+ Post New Thread
Results 1 to 14 of 14
Wireless Networks Thread, ISA blocking streamed media in Technical; ...
  1. #1

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    11

    ISA blocking streamed media

    Hi all,

    Not sure if this is the right section of the forum but it looked the best place to put it for now

    We've got an issue where flash content from websites such as vimeo is not loading for whatever reason.

    Our (very) basic network outline for outbound traffic is - Client PC > ISA 2006 > suffolk CC cachebox with filtering > suffolk CC proxy server (@ suffolk CC). we operate a private 172.* network routed by ISA to our CC

    The tests that i've done to rule out things such as the cachebox being at fault are;
    Local admin user through ISA – Working, no authentication requested by ISA
    Local user through ISA - Working, no authentication requested by ISA
    Going through our DMZ out through our cachebox – Working
    Test network accounts going via our county proxy (proxy.gfl.*, but will still be routed by isa) – Working
    Test network user going through usual route (isa-01 > cachebox > proxy.gfl.*) – NOT WORKING

    The previous solution to this was to put the URL into the internal networks web proxy direct access list. this has worked for some parts of youtube, google vids, etc but it's still very flakey.
    Basically all content for the page loads and the flash box just sits loading.

    Thanks

  2. #2

    Join Date
    Mar 2010
    Posts
    222
    Thank Post
    34
    Thanked 39 Times in 35 Posts
    Rep Power
    17
    Have you tried setting up a monitoring filter in ISA to try and isolate the problem? I suggest you use the IP of a PC with the problem to see if ISA is blocking anything.

  3. Thanks to skell from:

    timlineuk (15th June 2010)

  4. #3

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    No i hadn't, thanks.

    The content appears to be allowed to load then it gives the message "10054 An existing connection was forcibly closed by the remote host"
    The destination IP is our cache/filter box

  5. #4

    Join Date
    Mar 2010
    Posts
    222
    Thank Post
    34
    Thanked 39 Times in 35 Posts
    Rep Power
    17
    Is the error also saying which rule its using? It could be a case of adding the IP address of the cache/filter box to the "Allow to" and "Allow from" in this rule.

  6. #5

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Cheers, i'll have a look.
    it's also looks like the firewall service is initiating the connection and then closing it. why would this be?

  7. #6

    Join Date
    Mar 2010
    Posts
    222
    Thank Post
    34
    Thanked 39 Times in 35 Posts
    Rep Power
    17
    Is is closing instantly, or after a period of 60000ms? 60000ms is the default timeout period.

  8. #7

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    It initiates the connection then allows the connection for about 2 seconds before closing the connection. about 50 allow logs in total but definately closing it fairly instantly

  9. #8

    Join Date
    Mar 2010
    Posts
    222
    Thank Post
    34
    Thanked 39 Times in 35 Posts
    Rep Power
    17
    I think its normal behaviour. I'm not an expert on ISA 2006, but I suspect these are authentication requests.

  10. #9

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Ok, thanks. I'll keep digging.

  11. #10
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    I was wondering which client type you have enrolled for your user : securenat, proxy or firewall client ?

    bio..

  12. #11

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Web proxy and firewall client support is enabled as well as NAT being used to forward clients out.
    Not 100% sure if that's the information you mean though

  13. #12
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    38
    Quote Originally Posted by timlineuk View Post
    Web proxy and firewall client support is enabled as well as NAT being used to forward clients out.
    Not 100% sure if that's the information you mean though
    Well what does you monitor log show ? is it a firewall client, webproxy client ? There is a huge difference on how the isa handles traffic by those types.
    Another thing you might check since you forward traffic to another proxy/FW is connection rate limits. It could be that your isa is trying to open many connections to the upstream proxy and get denied by it. example : ISA Server Network Protection: Protecting Against Floods and Attacks

    bio..

  14. Thanks to bio from:

    timlineuk (16th June 2010)

  15. #13

    Join Date
    Oct 2009
    Posts
    70
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Thanks, i'll take a look. would i be able to mail you a log if you PM me your address?
    There are a few "too many connection" type warnings in the OS event viewer so it could well be somthing to do with it, although none of the IPs logged are my test PCs

  16. #14

    Join Date
    Dec 2010
    Location
    Swindon, UK
    Posts
    24
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    did you get this working??

SHARE:
+ Post New Thread

Similar Threads

  1. ISA Server - Blocking Laptops
    By Crispin in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 25th March 2009, 10:39 AM
  2. ISA server blocking https
    By DSapseid in forum Windows
    Replies: 6
    Last Post: 9th January 2009, 03:07 PM
  3. ISA 2004 Blocking Groups
    By drewinc in forum Windows
    Replies: 4
    Last Post: 11th June 2007, 12:37 PM
  4. Blocking mp3,wma etc media files
    By NetworkGeezer in forum How do you do....it?
    Replies: 11
    Last Post: 26th May 2006, 11:49 AM
  5. ISA 2004 Filetype blocking
    By indiegirl in forum Windows
    Replies: 2
    Last Post: 21st March 2006, 03:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •