Anmelden
 
HomeLibraryDownloadsSupportWebcasts & EventsCommunityForenBlogs
Ressourcen für IT-Professionals >
TMG SSTP connected VPN clients cannot use Web Proxy for SSL connections

Allgemeine Diskussion TMG SSTP connected VPN clients cannot use Web Proxy for SSL connections

  • Mittwoch, 6. Juni 2012 23:17
     
     
    Anmelden
    0

    We have a TMG server that is set up for autodiscovery via DNS. Internal hosts have IE proxy settings set to automatically detect settings. Internal clients can access the TMG web proxy and utilize it for both HTTP and HTTPS requests without issue.

    We also have SSTP enabled through TMG. Clients can connect to the SSTP VPN just fine and can communicate with the internal networks without any problem. These SSTP clients also have their IE proxy settings set to automatically detect settings. For HTTP connections this works without any issue. SSTP clients identify the proxy and utilize TMG to proxy the HTTP request.

    However, this does not work for HTTPS requests. On an SSTP connected client, a request for an HTTPS site will result in a timeout. On the TMG server an event is generated and reads as follows (obfuscated):

    Initiated Connection SERVERNAME 6/6/2012 6:50:37 PM 
    Log type: Firewall service 
    Status: The operation completed successfully.  
    Rule: Name of Allow Rule 
    Source: VPN Clients (x.x.x.11:2003) 
    Destination: Internal (173.0.84.3:443) 
    Protocol: HTTPS 
    User: DOMAIN\validuser

    Additionally, tests with the traffic simulator show that the traffic is allowed.

    Everything with TMG has worked thus far, but this problem has me a bit perplexed. Any insight you can provide would be appreciated and if I need to provide any additional information please let me know.

    Thanks.

    [Edit]

    Looks like this is a client issue. If I set the system proxy settings to automatically detect settings it results in the issue described above. However, if I use Firefox and select "Auto-detect" instead of system settings, the HTTPS requests are sent to the proxy as one would expect.

    Now if I go into Internet Options and highlight the remote SSTP connection and select "Settings" I can supply different proxy settings there. If I choose "automatically detect" then both HTTP and HTTPS work within Internet Explorer. In this configuration, however, the "system settings" for the remote connection will not be used by Firefox. This results in Firefox being unable to proxy HTTPS requests.

    While this is very frustrating it does appear to be a client issue and has nothing to do with TMG. I'll leave this post up in case someone has insight into the above issue.

    Thanks again.

     

Alle Antworten