• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

ISA outbound Traffic

I've got an isa server 2k4 w/ server 2003 running with 1 network card.  Its only purpose in life is to proxy traffic on port 8080 and authenticate internal users to allow/disallow internet access.  This part is working great.  I have an app on the server itself that needs access to the internet.  However every time i try to go to any site or i try to make this app download its updates (Watchgaurd web-blocker updates) I get the ISA Error Code: 403 Forbidden.  The ISA Server denided the specified Uniform Resource Locator (URL). (122202).  I've chaged system policy rule 17 to allow outbound from the isa server to all networks.  Still no luck?  Any help?
0
stamperb
Asked:
stamperb
  • 5
  • 2
1 Solution
 
Keith AlabasterCommented:
Don't change rule 17; this is NOT what it is for.
have you included local host to the 'FROM' box in your firewall rule?
Are there any rules ahead of this one that is stopping the traffic ahead of this rule?
0
 
Matt_HeuerCommented:
Since you are using the server as a web proxy, you will need to plug in the values and possible user names into the application you are using.  If the app doesnt support this then you will need to make some changes to your policy in place.  To fix this you will need to create a new rule and have the app access the internet through securenat and not web proxy.  As Keith said, you will need to make sure the rule includes local host in the from field and external in the to field and make sure that it applies to all users since securenat clients cant authenticate.  Also for troubleshooting purposes, move this newly created rule to the top of the list.

Cole
0
 
Keith AlabasterCommented:
Matt, no disrespect to your answer as I see where you are coming from but the server has a single NIC so doesn't support SecureNAT clients.

regards
Keith
ISA MCT
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
Matt_HeuerCommented:
I stand corrected, sorry about that.
0
 
Keith AlabasterCommented:
Don't ever be sorry Matt; you make a good contribution to Experts-exchange and your views are valued. I would be the first to stand up and state I make errors of my own. :)

Regards
keith
0
 
stamperbAuthor Commented:
OK well i'm seriously thinking about just putting the app on a differenet box and letting isa just be isa :-)  
0
 
Keith AlabasterCommented:
I have to be honest and say this is the recomended approach (different box). The only scenario when the rule changes really is for SBS where SBS uses a modified, cut-down version of ISA server.
0
 
Keith AlabasterCommented:
Thanks :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now