Port 8080 Denied Connection

I just installed ISA 2006 on a client's network. Everything seems to be working fine but when I look at the logs, I'm seeing that for every connection to the internet, ISA first sends a request to the web server over port 8080, which gets denied, and then over port 80, which gets accepted. Is this normal? If it is normal, why does it do that? If it is not normal, what do I do to fix this?
LVL 10
victornegriAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Just as a test, can you remove the authenticated users and replace with all users?

Sounds like the web proxy service is attempting connecting as anonymous - which is fine - realising it requires authentication so requests the credentials from the client - then remakes the attempt correctly. Nothing actually to worry about though.

I assume you are not running the ISA fwc?
0
 
Keith AlabasterEnterprise ArchitectCommented:
open the ISA gui
select configuration - networks - internal - web proxy
what port have you set. 80 or 8080?
0
 
victornegriAuthor Commented:
8080
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
Keith AlabasterEnterprise ArchitectCommented:
OK so its at the default.

Is ISA a domain member or a standalone box>
What authentication have you placed on the outbound rules?
0
 
victornegriAuthor Commented:
Yeah, it's at the default 8080 (which is what we had the old ISA2000 box set to.

The computer is a domain member and I have Integrated Authentication on the outbound rules.
0
 
victornegriAuthor Commented:
We are running the ISA FWC... some computers have the old version (the one that came with ISA2k) and some have the latest version.

We have many rules set up on ISA. Most users are not allowed to connect to the internet. Some are only allowed to connect to certain sites. A few are allowed to connect to anything they want. We have rules set up that limit a user to certain sites based on their group membership... so to answer your question, some rules apply to "All Users" while others apply to specific domain groups. None have "Authenticated Users".

So I can just filter out the 8080 requests in the log monitor? I just want to make sure we're not going to be showing up on firewall logs as attempting some hack attempt over 8080 on the websites my users are trying to access.
0
 
Keith AlabasterEnterprise ArchitectCommented:
No, I would suggest that if you review the log, the call is made from internal (on 8080) to localhost rather than internal to external - can you confirm?
0
 
victornegriAuthor Commented:
You're right. They all seem to be from internal to localhost. I could have sworn that I saw some from localhost to external but I guess I just read it incorrectly.

So I can ignore it?
0
 
Keith AlabasterEnterprise ArchitectCommented:
yes - your clear :)
0
 
victornegriAuthor Commented:
Thanks.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Welcome :)

Keith
0
All Courses

From novice to tech pro — start learning today.