Negotiation of the client certificate through the web proxy service is irrelevant. Port 443 is the standard port for SSL, but it doesn't depend on the Web Proxy service, nor does it mean that they're actually using it for SSL communications. SecureNAT and Firewall clients can also use port 443 if an appropriate protocol rule is in place. You haven't described the actual problem that causes your bank to define your ISA setup. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: Alex Decarli To: [ISAserver.org Discussion List] Sent: Thursday, November 07, 2002 10:07 AM Subject: [isalist] RES: Re: RES: Re: Channel WebProxy http://www.ISAserver.org I agree about array. But 443 port is used by WEBBased clients, am I right ? So, HTTP redirector aftect they. My doubt is the negotiation of client certificate (in this particular case) is made throught webproxy service. If I set the firewall client, can I to do a directly negotiation with the server bank ? -----Mensagem original----- De: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Enviada em: quinta-feira, 7 de novembro de 2002 15:53 Para: [ISAserver.org Discussion List] Assunto: [isalist] Re: RES: Re: Channel WebProxy http://www.ISAserver.org The solution is only useful if you have more than one server in the ISA Array. How many servers are you using? The application filter they vaguely refer to is the HTTP redirector and the setting will only apply to SecureNAT and Firewall clients. As long as the remainder of your LAT hosts are Web Proxy clients, this setting will not affect them. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: Alex Decarli To: [ISAserver.org Discussion List] Sent: Thursday, November 07, 2002 7:40 AM Subject: [isalist] RES: Re: Channel WebProxy http://www.ISAserver.org Web log show-me connection allowed on 443 port. there's no log entries with deny. A relevant data is it's negociate a certificate with the Bank Server. -----Mensagem original----- De: Jim Harrison [mailto:jim@xxxxxxxxxxxx] Enviada em: quinta-feira, 7 de novembro de 2002 13:39 Para: [ISAserver.org Discussion List] Assunto: [isalist] Re: Channel WebProxy http://www.ISAserver.org Take a look in the web logs; it'll tell you if the SSL connection is using a port other than 443. If so then you'll need to add another SSL tunnel port range for the ISA. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the help / books / articles! ----- Original Message ----- From: Alex Decarli To: [ISAserver.org Discussion List] Sent: Monday, November 04, 2002 10:43 AM Subject: [isalist] Channel WebProxy http://www.ISAserver.org Hi folks, I've a exclusive client that need to run a specific aplication of a Brazilian Bank that does not allow a channel with the ISA WebProxy Service. The solution that the Bank gave-me was: Send to requested Web Server in aplication filter to the access work properlly and install the firewall client. But , if I do it, all network clients will complain of Internet performance. Because the web cache not will be make. I need only allow the this specified client run internet SSL page and this Socket application software without WebProxy Channel. How can I to do this ? Alex Decarli ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alex@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: alex@xxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub') ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')