• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 844
  • Last Modified:

Need help setting up rule for the ISA Server.

I am trying to get to a sight  https://www.netsmemberservices.com:8443.

Without doing anything on proxy.  Which I have set to allow all users to go out to all destinations with all the default protocols http https ftp gopher.

I keep getting this      <TD    The page cannot be displayed

If I go into the browser setting in internet explorer and put https://www.netsmemberservices.com:8443 into the exceptions on the connections for it bypass proxy for this address everything works fine.

Do I need to setup a new protocol for the 8443?   or what to get this to work?

Thanks
Jeff

 
0
Splunker
Asked:
Splunker
  • 4
  • 4
1 Solution
 
Keith AlabasterEnterprise ArchitectCommented:
The reason is that by default, ISA will only pass SSL traffic on ort 443. Sounds stupid I know as 8443 is the https port setting within the web proxy tab in the internal networks for the firewall client.

Not quite sure how you got to the site by adding it to the IE exceptions rule. If you managed that, then ISA is not going to be much good to you as users will just switch off their proxy settings won't they?

To enable https ports other than 443 to pass through, you need to run a .vbs script.


http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/managingtunnelports.mspx
http://www.isaserver.org/articles/2004tunnelportrange.html

Regards
keith
ISA MCT
0
 
SplunkerAuthor Commented:
I am running into a few things like this.. I cant get it running and up having to bypass the proxy in order for it to work. I am wondering how much of it is related to the same issue with the ISA server not allowing it out.  I basically use my isa in a cache mode. I have only couple rules. Allow everyone anywhere at anytime.  I have other devices that control where what sites they can access. Also our firewall determines what  ip address are alowed through.  I used group policy to point everyones browser to our proxy server our fire wall only lets proxy server out to the internet except for my machine and select few others. So if users changed to bypass proxy on everything they would not get anywhere.

But  like I said its not the firewall because it works when I bypass the proxy on my workstation.  Could it have anything to do with the content groups?  .asp?  or other extentions? I have recently had a issue with mcafee updates that would no longer work after they upgraded the engine. I found out the same thing. I had to bypass the proxy for mcafee adresses. I would like to figure out why this is. I don't want to use this a s rule of thumb, don't work bypass proxy.

0
 
Keith AlabasterEnterprise ArchitectCommented:
What with this question and the other one we are doing, it sounds like your ISA is slightly on the ill side. Anything in the event logs, both MS and ISA?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
SplunkerAuthor Commented:
I guess I am not following what does this .vbs script do?  I looks to be above my head on this.
0
 
SplunkerAuthor Commented:
Will these scripts and  Gui tools work with ISA Server 2000?
0
 
SplunkerAuthor Commented:
I used the second link and did the script called isa_tpr.js and did the cscript isa_tpr.js /add ext8443 8443

Restarted the Web proxy service. Tested the site and it worked fine.

I wonder if the Gui Version ISATpre.zip will work with ISA server 2000?

Thanks for your help.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Morning Splunker. glad it worked OK.

I'm in the UK and probably a good few hours ahead of you so I didn't see your last posts. the ISATpre.zip is for the enterprise versions. The script simply allows ISA to pass https traffic ovr the 8443 port as well s the default port 443.

Do you want to accept my answer?

Regards
Keith
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thank you :)
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now