Internet Related/Filtering/Firewall Thread, TMG Publishing/Proxying in Technical; I have a site published now on port 2381, and it works fine from an external connecting computer. I now ...
14th October 2010, 10:29 AM #1
I have a site published now on port 2381, and it works fine from an external connecting computer. I now want the internal connecting computers to also get to the site via the same address. I have a DNS record set up in our DNS server pointing the web address at our TMG server which is doing the publishing/forwarding, and this works - so long as the clients don't have that TMG server set up as their web proxy.
If I set it up as their web proxy, it obviously then tries to act as a proxy - and ignores the publishing rule. Setting up exceptions in the proxy settings on the client, and tick the 'bypass for local addresses' works, but I don't want to have to do this!
How can I get TMG to not proxy that address?
Last edited by localzuk; 14th October 2010 at 10:31 AM.
IDG Tech News
14th October 2010, 10:45 AM #2
Is the server internal?
I would just put the internal ip as the dns entry rather then the external ip.
14th October 2010, 11:15 AM #3
It is internal, yes. But without a per-client rule stating to bypass the server for it, it proxies it. I want the proxy server to simply return the same thing it does when an external person connects.
Originally Posted by ZeroHour
15th October 2010, 04:04 PM #4
15th October 2010, 04:12 PM #5
So does that mean you want it to route through TMG?
Originally Posted by localzuk
Can you make a rule saying from Internal->The site allow and put it above the general rule allowing users onto the net?
15th October 2010, 04:26 PM #6
Doesn't seem to make a difference. The TMG box simply tries to proxy it via the upstream server, rather than just going direct to it.
Originally Posted by ZeroHour
Just checked the log and I'm getting the following:
So it just doesn't seem to like that it is HTTPS over port 2381. Any idea how to enable 2381 for SSL?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3 No Proxy portal.mineheadmiddle.somerset.sch.uk TCP
Req ID: 0a25bc74; Compression: client=No, server=No, compress rate=0% decompress rate=0% Internet 0x0 0x0 65101 Web Proxy - - - 0 1153 0 -
15/10/2010 14:20:40 0 0 0 0 - - - - - - - -
15/10/2010 15:20:40 10.5.142.20 10.5.143.180 2381 SSL-tunnel Failed Connection Attempt Inspected
12204 The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.
portal.mineheadmiddle.somerset.sch.uk:2381 SERVICES Unknown Web Proxy Filter 0 - -
15th October 2010, 04:46 PM #7
Ahh you need to put a reg key in to allow other ssl ports. A possible tip:
Forefront TMG is not configured to allow SSL requests from this port. | Kiekeboe100's Blog
I am not sure why TMG would route it to the proxy when it knows the ip is in the internal range...
15th October 2010, 05:09 PM #8
I've now added a rule using the ISA tunnel tool, and now receive the following:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3 Yes Proxy proxy.swgfl.org.uk TCP Req ID: 09240d98; Compression: client=No, server=No, compress rate=0% decompress rate=0% Upstream 0x0 0x102 1154 Web Proxy - - - 0 0 0 - 15/10/2010 15:03:37 0 0 0 0 - - - - - - - Web service down - portal.mineheadmiddle.somerset.sch.uk 15/10/2010 16:03:37 10.5.142.20 126.96.36.199 8080 SSL-tunnel Failed Connection Attempt Inspected Allow Web Access for All Users 995 The I/O operation has been aborted because of either a thread exit or an application request. anonymous Internal Internal portal.mineheadmiddle.somerset.sch.uk:2381 SERVICES Unknown Web Proxy Filter Allowed No Violation Detected 1 - -
16th October 2010, 01:45 PM #9
did you try to add that DNS name to the internal network - properties - web browser tab ?
Bypassing Forefront TMG for Web proxy client requests
By localzuk in forum Windows Server 2008 R2
Last Post: 27th September 2010, 02:11 PM
By localzuk in forum *nix
Last Post: 7th June 2008, 11:12 PM
Last Post: 4th June 2008, 12:26 PM
By Joedetic in forum Wireless Networks
Last Post: 6th August 2007, 12:56 PM
By maniac in forum Web Development
Last Post: 5th April 2007, 12:04 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)