locked
no http communication to internal net RRS feed

 > 

  • Frage

  • Question
    Anmelden
    0
    Anmelden

    Hello,

    we have TMG2010 with dual nic on a W2K8R2. One for external and one for internal net. The external nic is connectect to the next ISA Server and configured with web chaining. Everything works fine but from the TMG there is no communication to internal net on Port 80. Ping, https and so on works fine but not http.

    The rule say all traffic vom localhost to internal net is allowed. The ICMP or HTTPS Packets leaf the TMG on the right interface.

    If i stop TMG Firewall Service i can communicate to Port 80 on the internal net.

    Can anyone help?

    THX

    Michael

    Montag, 23. Mai 2011 10:30

Antworten

  • Question
    Anmelden
    0
    Anmelden

    Hi Michael,

    create another webchaining rule that contains all internal ressources (Networkobject internal) and configure it for direct access. After that make sure that the new rule comes first in the order of webchaining rules.

    Greetings

    Christian

    Christian Groebner MVP Forefront
    • Als Antwort markiert ROSKH Montag, 23. Mai 2011 11:00
    Montag, 23. Mai 2011 10:56

Alle Antworten

  • Question
    Anmelden
    0
    Anmelden

    Hi,

    is it working if you disable the webchaining? If so then create another chaining rule that defines direct access for all internal ressources.

    Greetings

    Christian

    Christian Groebner MVP Forefront
    Montag, 23. Mai 2011 10:41
  • Question
    Anmelden
    0
    Anmelden

    Hi,

    Du versuchst also vom TMG eine HTTP Verbindung mit einer HTTP Ressource im internen Netzwerk aufzubauen? Oder soll die HTTP Verbindung vom TMG auch durch das Webchaining gehen?
    Welche Fehlermeldung komtm am TMG? Ist der TMG als sein eigener Webproxy im Browser konfiguriert?
    Was sagt denn NETSH WINHTTP SHOW PROXY?

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Montag, 23. Mai 2011 10:44
  • Question
    Anmelden
    0
    Anmelden

    Hello Christian,

    so fast, wow. Ok if i set the webchaining rule to default Port 80 is working. This means that the Packets go's in the wrong direction?

    Can you give me an example for this rule?

    thx

    Michael

    Montag, 23. Mai 2011 10:50
  • Question
    Anmelden
    0
    Anmelden

    Hi Michael,

    create another webchaining rule that contains all internal ressources (Networkobject internal) and configure it for direct access. After that make sure that the new rule comes first in the order of webchaining rules.

    Greetings

    Christian

    Christian Groebner MVP Forefront
    • Als Antwort markiert ROSKH Montag, 23. Mai 2011 11:00
    Montag, 23. Mai 2011 10:56
  • Question
    Anmelden
    0
    Anmelden

    Hello Christian,

    thank you, it works

    nice week

     

    Michael

    Montag, 23. Mai 2011 11:00