none
Users access the web on both port 80 and 8080 - why not only 8080

    Question

  • I am running Forefront TMG as a firewall/proxy server and some clients connect to the Internet over port 8080 and are filtered by web security (which is what I want) while others are access the Internet over port 80 and are not filtered by web security (which is what I don't want). I have tried using auto discovery through AD, DNS, DHCP, and group policy but nothing seems consistent. I even tried the Forefront client and auto discovery was still hit and miss. Right now I have disabled all auto discovery except DNS and DHCP and both use port 80. The server is 2008R2 X64 and the clients are mostly Windows 7 X64 with a few Windows 7 X86 and XP SP3 X86 mixed in. What is the most consistent way to ensure all users access the web via port 8080 and are subjected to web filtering?

    Thanks in advance


    eburch@lasertel.com

    Friday, April 06, 2012 8:25 PM

All replies

  • Run the monitoring in the dash board and post what you have seen on it for 8080..

    Exchange Queries

    Saturday, April 07, 2012 3:36 AM
  • Not sure I understand the request. The clients that are connecting via port 80 are connecting via SecureNat and Web Proxy while the clients that are connecting over port 8080 are connecting via Web Proxy. I force authentication at the TMG so quite a few attempted connections from machines to port 80 fail. I looked for reasons and can't find anything obvious for all the attempted but failed connection. I am really look for a solid way to ensure everyone goes through 8080.

    eburch@lasertel.com

    Saturday, April 07, 2012 8:20 PM
  • Hi,

    Thank you for the post.

    This is by design. If the requests from SecureNAT or Firewall clients, TMG server intercepts the traffic on port 80 as a transparent proxy request, and passes it to the Web Proxy filter.

    Regards,


    Nick Gu - MSFT

    Monday, April 09, 2012 6:02 AM
    Moderator
  • That is the crux of my question. How does one ensure that clients access the web proxy over 8080 versus 80? What defines a clients access as SecureNAT versus Firewall versus Web Proxy over 8080?

    eburch@lasertel.com

    Monday, April 09, 2012 2:29 PM
  • Hi,

    Thank you for the update.

    Please refer to this article: http://technet.microsoft.com/en-us/library/cc713344.aspx

    Regards,


    Nick Gu - MSFT

    Tuesday, April 10, 2012 5:25 AM
    Moderator
  • Ok - so it appears there is an error in my wpad.dat file. How are the wpad.dat and wspad.dat files created and can I get the Forefront server to create new ones that are correct for this configuration of Forefront?

    eburch@lasertel.com


    • Edited by EBurch Tuesday, April 10, 2012 4:28 PM
    Tuesday, April 10, 2012 4:28 PM
  • Thursday, April 12, 2012 4:15 AM
    Moderator
  • I have read that article several times - I understand the basics and have tried setting DHCP and DNS using port 80 or 8080, etc to try to get automatic discovery working to no avail. I have looked at both the wspad.dat file and the wpad.dat file via the browser and while the wspad.dat file appears correct the wpad.dat does not. I looked on the TMG server but could not find either file so I don't know how to fix it. 

    eburch@lasertel.com

    Thursday, April 12, 2012 4:03 PM