I have a ISA 2004 cluster set up. It has a NAT relation to the external network, which is actually a extranet situation with a private address range. I'm trying to allow my new proxy box on the inside of this ISA cluster to allow access to the outside, through the extranet network where I have a checkpoint cluster.

The internal network that is homing the new proxy is I have set up the ISA in the enterprise rule to allow all traffic from the new proxy. Every time I try to connect to the internet (using any protocol) from this proxy I get FWX_E_POLICY_RULES_DENIED. The source of the request is internal, as it should be. The request is denied, however. It seems like ISA is just not applying my Enterprise Firewall Rule.

I don't understand why this is happening, I think it must have something to do with my network rules, however, they seem to be correct in my humble opinion. There are other systems in the same range as my new proxy, they're all connecting fine. What do I do to fix this problem? Many thanks for any help!
Who is Participating?
AimToPleaseConnect With a Mentor Author Commented:
Problem solved.

Turns out the certificate for contacing the configuration storage server had expired. After generating a net certificate and importing it wirh ISACertTool.exe, the non-working rule started to work immediately.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.