Solved

How do I open port 443 in ISA to allow access to web pages that are SSL?

Posted on 2008-10-17
29
1,922 Views
Last Modified: 2008-11-18
I am accessing my ISP and I clicked on one of the links for me to enable web hosting with them and i got the following error message:
Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 17.0.0.18
Date: 10/17/2008 3:47:32 PM
Server: name_of_server.local
Source: proxy
-------------------------------
I went to ISA and created a protocol of 443 and a access rule but it still does not work.
My router has port forwarding for 443 enabled but it still does not work.
Maybe I created the protocol or access rule incorrectly.
These are the settings for protocol:
Port Range =443
Protocol Type=TCP
Direction=Outbound
No secondary connections

The settings for Access Rule are:
Action:
Action to take when the conditions are met=Allow
Log requests matching this rule=has a check mark
Protocols:
This rule applies to =Selected Protocols
Protocols=SSL 443 Protocol(The protocol I created)
From=Internal
To=External
Content Type=All content types
Schedule=always
Users=all users

Please advise on how I resolve this?
0
Comment
Question by:j_rameses
  • 16
  • 12
29 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22743804
The reason is that the site is moving you to a different SSl port number other than 443. This is a common issue as ISA (by default) only supports SSl on port 443. if you have a look at this link (Jim Harrison - Microsoft) you will see the ISA tunnel port tool. This utility allows you to add additional SSl ports.

http://www.isatools.org/tools.asp?Context=ISA2004

If you open the ISA gui - monitoring - logging - start query, watch the destination port that the client tries to go to. use the tool and add this port number.

Job done

Keith
0
 

Author Comment

by:j_rameses
ID: 22743911
the destination port is 80
what should i do?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22743939
That doesn't make sense.
Also, you don't need to create an ssl protocol - it is built in and called https. Have you enabled https from internal and localhost to external?
0
 

Author Comment

by:j_rameses
ID: 22743955
what do you mean by "Have you enabled https from internal and localhost to external?"
please advise how i can check this and how to do this
0
 

Author Comment

by:j_rameses
ID: 22744014
on firewall policy:
name=SBS Windows Sharepoint Services Web Publishing Rule
Action = deny
protocols=https

does this have anything to do with it?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744045
Yes :) - it should be Allow
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744080
Actually, that may be incorrect information - sorry.
That rule says it is a publishing rule - what is the From and To boxes set to?
0
 

Author Comment

by:j_rameses
ID: 22744117
from=anywhere
to=publishing.domain.local
forward the original host header instead of the actual one= has a check mark
0
 

Author Comment

by:j_rameses
ID: 22744139

fyi
under listener:
networks=external
Port(HTTP)=disabled
Port(HTTPS)=444
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744150
leave that at deny - this blocks external access to your internal Intranet/Sharepoint.
There should be an access rule that allows https from internal & localhost to external.
If there isn't one OR https is not a listed protocol in an existing rule then add one.

In addition, you MUST be a member of the SBS domain users group
0
 

Author Comment

by:j_rameses
ID: 22744194
regarding your last comment, I am logged in as the system administrator.
how to i create i step by step your suggestion?
0
 

Author Comment

by:j_rameses
ID: 22744339
keith,
pls advise how to do your suggestion.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22744387
???? No offence but this is really basic ISA configuration.

Open the gui, select firewall policy
right-click the firewall policy description on the left and select new - access rule
give it a name - select allow - in the protocols select https - in the from box select internal & localhost - in the to box select external - all users - always
Move this rule to the top - apply policy
0
 

Author Comment

by:j_rameses
ID: 22744420
http or https?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:j_rameses
ID: 22744424
there is also a https server?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744429
just https
0
 

Author Comment

by:j_rameses
ID: 22744497
it did not work.
should i restart the firewall?
0
 

Author Comment

by:j_rameses
ID: 22744502
i meant that i still get the same error message.
0
 

Author Comment

by:j_rameses
ID: 22744512
i moved it to position #1
0
 

Author Comment

by:j_rameses
ID: 22744596
keith,
this is the url address that appears when i click on the webpage:
https://api.webhosting.optonline.net:8443/ssoapp/servlet/SSORequest

it states a 8443.
does this have anything to do with it?
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 500 total points
ID: 22744637
I go back to my first posts - about checking the log to see what port it used - 443 is the ONLY https port supported by default. You need to use the tool in my link to add 8443 to the list of https supported ports.
0
 

Author Comment

by:j_rameses
ID: 22744705
that download only shows my ports not to add them.
i downloaded the tool called:   ISA Tunnel Port Tool
0
 

Author Comment

by:j_rameses
ID: 22744781
should i use the download:
ISA TPRE by Steven S.
This one has the option to enter:
LowPort:
HighPort
TunnelPortName:
Then I click on Add Tunnel Range
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744789
read the text that ccomes with it when you type in the command- it gives you the syntax to use with the tool to add the ports
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744797
Yes, you can use the GUI version if you wish. The range to add is 8443 to 8443
0
 
LVL 2

Expert Comment

by:wcoka2
ID: 22744813
Why are you enabling port forwarding for 443 at your router? For what I understand you want to access a website that uses SSL right? What is getting denied at the logging?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744817
What?? God help us from people who do not bother to read the posts before adding a comment.
0
 

Author Comment

by:j_rameses
ID: 22744849
Keith,

Bingo it worked.
Thank you.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22744855
Welcome mate :)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now