[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


TMG 2010 blocking Unidentified IP Traffic (TCP:8000)

Posted on 2012-08-22
Medium Priority
Last Modified: 2012-09-26
Hi All

I've run into a problem that I've been trying to get my head around but with no luck. The problem I'm having is as follows

I have a website that that we are reverse proxy through to the server with no problem but within that website there is a Ajax call that calls another website on port 8000. I've tried creating a rule that would do a link translation and that didn’t work so I've also tied to create a protocol rule for port 8000 and the TMG server still denies the access.

The TMG log says Unidentified Traffic (TCP:8000)

Has anyone got any idea on what I can do to allow the reverse proxy to allow port 8000 through?

Question by:TazzEE
  • 2

Author Comment

ID: 38320738
Just to add if I try to go direct from the TMG server to the website on port 8000 it works it’s just the proxy bit that does not work
LVL 20

Expert Comment

ID: 38324134
When you created the rule you also created a protocol with a name of your choice (for example: ProtocolName) which uses the port 8000. Since TMG reports the traffic as Unidentified, the protocol you created (ProtocolName) is not correct. Either the direction or the protocol type itself are wrong. When you fix the created protocol, TMG will start reporting the traffic as "ProtocolName". From then, the rule should work as well.

Author Comment

ID: 38324819
When I create a "Non-Web Server Protocol Publishing Rule" and input the IP address of the server I want to publish I get "Unidentified IP Traffic (TCP:8000)" "Denied Connection" but if I create the "Non-Web Server Protocol Publishing Rule" and publish the TMG server IP it self the connection comes up with the new Protocol but not routing through to the server I want to publish?
LVL 29

Accepted Solution

pwindell earned 1500 total points
ID: 38324888
within that website there is a Ajax call that calls another website on port 8000

First thing,....be sure it is the webserver initiating the connection to the other Site and that it is not simply triggering the User's Browser to make the connection,...in which case the connection is between the User and the second Site and is not actually happening between the two web servers

Then,...Where that other site is matters.

If the other site is on the same LAN behind the same ISA then that is simple.

1. Do the normal Web Publishing Rule that you are doing
2. Create  a Non-Web Server Publishing rule that uses the following defined Protocol
     Name: TCP-8000 Server
     Direction: Inbound
     Protocol:   TCP
     Port Range: 8000 - 8000
     Secondary Connections: none

But if the other Site is elsewhere and the first webserver has to cross the ISA/TMG to get there then you need to do everything above,...plus...

1. Create an Access Rule.
     Source: <the Webserver>
     Destin: <the other web server>
     Users:  "All Users"
     Protocols:  <create this,...it is not the same as the other>
                 Name: TCP-8000
                 Direction: Outbound
                 Protocol:   TCP
                 Port Range: 8000 - 8000
                 Secondary Connections: none

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question