TMG 2010 blocking Unidentified IP Traffic (TCP:8000)

Posted on 2012-08-22
Last Modified: 2012-09-26
Hi All

I've run into a problem that I've been trying to get my head around but with no luck. The problem I'm having is as follows

I have a website that that we are reverse proxy through to the server with no problem but within that website there is a Ajax call that calls another website on port 8000. I've tried creating a rule that would do a link translation and that didn’t work so I've also tied to create a protocol rule for port 8000 and the TMG server still denies the access.

The TMG log says Unidentified Traffic (TCP:8000)

Has anyone got any idea on what I can do to allow the reverse proxy to allow port 8000 through?

Question by:TazzEE

    Author Comment

    Just to add if I try to go direct from the TMG server to the website on port 8000 it works it’s just the proxy bit that does not work
    LVL 19

    Expert Comment

    When you created the rule you also created a protocol with a name of your choice (for example: ProtocolName) which uses the port 8000. Since TMG reports the traffic as Unidentified, the protocol you created (ProtocolName) is not correct. Either the direction or the protocol type itself are wrong. When you fix the created protocol, TMG will start reporting the traffic as "ProtocolName". From then, the rule should work as well.

    Author Comment

    When I create a "Non-Web Server Protocol Publishing Rule" and input the IP address of the server I want to publish I get "Unidentified IP Traffic (TCP:8000)" "Denied Connection" but if I create the "Non-Web Server Protocol Publishing Rule" and publish the TMG server IP it self the connection comes up with the new Protocol but not routing through to the server I want to publish?
    LVL 29

    Accepted Solution

    within that website there is a Ajax call that calls another website on port 8000

    First thing, sure it is the webserver initiating the connection to the other Site and that it is not simply triggering the User's Browser to make the connection, which case the connection is between the User and the second Site and is not actually happening between the two web servers

    Then,...Where that other site is matters.

    If the other site is on the same LAN behind the same ISA then that is simple.

    1. Do the normal Web Publishing Rule that you are doing
    2. Create  a Non-Web Server Publishing rule that uses the following defined Protocol
         Name: TCP-8000 Server
         Direction: Inbound
         Protocol:   TCP
         Port Range: 8000 - 8000
         Secondary Connections: none

    But if the other Site is elsewhere and the first webserver has to cross the ISA/TMG to get there then you need to do everything above,

    1. Create an Access Rule.
         Source: <the Webserver>
         Destin: <the other web server>
         Users:  "All Users"
         Protocols:  <create this, is not the same as the other>
                     Name: TCP-8000
                     Direction: Outbound
                     Protocol:   TCP
                     Port Range: 8000 - 8000
                     Secondary Connections: none

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
    This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now