Why didn’t you just add the extra IP range to the original network card? S From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ruba Al-Omari, Eng. Sent: Tuesday, January 03, 2012 5:23 AM To: isalist@xxxxxxxxxxxxx; Jim@xxxxxxxxxxxx Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Hi Jim, Thanks for all your help offline, the problem is solved, I am posting the solution here for anyone else who faces the same problem: all worked perfectly, had to install a physical interface on the TMG and assign an ip from the wireless vlan to it, then configure the core to have all wireless vlan traffic gateway to be the new physical interface, this was the only way to get non-windows non-http traffic to pass, thanks again, ruba From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 11:47 PM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Ruba, That log entry by itself is typical of a broken conversation between the client and TMG. Rob knows all about this now <VBG>. You'll want to observe the entire log sequence between the client and TMG for the failing case. You may need to gather some netcaps at the client, TMG and the destination (if possible). If you don't feel comfy analyzing those, I'm happy to help (Rob knows this, too <VBG>) From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 09:04 To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, sorry :( its 11 PM here and was replying from the convenient of my bed, I am quoting the reply from the desktop now, hope it appears: "You are absolutely right :) after i arrived in the office in the morning, i checked the rule again and it appeared its not set to all users, so i changed it back to all users, and the prompt stopped but the problem stayed, with the gmail on the mac os, it keeps saying "checking for email" and the error shown below, this error is from one of ios 5.0.1 ips at the time of the error, now how do i go about it?" thanks for your help, From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 11:28 To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Your iPood is messing things up. Pls respond from another client? From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 09:04 To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, That won’t cause authentication prompts. What you need to do is get the IP address from one of the failing clients and filter the logs from that client IP. Since the listener is not configured to require authentication, your clients must be hitting an authenticated rule or they’re lying about the response they get from TMG. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Ruba Al-Omari, Eng. Sent: Saturday, December 24, 2011 22:52 To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, This is the error I receive in the logs when trying to check gmail from the iPhone through the wireless: it says HTTP Proxy denied connection: Denied Connection kkk-111 12/25/2011 9:49:53 AM Log type: Firewall service Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer. Rule: None - see Result Code Source: Internal (10.40.61.201:50030) From: Ruba Al-Omari, Eng. Sent: Sunday, December 25, 2011 9:50 AM To: 'isalist@xxxxxxxxxxxxx' Subject: RE: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, The problem is only with gmail traffic, exchange traffic is passing and web browsing is passing through, twitter is working as well, Its only for https traffic, Thanks, Ruba From: Ruba Al-Omari, Eng. Sent: Sunday, December 25, 2011 9:14 AM To: 'isalist@xxxxxxxxxxxxx' Subject: RE: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Looool I sent it in the morning from my iPad! I have TMG am just so used to saying ISA ☺ The Web proxy authentication options are Integrated, and Basic, it does not require all users to authenticate, the wireless rule allows all users, is this the right way to set it up? Thanks jim, any hint is greatly appreciated, [cid:image001.png@01CCCA46.F854CBD0] From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 8:30 AM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Yeh, that didn't work too well. From my mangophone ________________________________ From: Ruba Al-Omari, Eng. Sent: 12/24/2011 20:05 To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Cc: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, ��i��0������z�+�M���䁥�́Q5�褰���܁͡�ձ����͕����ѡ��ݕ���ɽ�䁱��ѕ��ȁѼ�ͽ�ٔ�ѡ�́�ɽ������$��ѥ�����������䁵��͕�́Ѽ��͔�ѡ��ݥɕ���́������Ё��役�����ͥ���ѡ�����ݽɬ�4(4)Q����̰4)IՉ�4)M��Ё�ɽ���䁥A����4(4)=����������İ��Ѐ���́4���)���!��ɥͽ����)���ͅѽ��̹�ɜ�Ѽ�)���ͅѽ��̹�ɜ����ɽє�4(4)]��Ё�́���%M ________________________________ ��ȁQ5���%Ё����[1]eЁ�����ѣ�[1]����4)%��ѡ���ձ���͕́ЁѼ�����܁�����͕�̰�ѡ���ѡ���ɽ������́ѡ�Ёѡ��]����ɽ�䁱��ѕ��ȁ�͕́ЁѼ��[1]qɕ�եɔ������͕�́Ѽ���ѡ��ѥ��ї�[1]t�4(4)ɽ�聥ͅ���е��չ���ɕ�����̹�ɜ�Ѽ�ͅ���е��չ���ɕ�����̹�ɜ��m����Ѽ�ͅ���е��չ���ɕ�����̹�ɝt�=�� ������=��IՉ����=��ɤ�����4)M����M���ɑ�䰁������Ȁ�а����Ā�����4)Q�聥ͅ�����ɕ�����̹�ɜ�Ѽ�ͅ�����ɕ�����̹�ɜ�4)MՉ�����m�ͅ����t�����́ݥɕ���́�Ʌ�������������ѡɽ՝��Q5���ȁѡ���A�����4(4)��ȁ����4(4)$���ٔ���ݥɕ���́���ݽɬ�������ѥ���ѡɽ՝��Q5�Ѽ���M0�����������ݥɕ���́������́�ɔ�ݽɭ�����ɽ��ɱ䰁ѡ���ɽ������́ݥѠ�ѡ���A��������A������͕�̰�ѡ������́�Ʌ������́�������������������������������ѡ��ѥ��ѥ���ݥ���܁����́�����ɥ���Ѽ�ѡ���͕�̸4(4)Q����ձ���Ёѡ��%M ________________________________ �ѡ�Ё���͕́ѡ���Ʌ������͕́ЁѼ�����܁�����Ʌ����������ѡ��=L��Ёѡ���A������A����̀Ը��İ4(4)Q����ɽ����������������䁅�����́ݡ����������́�������ɕ�����ѡ�����������ݥ���܁����́�������������ȁ����́��ѡ��ѥ��ѥ���4(4)�䁡�����́�ɕ�ѱ䁅��ɕ���ѕ��4(4)Q����̰4)IՉ�4( ��@��b��!��� 0~���+-�����܆+��jX���'����{ %z�^�m�����jǫ����j��w��W���ڲ�'����������j[!��� 0�Ƭz�ޮ������^�ۭ������H ________________________________ ����Z �m��ۖ�,�Ƭz�ޮ���X����r��,\�g�j+z)ߢ���*'i�.�����^�ȭz�m���� -y�`zx�r����칻�&+"�m�����jǫ����j��+�+-j�Qz�+����h�+-i٢�+���z�+