+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 24 of 24
Internet Related/Filtering/Firewall Thread, Using TMG Server as a Transparent Proxy in Technical; Hi, We're also trying to setup TMG as a transparent proxy however we're having problems with HTTPS traffic. We also ...
  1. #16

    Join Date
    Jan 2012
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi,

    We're also trying to setup TMG as a transparent proxy however we're having problems with HTTPS traffic. We also have a squid based RM proxy (SEGfL) and have specified it as an upstream proxy for external connections (proxy.segfl.ifl.net). We've purchased IsaScript and entered the script recommended in the previous post which seems to be working properly with HTTP traffic but we get timeouts when trying anything HTTPS.

    For the upstream proxy we've tried the default of 8443 for SSL and also changed it to 8080 but it doesn't seem to make any difference. We've also set TMG to route the traffic from our WiFi network to the External connection but this hasn't had any effect either. Is there anything else we may need to change to get this working?

    Any ideas anyone?


    Cheers

  2. #17

    Join Date
    Sep 2007
    Posts
    107
    Thank Post
    8
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    I'm also trying to setup a transparent proxy with seperate VLAN network & IP range on an open SSID, when i direct the default gateway via DHCP to the forefront TMG server i get this on on an open client device:

    IMG_0004[1].PNG

    We're using ubiquiti unifi APs and the physical server running the controller software has two network cards 10.11.216.1 (open) and 10.11.227.14 (secure) - its also my DHCP server for the open network of which the gateway is set to 10.11.216.2 that is the third network card i setup in my TMG server, should I at least be getting http traffic with this setup?

  3. #18


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 434 Times in 353 Posts
    Rep Power
    125
    Quote Originally Posted by jwood View Post
    Strange - still not working here. Again, it works if you enter the TMG server as the client's proxy but not without. I'll keep experimenting though.
    I can't remember where I read it, but I saw somewhere that TMG doesn't work as a Transparent proxy with web chaining is the upstream proxy is running squid. I'm assuming your on SWGfL who use squid.

  4. #19

    Join Date
    Jan 2012
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Have you setup a rule to NAT the traffic from the seperate VLAN to your external connection?

  5. #20

    Join Date
    Sep 2007
    Posts
    107
    Thank Post
    8
    Thanked 2 Times in 2 Posts
    Rep Power
    14
    yes the source network is "sjwifi" and set to route relation

    Capture6.PNG

  6. #21

    Join Date
    Dec 2011
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    We have a similar problem with TMG acting as a transparent proxy for our guest wifi. We have a direct Internet connection so don't have any of the upstream issues that some are facing but still have an issue with SecureNAT clients accessing secure websites. http works fine. I wonder if Jamesfed or Jwood or anyone else who has this sorted are able to offer any assistance on this? We're beginning to think that we will have to require clients to enter proxy settings which as far as I can see would mean that Android users wouldn't be able to use the wifi.

    Many thanks,

    Richard

  7. #22
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,142
    Thank Post
    126
    Thanked 325 Times in 274 Posts
    Rep Power
    81
    Sorry I only have experiance with the problems that Squid gave us - maybe it would be worth getting a trial of ISA Script and seeing if the script thats in a link in my previous posts will work?

    All the same over the past few months we've noticed a decline in the number of Droid users with phones that don't support proxys so I can imagine within the next 6months-1 year we will be rid of this problem anyway.

  8. #23

    Join Date
    Dec 2011
    Posts
    2
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for responding. I will have a look at the script and see if that helps. We are already using some software called captivate by the same company to get the SecureNAT clients to authenticate before they access the Internet.

    I had a look at what devices were using the guest network and only about 13% were running Android. My understanding is that it's only Ice Cream Sandwich that supports proxy settings on Android or have you found that earlier versions allow users to put in Proxy info?

    Cheers.

  9. #24

    Join Date
    Apr 2008
    Location
    Aigburth, Liverpool
    Posts
    154
    Thank Post
    31
    Thanked 10 Times in 10 Posts
    Rep Power
    14
    I'm going to try and revive this thread, as I am having the EXACT same issues, but with no apparent solution.

    I want to make TMG transparent so that users with mobile devices can simply "automatically detect settings" within their browsers without having to edit the LAN settings and populate it with proxy details (which isn't even possible on some mobile devices). When I do, it does the same as reported in here, whereby HTTPS pages simply do not work. I have contacted the local council that run the upstream proxy, and they have confirmed that it does indeed run SQUID. I have tried using the ISASCRIPT but I get the exact same result. I successfully completed the "Hello World" tutorial in the documentation but the script listed here doesn't seem to change anything. I have used HTTPWatch and it's still getting stuck on the SSL. Is there anything anyone can suggest, or does this NEED to be looked at by the council that provide the upstream server?

    This is seriously keeping me up at night

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Using a webcam as a CCTV.
    By Midget in forum Hardware
    Replies: 7
    Last Post: 13th September 2013, 07:49 AM
  2. ISA server as a transparent proxy
    By FN-GM in forum Wireless Networks
    Replies: 30
    Last Post: 25th February 2008, 04:33 PM
  3. Using old machine as Print Server
    By SimpleSi in forum *nix
    Replies: 9
    Last Post: 22nd September 2006, 04:51 PM
  4. Using Windows Defender as Antispyware on a domain
    By Geoff in forum How do you do....it?
    Replies: 8
    Last Post: 11th April 2006, 01:57 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •