Hello, I am having problems with a particular website when it goes through our ISA 2006 (Edge Firewall) server.
My clients are using web proxy on Port 8080. I have my Firewall rule setup for HTTP\HTTPS "All users" permissions for the site they need access to. My URL and Domain Sets contain the website. In addition, I have also used IP for the URL Set site.
I can access HTTPS websites in general, however I cannot access a particular website that transitions from HTTP to HTTPS once the user logins for the above URL\Domain sets mentioned above. Everyone gets "Page cannot be displayed", including myself which has full access (All protocols) through the ISA server. If I bypass the ISA server while using a static IP, the HTTPS site works OK.
I have enabled Web Proxy Clients Port 8080 on my "Internal Network" Configuration. Also, "Enable Firewall Client support for this network" is checked with the appropriate server. "Automatic web browser" config is not enabled. "Use a web proxy server" is checked as well. The Firewall client applet is not installed on any of our machines. After countless hours of parsing through Firewall and Web logs, I can't really get any good info to help troubleshoot the issue. Only the following:
Check your browser settings. Goto: Tools | Internet Options| Advanced | and uncheck Show Friendly HTTP Error Messages
And try to hit the site again, because a page cannot be displayed message simply means that you did not get a response from the site you requested. With that show friendly http error message disabled, you'll get a different result, and if the page is truely not available should get an Network Access Message page (with more details), if your request was sent to ISA.
Additionally you should get a trace from the client machine, while you duplicate the problem, to determine if all http requests are being sent to ISA. Install winpcap(http://www.winpcap.org/) Also get windump once you have the above, run the following windump command: windump -D (to figure out the number assigned to your interface card, let's assume its "2")
windump -i 2 -nn -s 0 -w c:\web_capture.cap "tcp port 8080 or tcp port 443"
Look the trace (you'll probably want to get wireshark or ethereal), see if you have any requests destined to tcp port 443.
Once you complete those steps, let me know what you find.