[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now



Posted on 2009-02-09
Medium Priority
Last Modified: 2012-05-06

I have a ISA 2004 cluster set up. It has a NAT relation to the external network, which is actually a extranet situation with a private address range. I'm trying to allow my new proxy box on the inside of this ISA cluster to allow access to the outside, through the extranet network where I have a checkpoint cluster.

The internal network that is homing the new proxy is I have set up the ISA in the enterprise rule to allow all traffic from the new proxy. Every time I try to connect to the internet (using any protocol) from this proxy I get FWX_E_POLICY_RULES_DENIED. The source of the request is internal, as it should be. The request is denied, however. It seems like ISA is just not applying my Enterprise Firewall Rule.

I don't understand why this is happening, I think it must have something to do with my network rules, however, they seem to be correct in my humble opinion. There are other systems in the same range as my new proxy, they're all connecting fine. What do I do to fix this problem? Many thanks for any help!
Question by:AimToPlease
1 Comment

Accepted Solution

AimToPlease earned 0 total points
ID: 23589678
Problem solved.

Turns out the certificate for contacing the configuration storage server had expired. After generating a net certificate and importing it wirh ISACertTool.exe, the non-working rule started to work immediately.

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question