Solved

Access website through ISA 2004

Posted on 2009-07-14
4
995 Views
Last Modified: 2013-11-16
Hi I have a weird issue with one web site and ISA 2004.

Web browsing works without faults until someone tries to access http://www.norfolkline.com/ or any of its registered domains.  Instantly we receive a standard 403 error below:

          Error Code: 403 Forbidden. The server denied the specified
          Uniform Resource Locator (URL). Contact the server administrator. (12202)

I have monitored ISA and can see the requests for the website and they do not get blocked.  The Packets I see are:

   Initiated Connection
   Log type: Firewall service
   Status: The operation completed successfully.
   Rule:
   Source: Local Host ( 81.168.9.86:41372)
   Destination: External ( 195.35.110.244:80)

   Allowed Connection
   Log type: Web Proxy (Forward)
   Status: 403 Forbidden
   Rule: Allow all HTTP traffic from ISA Server to all networks (for CRL downloads)
   Source: Local Host ( 10.0.0.3:0)
   Destination: External ( 195.35.110.244:80)
   Request: GET http://www.norfolkline.com/ferry/
   Filter information: Req ID: 1da11fff

   Closed Connection
   Log type: Firewall service
   Status: A connection was gracefully closed in an orderly shutdown process with a
                three-way FIN-initiated handshake.
   Rule:
   Source: Local Host ( 81.168.9.86:41372)
   Destination: External ( 195.35.110.244:80)

I can see that ISA shows 403 Forbidden on the allowed connection but i am not sure why. It isnt an issue with the web site as it works from other sites and ISPs.

Does anyone have any ideas why ISA would be doing this?

Thanks in advance

Dan
0
Comment
Question by:Supportteam
  • 2
4 Comments
 
LVL 20

Expert Comment

by:Hendrik Wiese
ID: 24848486
Hi,

Have a look at your rule called: "Allow all HTTP traffic from ISA Server to all networks (for CRL downloads)", as looks like it gets the 403 Forbidden from this rule, you could try to delete this rule and set it up from scratch.
0
 

Expert Comment

by:JakkalsKruger
ID: 24848572
Hi,

Look here: http://forums.isaserver.org/m_2001999787/mpage_1/key_/tm.htm#2001999787

Seems you'll need to consider making the internal computers Web Proxy Clients instead of relying on NAT.
0
 

Author Comment

by:Supportteam
ID: 24849193
Hi All,
Cheers for the quick responses, I am unable to do anything with the "Allow all HTTP traffic from ISA Server to all networks (for CRL downloads)" policy as its a system policy.  Though I have disabled it to see what happens at which time final policy "SBS Internet Access Rule" (yes its an SBS 2003 Server) stopped the packet with the same 403 error.
As for the webproxy comment all of the clients are using the latest ISA Firewall Client and the web site is external of our network and its not using any ssl on the home page.
Any other ideas guys?
0
 

Accepted Solution

by:
Supportteam earned 0 total points
ID: 24877328
Hi All,
After more investigation we have found that the company hosting www.norfolkline.com use an ISA server and its actually their ISA server that is blocking our access not ours.
Thanks for the help.
Dan
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now