The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!
ISA 2006
Asked:
2
- +2
1 Solution
See if this helps
If you're running SBS Premium w/ ISA, then you'll need to add a protocol
definition for TCP 8020. The way ISA works, is that it uses protocol
definitions to define protocol (TCP/UDP/ICMP) and port combinations. It
then uses protocol rules that are based on these definitions as well as
other policy elements like schedules, users, etc. to determin who can go
where when. The effective 'allow all traffic' rule we have in ISA on SBS is
somewhat misleading as it only allows all of the protocols that are
currently defined. If a user tries to access a resource on the internet
using a protocol that is not currently defined in ISA (e.g. TCP 8020), then
ISA is going to deny the outbound request. Adding the new protocol
definition and restarting the Microsoft ISA Server Control service should solve the problem
If you're running SBS Premium w/ ISA, then you'll need to add a protocol
definition for TCP 8020. The way ISA works, is that it uses protocol
definitions to define protocol (TCP/UDP/ICMP) and port combinations. It
then uses protocol rules that are based on these definitions as well as
other policy elements like schedules, users, etc. to determin who can go
where when. The effective 'allow all traffic' rule we have in ISA on SBS is
somewhat misleading as it only allows all of the protocols that are
currently defined. If a user tries to access a resource on the internet
using a protocol that is not currently defined in ISA (e.g. TCP 8020), then
ISA is going to deny the outbound request. Adding the new protocol
definition and restarting the Microsoft ISA Server Control service should solve the problem
No need to change anything in your rules. You should have an access rule that allow HTTPS to go outside and that's it for the rules...
The problem is that by default ISA/TMG do not allow SSL protocol on any other port than 443.
In your example the URL is https://blahblahblah:8020/... Meaning you want to access a SSL web site on a port that is not 443 !!
You can refer to this article that talks about the same problem : http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/d64b5887-9218-4387-bc95-11906e8bae82/
Even it is not the same port they want to use in the article it's the same cause.
As said in the article you'll have to download the script http://www.isatools.org/tools/isa_tpr.js and use it to allow your specific port 8020 to be used for SSL.
This change wil require a full restart of TMG services, stopping any current connections.
Have a good day.
The problem is that by default ISA/TMG do not allow SSL protocol on any other port than 443.
In your example the URL is https://blahblahblah:8020/... Meaning you want to access a SSL web site on a port that is not 443 !!
You can refer to this article that talks about the same problem : http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/d64b5887-9218-4387-bc95-11906e8bae82/
Even it is not the same port they want to use in the article it's the same cause.
As said in the article you'll have to download the script http://www.isatools.org/tools/isa_tpr.js and use it to allow your specific port 8020 to be used for SSL.
This change wil require a full restart of TMG services, stopping any current connections.
Have a good day.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now