• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

HTTPS works, but not HTTP and FTP

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> HTTPS works, but not HTTP and FTP Page: [1]
Message << Older Topic   Newer Topic >>
HTTPS works, but not HTTP and FTP - 14.Nov.2007 1:23:38 PM   


Posts: 16
Joined: 2.Aug.2005
Status: offline
Struggling with an access issue... hope someone may have some ideas:

I've configured a DMZ perimter segment, using a Linksys WAP54G wireless access point, to allow Internet access for untrusted users.  For now, I have configured an access rule permitting all traffic from the DMZ segment to the External interface.  I did create a network rule for a NAT relationship between the DMZ segment and the External network.

DNS and DHCP both work properly for users of this segment.  I added and configured both DNS and DHCP services directly on the ISA server, having them both only listen to the DMZ interface.

I've connected to the segment, through the WAP, using a laptop running Windows XP.  As mentioned, DCHP and DNS work perfectly.  I can even ping servers like google and mindspring.  The issue I'm having is, from the laptop using Internet Explorer, the protocols which do not appear to "work" is HTTP and FTP.  HTTPS works fine!!

I've monitored all traffic on the DMZ segment (using llive logging) and I notice all HTTP, FTP and HTTPS requests hit the firewall, but IE will not display anything for HTTP and FTP requests.  Any secure site I access via HTTPS works fine.

I thought it may be my laptop and something related to ports, but I can access the Linksys WAP's internal web browser via HTTP just fine.

Any thoughts about where I may check next?  As mentioned, I'm struggling a bit with this issue.

Post #: 1
Problem Resolved!!! - 29.Nov.2007 1:49:04 PM   


Posts: 16
Joined: 2.Aug.2005
Status: offline
OK, the problem turned out to be the Receive Side Scaling attribute for my network card.

For the DMZ leg at issue, I had installed a PCIe Intel Pro1000 dual port adapter.  The Receive Side Scaling attribute defaults to Enabled... the same as the internal Broadcom adapter (Dell 1950).  This attribute for the Intel Pro card can be found in the Device Manager/Network Adapters area for this specific card.  There is an Advanced tab which allows you to modify individual attributes.  Once the Receive Side Scaling attributed was disabled, all traffic passed through without issue.

Hope this helps anyone else.


(in reply to toddler)
Post #: 2
RE: Problem Resolved!!! - 29.Nov.2007 7:00:53 PM   
Jason Jones


Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Nice sleuthing!

Good update...


Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to toddler)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> HTTPS works, but not HTTP and FTP Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts