Since there are a couple of users how have (had) the same problem as me (running TrendMicro's InterScan WebSecurity Suite and ISA 2004 on the same box), I think it might be helpful for one to know one working solution.
ISA is listening on port 8082 for incoming web proxy requests. Each user has to authenticate against AD to get Internet access and enforce the rules to be applied. After a successful authentication, ISA forwards the requests to IWSS (port 8084), which retrieves the URL directly via a leased line.
1) Configure ISA and IWSS to your needs. 2) Set up ISA to listen on port 8082 and IWSS on port 8084. 3) Create a rule that allows LocalHost to LocalHost traffic for all the protocols users may use, condition "All Users". 4) Create a rule that allows Internal to External traffic (choose correct protocols, users,...). 5) Remove the Web Proxy Filter from all (!) protocols you mentioned in the two rules. 6) Create a web chaining rule with the following properties: - Action: Redirect them to a specified upsteam server and set <localhost>:8084 for IWSS. Disable automated polling for configuration. - To: External - Bridging: HTTP requests as HTTP requests and SSL requests as HTTP requests.
This works fine for me on several boxes, but: no warranty at all. :-)
If you have any suggestions, problems or improvements, feel free to contact me.
Hi Msillman, I have ISA and IWSS working in same machine , i configure it as you menstioned, every thing work fine except any https sites not workig , i get message : Network Access Message: The page cannot be displayed Technical Information (for Support personnel)
when i log ISA monitor i get this meesage Failed Connection Attempt Log type: Web Proxy (Forward) Status: 0x80002f79 Rule: Web Access Only Source: Internal ( 10.10.21.71:0) Destination: External ( 18.104.22.168:8888) Request: www.google.com:443 Filter information: Req ID: 0afc2009 Protocol: SSL-tunneli tried for days but failed ..
Where does port 8888 come into play? ISA only allows SSL over 443 unless you change it. The best way is to use Jim Harrison's site : http://isatools.org/tools.asp?Context=ISA2004 and use the ISA TRPE utility. It allows you to use SSL over ports other than 443. It does restart the firewal lservice when you apply yhe change, though.