• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HTTPS To HTTPS Bridge With Custom Ports

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> HTTPS To HTTPS Bridge With Custom Ports Page: [1]
Login
Message << Older Topic   Newer Topic >>
HTTPS To HTTPS Bridge With Custom Ports - 19.May2009 6:51:13 AM   
TokyoBrit

 

Posts: 31
Joined: 13.Nov.2008
Status: offline
Is it possible to configure a firewall policy that would allow HTTPS to HTTPS bridging for web traffic, but using a different port for the perimeter?

Namely, HTTPS traffic comes into the perimeter via port, 8888 for example, is terminated at the ISA server, checked, then sent to the internal network over port 443? And to do this on a per site basis?

This way, internal users still use the regular URL (HTTPS://some.site.com/) but that communications with that sites web server are over a port other than 443.

Thanks in advance.
Post #: 1
RE: HTTPS To HTTPS Bridge With Custom Ports - 19.May2009 10:14:41 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Yep, this is possible.

However, custom ports for SSL will cause problems for external users that are behind proxy servers or firewalls as they may only allow outbound "standard" SSL ports.

You will also need to consider link translation issues as you map between internal and external URLs.

What are you trying to achieve by using custom SSL ports? A quick port scan would reveal custom SSL ports very quickly, as would realising the port is hosting HTTPS traffic...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to TokyoBrit)
Post #: 2
RE: HTTPS To HTTPS Bridge With Custom Ports - 19.May2009 8:17:58 PM   
TokyoBrit

 

Posts: 31
Joined: 13.Nov.2008
Status: offline
To put it simply, we have a new customer that would like us to use some form of web application to transfer files, but while they require HTTPS they don't use port 443.

To minimize the impact on the users involved with this customer, I would like them to use the regular URL, but have it translated to the customers port on the outside.

At worst case, I can just open the specific port on the external firewall application and create a firewall policy for that particular port.

(in reply to Jason Jones)
Post #: 3
RE: HTTPS To HTTPS Bridge With Custom Ports - 20.May2009 9:59:22 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Ah right, it should work then.

Configure the web listener to use the custom SSL port for HTTPS and configure SSL bridging to use 443 for the published server.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to TokyoBrit)
Post #: 4
RE: HTTPS To HTTPS Bridge With Custom Ports - 21.May2009 12:31:03 AM   
TokyoBrit

 

Posts: 31
Joined: 13.Nov.2008
Status: offline
Thanks Jason. All done.

(in reply to Jason Jones)
Post #: 5
RE: HTTPS To HTTPS Bridge With Custom Ports - 21.May2009 4:37:55 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Cool  

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to TokyoBrit)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> HTTPS To HTTPS Bridge With Custom Ports Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts