Re: ISA - 403 Forbidden

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Daniel (idaniel99_at_hotmail.com)
Date: 06/17/04 

Date: Thu, 17 Jun 2004 08:21:38 GMT

There might be a problem with DNS
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=6;t=002543

"Daniel" <idaniel99@hotmail.com> wrote in message
news:P9bAc.775040$oR5.600175@pd7tw3no...
> Thanks for your reply Tony,
>
> Before the Netgear Firewall Installation the SBS CEICW for Firewall was
> setup just as you suggested and worked fine.
> But after the install with same selections I'm getting that 403 Forbidden.
> Even if I select all the services from the middle section to be published
> still doesn't work.
> Although it doesn't realy make sense the only way it works is if I publish
> the entire site. So to keep it secure I blocked port 80 and for remote use
> only https. I'll have to research more on this issue, but if you have any
> suggestions pls let me know.
> Cheers,
> Daniel
>
>
>
>
> "Tony Su" <anonymous@discussions.microsoft.com> wrote in message
> news:1d3cc01c45368$f60a7080$a001280a@phx.gbl...
>> You should select the middle (second) of the three
>> options, not the third option to publish the entire
>> website.
>>
>> When you select the middle option, select each and every
>> Service you want published, the CEICW will create a
>> separate rule publishing each of the items you select and
>> anything else will remain inaccessible to the Websurfer.
>>
>> Do <not> publish the entire site, as you might have
>> guessed that would be a major compromise of your system.
>>
>> Tony Su
>>
>>
>>
>>>-----Original Message-----
>>>I recently added a router in front of SBS2k3 with ISA -
>> 2 NICs (2 static
>>>IP's). All ports required :80, 443, 444, 4125.... on the
>> router have been
>>>forwarded to the external SBS static IP.
>>>The problem is that when I run CEICW, unless I
>> select "Allow access to the
>>>entire site from the internet" under web service
>> configuration in Firewall
>>>settings, I can't access the site remotely and get this
>> message:
>>>"403 Forbidden - The server denies the specified Uniform
>> Resource Locator
>>>(URL). Contact the server administrator. (12202) Internet
>> Security and
>>>Acceleration Server"
>>>Before the router installation I had selected only
>> certain web site services
>>>such as OWA and RWW and it worked fine.
>>>If I select "Allow access to the entire site from the
>> internet " everything
>>>works fine, but it publishes the entire website, so I had
>> to block port 80
>>>and use only https://xxx/remote, or /exchange.
>>>Any suggestions?
>>>
>>>Thank you,
>>>Daniel
>>>
>>>
>>>.
>>>
>
>

Relevant Pages

  • Re: Windows XP cannot display the Firewall Settings
    ... Tony wrote: ... "The specified module could not be found" ... Here are some other links to help with the Firewall, ... Troubleshooting Windows Firewall Problems ...
    (microsoft.public.windowsxp.general)
  • RE: Company Firewalls IP Address
    ... I thought you were saying that your fw admin claims there was no way for an external site to obtain the firewall IP. ... |To: tony tony ... You would have to look at your Checkpoint rule base ... |>address to the entire internet. ...
    (Security-Basics)
  • Re: tcp keep alive - blocked by iptables firewall?
    ... tony wrote: ... > Another suggestion is that the firewall is blocked by the firewall. ... up the timing in connection tracking properly. ... dump that don't appear in the other dump, ...
    (comp.os.linux.networking)
  • Re: outlook express users..a little help
    ... you might have it blocked in your firewall. ... Tony ... > any words of advice? ...
    (alt.guitar.beginner)