Sign in
Microsoft.com
 
Microsoft Forefront codename "Stirling"
 
 
 
Microsoft Forefront codename "Stirling" > Forefront Codename 'Stirling' Forums > Forefront Threat Management Gateway > HTTP listener does don't redirect to internal site
Ask a questionAsk a question
Search Forums:
 

Proposed AnswerHTTP listener does don't redirect to internal site

  • Thursday, November 05, 2009 7:39 PMKevin Oliver Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi all,
    Have a little trouble with a HTTP listener i setup, setup a firewall rule for  a site, created a listener that checks both HTTP and HTTPS, added the cert and tested the rule, was succesful in reaching the webpage from the TMG box.

    the problem part now, when i try to connect externally from the http:// address, the connect is blocked by the default rule. but if i use the Https:// the listener succeds in redirecting me to the site. Not sure what i am missing on this one.

    Error in the log state the connection was blocked by the default rule.
     

All Replies

  • Tuesday, November 17, 2009 9:56 PMKevin Oliver Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    hmm so let me through some more information out there,

    I have a external IP (24.56.xx.xx) that is tied to the external NIC of the TMG box, the internal NIC points to the Domain. The TMG box is domain joing (technicalpanda.com) the domain is hosted with go daddy, the url www.technicalpanda.com points to the IP of the external NIC on the TMG box.

    A web listener was created for just HTTP, no authentication, listens on the external Network. The Web publising run applies to this published site: www.technicalpanda.com
    the Computer name to resolve is www.technicalpanda.com (Cname for internal resolution.)
    Public name is looking for www.technicalpanda.com, i can ping the website and it returns the IP of the TMG box without issue.
    Trying to navigate to the URL via an outsite computer results in a error in the log 

    Deniend Connection 
    Log Type: Firewall service
    Status: the Policy rules do not allow the user request
    Rule: Default Rule
    Destiation: Local Host
    Protocol: HTTP

    am i missing a step someplace? 

     

     
  • Sunday, November 22, 2009 11:06 AMKeith AlabasterMVPUsers MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    You can see the traffic is being caught by the default rule which is the last rule to be evaluated - a catch-all - therefore the traffic that is arriving does not match with any of the rules that you have created so far. I assume you used the provided publish a web server wizard?

    I would run the Best Practice Analyser as a first step.
     
  • Tuesday, November 24, 2009 7:05 PMKevin Oliver Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     Proposed Answer
    Sign In to Vote
    0
    Sign In to Vote
    Keith,

    Thanks for the reply, found that the DNS server on the external NIC was not pointed at our internal DNS servers. This was causing much of the issue. the Site is now passing a rule, just not the correct rule (a rule farther down the line is allowing it but directing it to the site.) testing the rule on the test rule button successfully completes, the published rule for the site is 1st in the list. Any thoughts would be appreciated