Lumberjacks? From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thor (Hammer of God) Sent: Friday, March 09, 2007 1:50 PM To: isapros@xxxxxxxxxxxxx Subject: [isapros] Re: http updates with system policy Logs? t ----- Original Message ----- From: Greg Mulholland <mailto:gmulholland@xxxxxxxxxxxx> To: isapros@xxxxxxxxxxxxx Sent: Friday, March 09, 2007 3:54 AM Subject: [isapros] http updates with system policy Im seeing something weird here hoping someone can help me out as its getting late. Playing ISA 2006 with windows updates and antivirus updates. Essentially i know the system policy rule that should allow http and http to the sites in the "system policy allowed sites" namely windows updates. The problem is the https doesn't seem to work, http works fine but im seeing errors in the windows update client and a denied default rule in the monitoring windows. Now interestingly enough https://www.nai.com is one i need as well and if i add that site to the system policy allowed sites i experience the same, nothing. And even more interesting if i choose to put External object in the "to" destination everything works a treat. Why isn't the https side of that system policy rule working for the default sites in that object. If i try hit https://www.windowsupdate.com i get denied default rule. Of course i can make a specific rule allowing https from the localhost to those destination but if i read the description of what that system policy rule should be doing i shouldn't have too. I have confirmed this behaviour on two separate 2006 servers. Anyone got any ideas Greg