Re: Gateway Time out Issue Single NIC Web Proxy Config


"Kyle Blake" <KyleBlake@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BC74E11F-E2C7-405B-ADF4-C612B9361EFA@xxxxxxxxxxxxxxxx
PHILLIP, you are correct!

I believe what is happening is the UPSTREAM firewall is receiving traffic
from ISA on PORT 80.
The upstream firewall only accepts traffic on port 8080.

It is not doing that if it is a traditional NAT based Firewall. Only Proxy
Servers are capable of (and expect) to receive traffic in that manner.
When you send traffic to a specific Port you are directing the traffic at a
particular Applcation (a proxying service) running on that port.

IS there anyway that you know of to get ISA to change destination port to
accomodate upstream firewall?

ISA in such a case would have to be configured to use and upstream proxy
(known as Proxy Chaining).

On the other hand, if you are wrong about this other firewall,.. an upstream
NAT based Firewall is "seen" as nothing more than the "next hop" Router.
Downstream devices such as ISA do not know (or care) that it is a firewall
or just a simple LAN Router.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html

Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp

Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------


.

Relevant Pages

  • Re: Trying to understand this behavior, Ports in IIS
    ... That tells me the ISA server was accepting the connections. ... assign port 8080. ... In the border router and in the PIX firewall (both devices are "in front of" ...
    (microsoft.public.inetserver.iis.security)
  • Re: open port in isa 2004 ?
    ... I understand that you want to know how to open port ... Open the ISA 2004 management console. ... then select the protocol (if the protocol does not exist, ... How to configure networks in ISA Server 2004 ...
    (microsoft.public.windows.server.sbs)
  • RE: HOW DO I ACCESS ISA SERVER in SBS Premium 2003
    ... Without ISA, you can configure RRAS to do port forwarding. ... Publishing a SQL Server Computer with ISA Server 2004 ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Gateway Time out Issue Single NIC Web Proxy Config
    ... The upstream firewall is a firewall (no proxy) Checkpoint Guardian. ... If I shut down ISA server services, go to I.E. and enter upstream firewall ... So since ISA is proxying the request and not NATing it. ...
    (microsoft.public.isa.configuration)
  • Re: Gateway Time out Issue Single NIC Web Proxy Config
    ... PHILLIP, you are correct! ... The upstream firewall only accepts traffic on port 8080. ... IS there anyway that you know of to get ISA to change destination port to ...
    (microsoft.public.isa.configuration)
Loading