• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Firewall denying port 443 traffic

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Events >> Firewall denying port 443 traffic Page: [1]
Login
Message << Older Topic   Newer Topic >>
Firewall denying port 443 traffic - 18.Jun.2008 3:11:30 PM   
lcsgeek

 

Posts: 57
Joined: 2.Aug.2005
From: MI, USA
Status: offline
I've written an access rule with the following:

Allow
All Outbound Traffic
From: my own custom list of private IPs
To: External and Perimeter
Condition: All Users

This rule is the first one on my Polcy listing.

I have a user who's IP address is in the 'From' field and she is running a POS application which tries to authorize credit cards via g1.merchantlink.com:443.  However while doing a monitor I keep getting this denial (see: http://www.lenawee.org/isaError.jpg ).  Any one of my users (even those outside the Unrestricted Rule mentioned above) can visit https websites.  It seems to me that this application shouldn't be treated any different than a regualr SSL connection.

One other note: I am requiring user authentication on the Private Network interface.  Furhtermore I have the firewall client installed on the POS computer.  My understanding is that the firewall client should take care of all authentication issues between the workstations on the LAN and their corsponding ISA Network interface.

I'm open to all suggestions.

Thanks
Darin

< Message edited by lcsgeek -- 18.Jun.2008 3:23:57 PM >
Post #: 1
RE: Firewall denying port 443 traffic - 23.Jun.2008 8:18:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
What is the source and destination address that is being denied?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to lcsgeek)
Post #: 2
RE: Firewall denying port 443 traffic - 23.Jun.2008 8:49:09 AM   
lcsgeek

 

Posts: 57
Joined: 2.Aug.2005
From: MI, USA
Status: offline
The source IP is 10.0.0.221 and the destination IP is whatever g1.merchantlink.com resolves to.  Like I stated before this particular private IP is hardcoded into the From field of the policy.

(in reply to tshinder)
Post #: 3
RE: Firewall denying port 443 traffic - 23.Jun.2008 9:57:49 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Is 10.0.0.1 the ISA firewall?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to lcsgeek)
Post #: 4
RE: Firewall denying port 443 traffic - 23.Jun.2008 11:49:52 AM   
lcsgeek

 

Posts: 57
Joined: 2.Aug.2005
From: MI, USA
Status: offline
Sorry I dind't give you that piece of info before but yes it is.

Something I've just tried:
I unchecked "Require all users to authenticate" and now the app works.

I had this checkbox checked to mandate an AD account in order to browse.  Plus I want to log where our students are visiting.

< Message edited by lcsgeek -- 23.Jun.2008 11:53:18 AM >

(in reply to tshinder)
Post #: 5
RE: Firewall denying port 443 traffic - 24.Jun.2008 9:31:08 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
OK, that makes sense. If the app can't be configured with Web Proxy settings, then auth may fail.

You can configure a rule that allows users to reach that site anonymously.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to lcsgeek)
Post #: 6
RE: Firewall denying port 443 traffic - 24.Jun.2008 2:31:19 PM   
lcsgeek

 

Posts: 57
Joined: 2.Aug.2005
From: MI, USA
Status: offline
quote:

You can configure a rule that allows users to reach that site anonymously.

Please describe.

(in reply to tshinder)
Post #: 7
RE: Firewall denying port 443 traffic - 25.Jun.2008 11:18:18 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Create a rule that allows access to the site that the app needs to get to. Allow access on the rule for "All Users".

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to lcsgeek)
Post #: 8
RE: Firewall denying port 443 traffic - 26.Jun.2008 1:18:47 PM   
lcsgeek

 

Posts: 57
Joined: 2.Aug.2005
From: MI, USA
Status: offline
Very well, I think I was over complicating things.

Thank you Tom, I really appreciate the time and effort you put into helping all of us.  I have no idea what motivates you.

(in reply to tshinder)
Post #: 9
RE: Firewall denying port 443 traffic - 27.Jun.2008 8:57:22 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi LCS,

I do this for fun! I also learn a lot from the issues that others have with the ISA firewall, so you and others are doing me a great service!

Good to hear you got things working and thanks for the follow up!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to lcsgeek)
Post #: 10

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Events >> Firewall denying port 443 traffic Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts