[isalist] Re: SSL Sites
- From: "Andy Haigh" <ahaigh@xxxxxxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Sat, 22 Jul 2006 18:38:21 +1000
http://www.ISAserver.org
-------------------------------------------------------
The setting for connection limit was 160 but I had suspected this to the
problem so I created a custome limit of 1000 for my IP address but still
had the same problems.
I will update the global limit to 200 and see what happens. I will also
test it with no connection limits and report back.
Thanks
Andy
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Friday, 21 July 2006 11:34 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL Sites
http://www.ISAserver.org
-------------------------------------------------------
This is a good reference for anyone lerning to use the logs:
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/logging-best-
practices.mspx
FWLog:
ISA 12/07/2006 10:12:11 TCP 10.10.10.100:1062
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:15 TCP 10.10.10.100:1062
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:21 TCP 10.10.10.100:1062
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:11 TCP 10.10.10.100:1063
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:15 TCP 10.10.10.100:1063
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:21 TCP 10.10.10.100:1063
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:33 TCP 10.10.10.100:1096
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:36 TCP 10.10.10.100:1096
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:42 TCP 10.10.10.100:1096
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:33 TCP 10.10.10.100:1097
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:36 TCP 10.10.10.100:1097
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:42 TCP 10.10.10.100:1097
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:33 TCP 10.10.10.100:1098
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:36 TCP 10.10.10.100:1098
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:42 TCP 10.10.10.100:1098
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:33 TCP 10.10.10.100:1099
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:36 TCP 10.10.10.100:1099
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
ISA 12/07/2006 10:12:42 TCP 10.10.10.100:1099
10.10.10.10:8080 10.10.10.100 Internal Local Host
Denied 0x80074e23 - Unidentified IP Traffic 0 0
0 0 - - - - 0 0
In the WP log, you have a very few authentication failures (12209); but
more importantly, the FW log shows a clear case of connection limits to
the web proxy listener. I hit the same problem with some online
courses.
Up the connection limits to 200 and see if that helps.
Jim Harrison
jim@xxxxxxxxxxxx
www.isatools.org
Sent using Vista Beta 2 and Office 12 Beta 2 (aincha jealous?)
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Andy Haigh
Sent: Friday, July 21, 2006 2:39 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL Sites
Please see attached, this is the whole process of going to the banking
site and then it finally just times out.
The ip address of the banking site are 203.57.240.103 and 203.57.241.103
IE is configured with the details of the isa server in the Proxy
settings on each machine and uses port 8080 for everything.
Any help would be appreciated.
Thanks
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Thursday, 20 July 2006 11:56 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL Sites
http://www.ISAserver.org
-------------------------------------------------------
We need to see the log entries related to the failed connections.
Not the interpretations or summaries; the log entries themselves.
Please limit the log query to only the host that you tested with.
Jim Harrison
jim@xxxxxxxxxxxx
www.isatools.org
Sent using Vista Beta 2 and Office 12 Beta 2 (aincha jealous?)
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Andy Haigh
Sent: Wednesday, July 19, 2006 7:34 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL Sites
http://www.ISAserver.org
-------------------------------------------------------
The site is the online banking site at http://www.national.com.au which
takes you to https://ib.national.com.au but unless you have an account
with the National that's as far as you will get.
I have the log files from which I have replaced the internal information
and would be happy to post them or email direct if that would help.
Thanks
Andy
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Thursday, 20 July 2006 10:30 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: SSL Sites
http://www.ISAserver.org
-------------------------------------------------------
You knowing what they are doesn't help anyone here figure out what the
problem is.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andy Haigh
> Sent: Wednesday, July 19, 2006 6:00 PM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: SSL Sites
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I know what that is, I have just captured log info for just accessing
> that SSL banking site. What I am not sure of is what I am looking for
> in the log file itself!
>
> Thanks
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Thursday, 20 July 2006 3:46 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: SSL Sites
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> URLs to the problematic sites?
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Andy Haigh
> > Sent: Wednesday, July 19, 2006 3:24 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: SSL Sites
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Ok I have some log file details of the process but I am not really
> > sure what I am looking for??
> >
> > Should I be looking at both info from the FWC and WEB logs
> or just one
>
> > of them?
> >
> > Thanks
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Jim Harrison
> > Sent: Tuesday, 11 July 2006 11:38 PM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: SSL Sites
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > What you'll have to do is examine the ISA logs for that same time
> > frame and originating from the test client.
> > The ISA logs should be very informative, but since you
> can't discern
> > the links from the pages, you have to do a bit of sleuthing of your
> > own.
> > Once you determine what requests to that bank are failing, we can
> > determine what action to take (if any).
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Andy Haigh
> > Sent: Tuesday, July 11, 2006 05:12
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: SSL Sites
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > There are some "javascript()" links and some are just pictures.
> >
> > It's odd though it works fine for a few pages then goes
> wrong. There
> > is the "Error on page" message at the bottom left of the
> page as well
> > or the exclamation mark on the yellow traffic sign. Once this has
> > happened it becomes really slow and then times out.
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Jim Harrison
> > Sent: Tuesday, 4 July 2006 12:09 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] Re: SSL Sites
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> > Do this:
> > 1. hover over the broken links - what is the URL shown in
> the status
> > bar?
> > 2. if it's not a "javascript()" link, use that information to scan
> > your ISA log for rejections or connection problems.
> >
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx]
> > On Behalf Of Andy Haigh
> > Sent: Monday, July 03, 2006 00:58
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] SSL Sites
> >
> > Hi All,
> > I am having a hugh number of problems with https banking
> sites through
>
> > ISA 2004.
> >
> > The server is W2K3 SP1 Standard with ISA 2004 SP2 Standard, all
> > patches installed via Microsoft Update.
> >
> > Everything works fine to the internet when just browsing
> normal http
> > sites but as soon as I go to any sites that require https
> access I get
>
> > problems. Parts of the site (pictures, icons) don't get
> downloaded and
>
> > just have the red x where they should be, pages timeout, displayed
> > with wrong font, page is displayed but with the error icon at the
> > bottom left of IE.
> >
> > If I plug into the otherside of the firewall everything works fine.
> >
> > Anyone have any suggestions.
> >
> > Thanks
> >
> > Andy
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
