locked
Accesing Web Server with Custom Port through UAG Direct Access RRS feed

  • Question

  • Hi All,

     

    We got directaccess working at the moment and we are having issue accessing an intranet website through a default port.

     

    For example when we try to access htttp://server:8080 the webpage does not load. Do we need to configure anything on the TMG firewall to get this working?

    Tuesday, October 11, 2011 1:27 AM

Answers

  • Hi Mr. Pham,

    the portnumber should be fully transparent to DA, since DA operates on the IP-Layer (layer3), only. In addition you wouldn't need to create additional TMG rules for this web site. It should be allow by default...

    In 9/10 times the problems with "website couldn't load" are releated to DNS name resolution. What happens if you ping the SERVERNAME on the DA client?

    Another problem what may cause this issues are web page that use native IPv4 / NetBIOS / WINS addressing for content retrival. Can you verify that your page does only use plain DNS resolution?

    -Kai

     

     


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Marked as answer by Mr. Pham Thursday, October 13, 2011 12:37 AM
    Tuesday, October 11, 2011 8:01 AM

All replies

  • Hi Mr. Pham,

    the portnumber should be fully transparent to DA, since DA operates on the IP-Layer (layer3), only. In addition you wouldn't need to create additional TMG rules for this web site. It should be allow by default...

    In 9/10 times the problems with "website couldn't load" are releated to DNS name resolution. What happens if you ping the SERVERNAME on the DA client?

    Another problem what may cause this issues are web page that use native IPv4 / NetBIOS / WINS addressing for content retrival. Can you verify that your page does only use plain DNS resolution?

    -Kai

     

     


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    • Marked as answer by Mr. Pham Thursday, October 13, 2011 12:37 AM
    Tuesday, October 11, 2011 8:01 AM
  • Hi Kai,

    Thankyou for your reply.

    We can access the webpage via the normal name http://server but it does not work with http://server:8080

    Needless to say the DNS resolution is working however I am not exactly sure why it does not work on if we append the server with the port number.

    Would you be able to show me how I can test to see if my webpage use native IPv4/NETBIOD/WINS address for content retrieval? Or how I can verify that my webpage only use plain DNS?

     

    Many Thanks in Advance

    Tuesday, October 11, 2011 8:21 AM
  • Hi Mr. Pham,

    the best advise i can give you in this case, is to use a non-Microsoft browser and use fiddler2 to see the plain HTTP protocol message exchange. The reason for the non-Microsoft browser is because DA will bypass the proxy settings for DA releated traffic and those settings are required by fiddler2 to get the man-in-the-middle.

    Once you're able to dump the traffic, you should be able to identify the blocked / timed out requests and some extended error informations.

    -Kai

     


    This posting is provided "AS IS" whithout any warranties. Kai Wilke | ITaCS GmbH | GERMANY, Berlin | www.itacs.de
    Tuesday, October 11, 2011 10:43 AM
  • Hi Kai,

    We manage to fix the issue by asigning another port instead of port 8080. Not sure why it doesn't work on this port...

     

    Thanks for your help!

    Thursday, October 13, 2011 12:37 AM