroups, a common query we see is regarding blocking/unblocking Windows Live Messenger or MSN Messenger using the ISA firewall.
Blocking is easy. Microsoft has also come up with a KB article which explains how you can do just that, using either ISA Server 2004 or ISA Server 2006.
Now how about “unblocking”? Let me be more specific. Firewall administrators often post queries that they can’t seem to be able to ‘allow’ audio and video in MSN/Windows Live Messenger through the ISA firewall. “Why not? Just allow the protocols/’open the ports’!” I hear you say.
Lets take a closer look on what these ports are:
This table is extracted from KB927847. *Legacy means MSN Messenger 5.0 or Windows Messenger only, and not Windows Live Messenger.
Pay attention to the highlighted text. This means, you will have to ‘open’ over 60,000 UDP ports just to get the audio and video working! Clearly, MSN Messenger and Windows Live Messenger were not designed to work behind ISA Server, or any other proxy for that matter.