ISA outbound Traffic

I've got an isa server 2k4 w/ server 2003 running with 1 network card.  Its only purpose in life is to proxy traffic on port 8080 and authenticate internal users to allow/disallow internet access.  This part is working great.  I have an app on the server itself that needs access to the internet.  However every time i try to go to any site or i try to make this app download its updates (Watchgaurd web-blocker updates) I get the ISA Error Code: 403 Forbidden.  The ISA Server denided the specified Uniform Resource Locator (URL). (122202).  I've chaged system policy rule 17 to allow outbound from the isa server to all networks.  Still no luck?  Any help?
LVL 1
stamperbAsked:
Who is Participating?
 
Keith AlabasterEnterprise ArchitectCommented:
I have to be honest and say this is the recomended approach (different box). The only scenario when the rule changes really is for SBS where SBS uses a modified, cut-down version of ISA server.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Don't change rule 17; this is NOT what it is for.
have you included local host to the 'FROM' box in your firewall rule?
Are there any rules ahead of this one that is stopping the traffic ahead of this rule?
0
 
Matt_HeuerCommented:
Since you are using the server as a web proxy, you will need to plug in the values and possible user names into the application you are using.  If the app doesnt support this then you will need to make some changes to your policy in place.  To fix this you will need to create a new rule and have the app access the internet through securenat and not web proxy.  As Keith said, you will need to make sure the rule includes local host in the from field and external in the to field and make sure that it applies to all users since securenat clients cant authenticate.  Also for troubleshooting purposes, move this newly created rule to the top of the list.

Cole
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
Keith AlabasterEnterprise ArchitectCommented:
Matt, no disrespect to your answer as I see where you are coming from but the server has a single NIC so doesn't support SecureNAT clients.

regards
Keith
ISA MCT
0
 
Matt_HeuerCommented:
I stand corrected, sorry about that.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Don't ever be sorry Matt; you make a good contribution to Experts-exchange and your views are valued. I would be the first to stand up and state I make errors of my own. :)

Regards
keith
0
 
stamperbAuthor Commented:
OK well i'm seriously thinking about just putting the app on a differenet box and letting isa just be isa :-)  
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thanks :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.