none
TMG FIrewall rule for allowing access to website on other ports. RRS feed

  • Question

  • Hi,

    I have to allow for someone in our orginization to visit a website that is listening on another port due to some sort of site specific things they do.

    When I remove the port number from the IP I access the site fine however when I add the port 83 to the end of the IP I get a blocked page.

    I have added all sorts of rules and exceptions to allow for port 83 to have access outbound with no luck.

    Any idea how I need to do this. Currently our proxy runs on port 8080.

    Tuesday, September 13, 2011 4:11 AM

Answers

All replies

  • This is the error that I get from IE.

    Technical Information (for support personnel)

    • Error Code 10060: Connection timeout
    • Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.
    Tuesday, September 13, 2011 4:19 AM
  • Hi,

    you need to extend the default tunnel port range in tmg. The process is the same as in isa. You can find the relevant information here:

    http://technet.microsoft.com/en-us/library/cc302450.aspx

    Cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.
    Tuesday, September 13, 2011 6:49 AM
  • Hi,

    you need to extend the default tunnel port range in tmg. The process is the same as in isa. You can find the relevant information here:

    http://technet.microsoft.com/en-us/library/cc302450.aspx

    Cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.


    Well, if I understand the original question correctly no.

    The above article relates to SSL traffic where TMG is very strict.

    You need to create a protocol for TCP port 83 outbound and add it to your access rule alongside the plain http, ssl and whatever else you have.


    Hth, Anders Janson Enfo Zipper
    Tuesday, September 13, 2011 7:31 AM
  • By way of the 10060 error, I would guess that you have another firewall in-front of TMG that is blocking port 83 from TMG to the Internet...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 13, 2011 8:22 AM
    Moderator
  • Hi,

    yes, you are right. It is http-only, so defining a custom protocol on tcp port 83 an building a access rule would be enough. I didn´t see that it is only http not ssl.

    Sorry, cheers,

    Andreas


    Andreas Hecker - Blog: http://microsoft-iag.blogspot.com/ Please remember to use “Mark as Answer” or "vote as helpful" on the posts that help you.
    Tuesday, September 13, 2011 8:23 AM
  • By way of the 10060 error, I would guess that you have another firewall in-front of TMG that is blocking port 83 from TMG to the Internet...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


    Thanks this is what did it for me. I did have the custom rule created in TMG but still didnt have any luck. Kept on timing out. Your post made me realise that I perhaps dont have a rule allowing the TMG servers outside on that port.

     

    Wednesday, September 14, 2011 3:07 AM