Solved

Unable to access browser-based app from outside the firewall

Posted on 2014-03-04
4
266 Views
Last Modified: 2014-03-22
I cannot access/launch a browser-based app (Silverlight) from outside the router (i.e. Internet).  I am getting "This page can’t be displayed" error.
•I updated our external DNS record to point to the internal server FQDN.  When I ping the FQDN, it returns the external IP address of the router.
•On the router, I have port 443 forwarding to the IP address of the correct server.
•I turned off the server software firewalls, but still no joy.
•I installed a wildcard SSL certificate.

Again, everything works fine from within the router (without using lmhost file).  I think the problem may be DNS related, but other than what I've already done, what else might need to be changed?

Error:

This page can’t be displayed

•Make sure the web address https://server.domain.com is correct.
•Look for the page with your search engine.
•Refresh the page in a few minutes.
0
Comment
Question by:CPA_MCSE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39904889
If it works within the network but not outside, two possibilities come to mind:

1) Silverlight, being an application framework, can open additional ports. You may need to forward more that 443. Whoever wrote your silverlight app should be able to provide more details.

2) Your router is not properly forwarding port 443. See if any traffic is hitting your server. Wireshark, netmon, or even IIS logs would be helpful here. In some cases, routers (and even some UTM devices) use 443 for management, and improperly configured, will not forward 443 at all because it assumes it is for management, and those rules supercede the port forwarding rules set up by users. Each router is different in this regard, so I can't get more specific.
0
 

Author Comment

by:CPA_MCSE
ID: 39905823
Thanks for the feedback.

1.  It is a default and by-the-book install of a Microsoft web app.  Documentation states only port 443 need be forwarded.

2.  Based on your feedback, I moved the server to a different subnet with a different physical router, set port-forwarding to the new internal IP address, and updated/tested the external DNS record for that server to point to the external IP address of that router.  I also turned off all software firewalls on the server.  Still no joy...

As the server is joined to a pristine W2012 R2 test domain with default settings, might there be something there I would need to change?  Grasping at straws here...
0
 

Accepted Solution

by:
CPA_MCSE earned 0 total points
ID: 39935480
ISP is blocking port 443.
0
 

Author Closing Comment

by:CPA_MCSE
ID: 39947226
My testing determined ISP is blocking port 443.
0

Featured Post

Do you have a plan for Continuity?

It's inevitable. People leave organizations creating a gap in your service. That's where Percona comes in.

See how Pepper.com relies on Percona to:
-Manage their database
-Guarantee data safety and protection
-Provide database expertise that is available for any situation

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question