Mittwoch, 6. Juni 2012 23:17
We have a TMG server that is set up for autodiscovery via DNS. Internal hosts have IE proxy settings set to automatically detect settings. Internal clients can access the TMG web proxy and utilize it for both HTTP and HTTPS requests without issue.
We also have SSTP enabled through TMG. Clients can connect to the SSTP VPN just fine and can communicate with the internal networks without any problem. These SSTP clients also have their IE proxy settings set to automatically detect settings. For HTTP connections this works without any issue. SSTP clients identify the proxy and utilize TMG to proxy the HTTP request.
However, this does not work for HTTPS requests. On an SSTP connected client, a request for an HTTPS site will result in a timeout. On the TMG server an event is generated and reads as follows (obfuscated):
Initiated Connection SERVERNAME 6/6/2012 6:50:37 PM
Log type: Firewall service
Status: The operation completed successfully.
Rule: Name of Allow Rule
Source: VPN Clients (x.x.x.11:2003)
Destination: Internal (18.104.22.168:443)
Additionally, tests with the traffic simulator show that the traffic is allowed.
Everything with TMG has worked thus far, but this problem has me a bit perplexed. Any insight you can provide would be appreciated and if I need to provide any additional information please let me know.
Looks like this is a client issue. If I set the system proxy settings to automatically detect settings it results in the issue described above. However, if I use Firefox and select "Auto-detect" instead of system settings, the HTTPS requests are sent to the proxy as one would expect.
Now if I go into Internet Options and highlight the remote SSTP connection and select "Settings" I can supply different proxy settings there. If I choose "automatically detect" then both HTTP and HTTPS work within Internet Explorer. In this configuration, however, the "system settings" for the remote connection will not be used by Firefox. This results in Firefox being unable to proxy HTTPS requests.
While this is very frustrating it does appear to be a client issue and has nothing to do with TMG. I'll leave this post up in case someone has insight into the above issue.
- Bearbeitet SgtB2002 Donnerstag, 7. Juni 2012 15:19
- Typ geändert Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Mittwoch, 13. Juni 2012 01:35
Mittwoch, 4. Juli 2012 11:47Moderator