• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Celestix / ISA 2006 and eBay.co.uk

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Celestix / ISA 2006 and eBay.co.uk Page: [1]
Login
Message << Older Topic   Newer Topic >>
Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 5:05:37 AM   
st1967

 

Posts: 7
Joined: 6.Nov.2009
Status: offline
Looking everywhere to this particular problem we have and absolutely no joy.

We have been a happy Celestix Application Server user for almost 3 years (msa2000i) which runs as a proxy with Websense.  We have been using it behind a 6 year old Cisco PIX firewall and we have recently upgraded and moved our WAN and it now runs behind a WATCHGUARD firewall solution.

Our problem is that we cannot sign into ebay.co.uk?  It's not websense because it's a "page cannot be displayed" error and I'm a power user anyway.  You get the main "http://www.ebay.co.uk" page, you even get the "http://my.ebay.co.uk" page where you logon to your account.   The fun and games starts when you enter your logon details and it then tries to logon to "https://signin.ebay.co.uk", this always returns a "page cannot be displayed".

We know it is something on the proxy because all our central fileservers have open access via the firewall and they can logon perfectly.

Our Watchguard support think it is something to do with the SSL cert belonging to ebay.com and it's trying to logon to ebay.co.uk?  But that might just be clutching at straws ?

Anybody else out there seen this or have any idea what I can do.   At the moment I'm contemplating working out all the IPs/subnets to bypass the proxy but I think that is defeating the object somewhat.   We use ebay quite heavily to sell truck parts.

Many Thanks.

< Message edited by st1967 -- 6.Nov.2009 5:07:09 AM >
Post #: 1
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 11:59:29 AM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
It is more likely that the HTTP filter is objecting to something.  I'm able to reach the site behind my ISA 2006 firewall, however.  Do you see in the logs when you try to connect to the site?

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to st1967)
Post #: 2
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:12:45 PM   
st1967

 

Posts: 7
Joined: 6.Nov.2009
Status: offline
quote:

ORIGINAL: richardhicks

It is more likely that the HTTP filter is objecting to something.  I'm able to reach the site behind my ISA 2006 firewall, however.  Do you see in the logs when you try to connect to the site?


Thanks for the reply.

I am getting Failed Connection Attempt,  SSL-Tunnel Protocol, Port 443, Source Network External, Destination Network External,

(in reply to richardhicks)
Post #: 3
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:23:12 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Is the Watchguard trying to do something "clever" to HTTP traffic coming from ISA?

I have used ebay in many ISA environments, so it has go to be something environmental or specific about your config...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to st1967)
Post #: 4
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:26:36 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
I think you've found your problem.  The source network is 'external'?  Same as the destination? 

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to st1967)
Post #: 5
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:28:50 PM   
st1967

 

Posts: 7
Joined: 6.Nov.2009
Status: offline
quote:

ORIGINAL: Jason Jones

Is the Watchguard trying to do something "clever" to HTTP traffic coming from ISA?



Thanks both, I don't think the Watchguard is doing anything clever, it just passes http/https through that is all?

However the SSL error has moved me in a new direction and I found this in another post on an old thread

"SSL errors almost always relate to going out 1 way , and coming back another way, hence not completing the handshake. In normal words : you probably have a different default gateway than your proxy server."

Now this is the case because we were originally having the celestix in a DMZ so it has a 10.0.0.x address and gateway, the rest of our network is on 192.168.x.x !!

I will pass this onto my support team and see what they think of it?

(in reply to Jason Jones)
Post #: 6
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:36:20 PM   
st1967

 

Posts: 7
Joined: 6.Nov.2009
Status: offline
quote:

ORIGINAL: richardhicks

I think you've found your problem.  The source network is 'external'?  Same as the destination? 


Oh dear, just removed what I though was causing this on the default web rule and I've stopped it working.  I removed All Networks (and local host) from the From/Listener section of my web access only rule.

(in reply to richardhicks)
Post #: 7
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:40:56 PM   
st1967

 

Posts: 7
Joined: 6.Nov.2009
Status: offline
quote:

ORIGINAL: richardhicks

I think you've found your problem.  The source network is 'external'?  Same as the destination? 


Where would it be picking up this Source as "external" then?  Or is the Different Gateways more of the cause?  Something to ponder, had enough for a Friday afternoon now.

(in reply to richardhicks)
Post #: 8
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:43:39 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
I would look very closely at your routing configuration.  Something is very strange here, that's for sure.

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to st1967)
Post #: 9
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 12:46:04 PM   
st1967

 

Posts: 7
Joined: 6.Nov.2009
Status: offline
quote:

ORIGINAL: richardhicks

I would look very closely at your routing configuration.  Something is very strange here, that's for sure.


Thanks, I will do, it can wait till Monday morning though

(in reply to richardhicks)
Post #: 10
RE: Celestix / ISA 2006 and eBay.co.uk - 6.Nov.2009 1:09:58 PM   
pfearns23

 

Posts: 8
Joined: 6.Nov.2009
Status: offline
Hi,

Are you still having problems ?

Can you PM me your phone number and I can call you and run through some things !

Cheers

_____________________________

Paul Fearns,
Technical Consultant
Celestix Networks - Europe.
http://www.celestix.com

(in reply to st1967)
Post #: 11
RE: Celestix / ISA 2006 and eBay.co.uk - 12.Nov.2009 11:22:54 AM   
st1967

 

Posts: 7
Joined: 6.Nov.2009
Status: offline
quote:

ORIGINAL: pfearns23

Hi,

Are you still having problems ?

Can you PM me your phone number and I can call you and run through some things !

Cheers


Just to close this off for anybody interested.  Spoke to Paul at Celestix UK and he kindly connected onto my box to have a look.

It turned out to be a websense issue, in that Websense did not know it was also a proxy server so it was doing strange things with the HTTPS traffic.

Paul took time over several days to give me hand, but it wasn't until he looked remotely that he spotted it right away.  I can't praise Paul and Celestix enough, even though my server is a few years old now and out of support he was quite happy to do what he could to fix it.

Many Many Thanks to Paul and Celestix, I've a happy group of users around the UK now.

< Message edited by st1967 -- 12.Nov.2009 11:25:06 AM >

(in reply to pfearns23)
Post #: 12
RE: Celestix / ISA 2006 and eBay.co.uk - 13.Nov.2009 7:45:05 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Thanks for sharing with the community!!

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to st1967)
Post #: 13

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> HTTP Filtering >> Celestix / ISA 2006 and eBay.co.uk Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts