Re: Gateway Time out Issue Single NIC Web Proxy Config
- From: Kyle Blake <KyleBlake@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 24 Jul 2007 13:12:03 -0700
Hi,
Thank you for your help today with this.
The upstream firewall is a firewall ( no proxy ) Checkpoint Guardian.
If I shut down ISA server services, go to I.E. and enter upstream firewall
ip in proxy settings with port 8080 I get internet.
So since ISA is proxying the request and not NATing it.
Why is the upstream firewall not allowing the request.
Rather then just routing it I am confused as to why ISA will not work.
I am suspecting the upstream firewall will need to have a rule set enabled
for ISA?
That or this configuration will not work.
Which I hope, defense in dept is the approach here.
I read your post one more time and I Agree ISA should not care about the
next hop being a firewall.
I think we've nailed it down.
There is no way to proxy chain isa with guaradian I'd imagine.
"Phillip Windell" wrote:
.
"Kyle Blake" <KyleBlake@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BC74E11F-E2C7-405B-ADF4-C612B9361EFA@xxxxxxxxxxxxxxxx
PHILLIP, you are correct!
I believe what is happening is the UPSTREAM firewall is receiving traffic
from ISA on PORT 80.
The upstream firewall only accepts traffic on port 8080.
It is not doing that if it is a traditional NAT based Firewall. Only Proxy
Servers are capable of (and expect) to receive traffic in that manner.
When you send traffic to a specific Port you are directing the traffic at a
particular Applcation (a proxying service) running on that port.
IS there anyway that you know of to get ISA to change destination port to
accomodate upstream firewall?
ISA in such a case would have to be configured to use and upstream proxy
(known as Proxy Chaining).
On the other hand, if you are wrong about this other firewall,.. an upstream
NAT based Firewall is "seen" as nothing more than the "next hop" Router.
Downstream devices such as ISA do not know (or care) that it is a firewall
or just a simple LAN Router.
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
- Follow-Ups:
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- From: Phillip Windell
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- References:
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- From: Phillip Windell
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- From: Kyle Blake
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- From: Phillip Windell
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- From: Kyle Blake
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- From: Phillip Windell
- Re: Gateway Time out Issue Single NIC Web Proxy Config
- Prev by Date: Re: Gateway Time out Issue Single NIC Web Proxy Config
- Next by Date: Re: Gateway Time out Issue Single NIC Web Proxy Config
- Previous by thread: Re: Gateway Time out Issue Single NIC Web Proxy Config
- Next by thread: Re: Gateway Time out Issue Single NIC Web Proxy Config
- Index(es):
Relevant Pages
|
Loading
