• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2737
  • Last Modified:

How do I open port 443 in ISA to allow access to web pages that are SSL?

I am accessing my ISP and I clicked on one of the links for me to enable web hosting with them and i got the following error message:
Network Access Message: The page cannot be displayed
 
Technical Information (for Support personnel)
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
IP Address: 17.0.0.18
Date: 10/17/2008 3:47:32 PM
Server: name_of_server.local
Source: proxy
-------------------------------
I went to ISA and created a protocol of 443 and a access rule but it still does not work.
My router has port forwarding for 443 enabled but it still does not work.
Maybe I created the protocol or access rule incorrectly.
These are the settings for protocol:
Port Range =443
Protocol Type=TCP
Direction=Outbound
No secondary connections

The settings for Access Rule are:
Action:
Action to take when the conditions are met=Allow
Log requests matching this rule=has a check mark
Protocols:
This rule applies to =Selected Protocols
Protocols=SSL 443 Protocol(The protocol I created)
From=Internal
To=External
Content Type=All content types
Schedule=always
Users=all users

Please advise on how I resolve this?
0
j_rameses
Asked:
j_rameses
  • 16
  • 12
2 Solutions
 
Keith AlabasterEnterprise ArchitectCommented:
The reason is that the site is moving you to a different SSl port number other than 443. This is a common issue as ISA (by default) only supports SSl on port 443. if you have a look at this link (Jim Harrison - Microsoft) you will see the ISA tunnel port tool. This utility allows you to add additional SSl ports.

http://www.isatools.org/tools.asp?Context=ISA2004

If you open the ISA gui - monitoring - logging - start query, watch the destination port that the client tries to go to. use the tool and add this port number.

Job done

Keith
0
 
j_ramesesInfo Sys MngrAuthor Commented:
the destination port is 80
what should i do?
0
 
Keith AlabasterEnterprise ArchitectCommented:
That doesn't make sense.
Also, you don't need to create an ssl protocol - it is built in and called https. Have you enabled https from internal and localhost to external?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
j_ramesesInfo Sys MngrAuthor Commented:
what do you mean by "Have you enabled https from internal and localhost to external?"
please advise how i can check this and how to do this
0
 
j_ramesesInfo Sys MngrAuthor Commented:
on firewall policy:
name=SBS Windows Sharepoint Services Web Publishing Rule
Action = deny
protocols=https

does this have anything to do with it?
0
 
Keith AlabasterEnterprise ArchitectCommented:
Yes :) - it should be Allow
0
 
Keith AlabasterEnterprise ArchitectCommented:
Actually, that may be incorrect information - sorry.
That rule says it is a publishing rule - what is the From and To boxes set to?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
from=anywhere
to=publishing.domain.local
forward the original host header instead of the actual one= has a check mark
0
 
j_ramesesInfo Sys MngrAuthor Commented:

fyi
under listener:
networks=external
Port(HTTP)=disabled
Port(HTTPS)=444
0
 
Keith AlabasterEnterprise ArchitectCommented:
leave that at deny - this blocks external access to your internal Intranet/Sharepoint.
There should be an access rule that allows https from internal & localhost to external.
If there isn't one OR https is not a listed protocol in an existing rule then add one.

In addition, you MUST be a member of the SBS domain users group
0
 
j_ramesesInfo Sys MngrAuthor Commented:
regarding your last comment, I am logged in as the system administrator.
how to i create i step by step your suggestion?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
keith,
pls advise how to do your suggestion.
0
 
Keith AlabasterEnterprise ArchitectCommented:
???? No offence but this is really basic ISA configuration.

Open the gui, select firewall policy
right-click the firewall policy description on the left and select new - access rule
give it a name - select allow - in the protocols select https - in the from box select internal & localhost - in the to box select external - all users - always
Move this rule to the top - apply policy
0
 
j_ramesesInfo Sys MngrAuthor Commented:
http or https?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
there is also a https server?
0
 
Keith AlabasterEnterprise ArchitectCommented:
just https
0
 
j_ramesesInfo Sys MngrAuthor Commented:
it did not work.
should i restart the firewall?
0
 
j_ramesesInfo Sys MngrAuthor Commented:
i meant that i still get the same error message.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
i moved it to position #1
0
 
j_ramesesInfo Sys MngrAuthor Commented:
keith,
this is the url address that appears when i click on the webpage:
https://api.webhosting.optonline.net:8443/ssoapp/servlet/SSORequest

it states a 8443.
does this have anything to do with it?
0
 
Keith AlabasterEnterprise ArchitectCommented:
I go back to my first posts - about checking the log to see what port it used - 443 is the ONLY https port supported by default. You need to use the tool in my link to add 8443 to the list of https supported ports.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
that download only shows my ports not to add them.
i downloaded the tool called:   ISA Tunnel Port Tool
0
 
j_ramesesInfo Sys MngrAuthor Commented:
should i use the download:
ISA TPRE by Steven S.
This one has the option to enter:
LowPort:
HighPort
TunnelPortName:
Then I click on Add Tunnel Range
0
 
Keith AlabasterEnterprise ArchitectCommented:
read the text that ccomes with it when you type in the command- it gives you the syntax to use with the tool to add the ports
0
 
Keith AlabasterEnterprise ArchitectCommented:
Yes, you can use the GUI version if you wish. The range to add is 8443 to 8443
0
 
wcoka2Commented:
Why are you enabling port forwarding for 443 at your router? For what I understand you want to access a website that uses SSL right? What is getting denied at the logging?
0
 
Keith AlabasterEnterprise ArchitectCommented:
What?? God help us from people who do not bother to read the posts before adding a comment.
0
 
j_ramesesInfo Sys MngrAuthor Commented:
Keith,

Bingo it worked.
Thank you.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Welcome mate :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 16
  • 12
Tackle projects and never again get stuck behind a technical roadblock.
Join Now