Our organization is using the ISA 2004 SP3 as our firewall. Internal subnet is 172.16.5.x/24. For months now, we are unable to access two websites, www.sharethis.com and www.slarts.org. Both sites are accessible from outside our network. The logs of the ISA firewall show the following at the end of this post. All other websites work just fine. It seems that the policies we have in place for web browsing are being passed over until the default policy is activated.
Could someone out there please help us solve this problem. Thank you very much.
Original Client IP Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method MIME Type Object Source Source Proxy Destination Proxy Bidirectional Client Host Name Filter Information Network Interface Raw IP Header Raw Payload GMT Log Time Source Port Processing Time Bytes Sent Bytes Received Cache Information Error Information Log Time Client IP Destination IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name Log Record Type 172.16.5.235 - TCP - - - 3/31/2009 9:30:33 PM 62782 0 0 0 0x0 0x0 3/31/2009 3:30:33 PM 172.16.5.235 220.127.116.11 80 HTTP Denied Connection [Enterprise] Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED Internal Internal - ISA1 Firewall
ISA 2004 SP3 Firewall. I could really use some help on this. I'll reply with any information that would be pertinent to the issue, logs, ip information, routes, etc. It's just really odd that our existing policy which allows outbound port 80 traffic seems to be getting passed over when accessing one of these websites from within our network. This is not browser or OS specific. We have tested on different OS's, browsers, and environments. We were on SP2 and have upgraded to SP3 in hopes of solving the issue or gaining better diagnostics. I've installed the command line tools to capture the events at well, but we still have no explanation or work around to allow our users to access these particular sites. Thank you in advance.