some sites are not loading after removing ISA proxy

strange situation here. after removing an ISA web proxy server from the LAN and configuring GPO to go directly to Internet, some sites are not opening (loading infinitely) like Hotmail for example. anyone can help with that ?


Thanks
eyad77Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Suliman Abu KharroubIT Consultant Commented:
"configuring GPO to go directly to Internet"

do you mean to use default gateway?
0
eyad77Author Commented:
mean unchecked  the "enable proxy setting" for the old proxy server
0
pwindellCommented:
That wouldn't have matter,...if the proxy is not located the default browser behavior is to ignore the proxy settings and go direct anyway.

Did you uninstall the Firewall Client Software on the workstations too?
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

eyad77Author Commented:
no firewall client was used. the ISA was used as a web proxy only.
I've noticed that most of the not-loading sites are HTTPS based. adding a public ISP proxy to the HTTPS traffic only made it work!
0
Suliman Abu KharroubIT Consultant Commented:
do the clients have default ISA server ip address as default gateway ?
0
eyad77Author Commented:
no...the core switch is used as the default gateway which is routed to either other LANs or the Internet
0
Suliman Abu KharroubIT Consultant Commented:
do you have all other LANS ( subnet address ) added to internal netowrk on your TMG server?

Can you ping clients from TMG server ? ( this need an access rule to allow that from localhost to internal)
0
eyad77Author Commented:
please re-read my question!
0
Suliman Abu KharroubIT Consultant Commented:
Ohh, sorry.

from client please run

tracert 8.8.8.8

do packets routed throw a correct path ?
0
pwindellCommented:
You have another Firewall somewhere.
The firewall may not allow the Clients out to the Internet properly since it would have (at least should have) been restricted to only allowing the IP# of the ISA/TMG to go out in order to prevent users from bypassing the ISA/TMG while it was still being used.  IF this was not corrected when you removed the ISA/TMG you would have problems.
0
eyad77Author Commented:
we have an IBM physical firewall in place, we made sure it's not configured to block any web traffic. the problem is that only some sites are not loading!
0
Suliman Abu KharroubIT Consultant Commented:
IF you are talking about HTTPS site, please check IE advanced options. ssl settings. make sure to check "use ssl 2.0".
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.