[isapros] Re: http updates with system policy
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Fri, 9 Mar 2007 15:44:10 -0400
Lumberjacks?
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx]
On Behalf Of Thor (Hammer of God)
Sent: Friday, March 09, 2007 1:50 PM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: http updates with system policy
Logs?
t
----- Original Message -----
From: Greg Mulholland <mailto:gmulholland@xxxxxxxxxxxx>
To: isapros@xxxxxxxxxxxxx
Sent: Friday, March 09, 2007 3:54 AM
Subject: [isapros] http updates with system policy
Im seeing something weird here hoping someone can help me out as
its getting late. Playing ISA 2006 with windows updates and antivirus
updates.
Essentially i know the system policy rule that should allow http
and http to the sites in the "system policy allowed sites" namely
windows updates. The problem is the https doesn't seem to work, http
works fine but im seeing errors in the windows update client and a
denied default rule in the monitoring windows.
Now interestingly enough https://www.nai.com is one i need as
well and if i add that site to the system policy allowed sites i
experience the same, nothing. And even more interesting if i choose to
put External object in the "to" destination everything works a treat.
Why isn't the https side of that system policy rule working for
the default sites in that object. If i try hit
https://www.windowsupdate.com i get denied default rule.
Of course i can make a specific rule allowing https from the
localhost to those destination but if i read the description of what
that system policy rule should be doing i shouldn't have too.
I have confirmed this behaviour on two separate 2006 servers.
Anyone got any ideas
Greg
Other related posts:
