<

Access to https or SSL sites fail from ISA Server when used over ports other than 443 or 563 and you receive a message that this is not supported

Published on
18,449 Points
9,049 Views
4 Endorsements
Last Modified:
Approved
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself.

To get to the cmd prompt, click on start - run and enter cmd in the run box.

In the cmd box, type in "cd \" without the quote marks followed by pressing the enter or return key.

Open a web browser and go to http://www.isatools.org then using the tabs along the middle, select the version of ISA or FTMG tools relevant to your installation.
Find and download the Tunnel Port Range Extender utility saving it to the c:\ folder of the ISA/FTMG box - this is the root of your c: drive. The file name will be isa_tpr.js.

The www.isatools.org site is hosted by Jim Harrison - a top-bloke within Microsoft's ISA and FTMG area and access to this file is by his kind permission.
Go back to your cmd prompt window and type the following: isa_tpr.js /? to get a list of commands & options.
I have provided an example to add TCP port 5100 to the list of ports that ISA will recognise as being authorised to carry HTTPS traffic.

 isa_tpr.js /add port5100 5100 5100

This example calls the isa_tpr script, tells it that I want to add a single port, that I want to name the new port description as 'port5100' and finally provides a start port and end port.

Once completed, stop and restart the ISA firewall service for the change to take effect. An access rule in the ISA/FTMG firewall policy that allows https traffic outbound will now succeed when the destination port is either 443 or 5100. Similarly, you can also add a range of ports in a single command; for example, to add ports 5101 - 5110, use the command line as follows:

isa_tpr.js /add moressl 5101 5110

Using the following will show you all of the ports that have been authorised for use through SSL/HTTPS:

isa_tpr.js /show

To delete an added port or port range from the allowed HTTPS list then the following should be followed:

isa_tpr.js /del port5100
The port name/range description is provided when you run the isa_tpr.js /show option. Again, restart the ISA firewall services to enforce the changes made.
4
Comment
5 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Really nice. I will try it.

Thanks a lot!
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
i cant find ISA tunnel port rang extender listed under isa 2006 tab.

kindly advice.
0
 
LVL 51

Author Comment

by:Keith Alabaster
In that version, Jim has called it the ISA Tunnel Port Tool
http://www.isatools.org/tools.asp?Context=ISA2006
0
 
LVL 61

Expert Comment

by:Kevin Cross
Nice work, Keith!
0
 

Expert Comment

by:ryan donald
Hello
It is good to see that the people are active in responding. Thank you for all the responses. I was trying to look up for it, and i found it here.
thanks again.
If anyone needs assistance in comepleting their written work can get in touch with me at do my master's essay for me.
0

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Join & Write a Comment

Key to your CPU's ability to stay cool is to use the right amount of thermal paste and apply it correctly. In other words you want as much thermal conductivity between CPU and the cooling block. Use a quality thermal paste and apply it in a manner…
This is Part-2 of Learning to use the Power of Mailwasher Pro so if you haven't watched Part-1 yet, I urge you to do so before watching this video. Click this link to watch Part-1 (https://www.experts-exchange.com/videos/56638/Learn-to-use-the-POWER…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month