Just one TMG, one Ext NIC. Tom Rogers Systems Administrator Schneider Packaging Equipment ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. P Please consider the environment before printing this email. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, December 20, 2012 10:20 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Cannot access a particular website That's a reasonable assumption, but there have been many cases where the fault lies with the website, not the proxy. For instance, I've run across several sites that would reject a request if it saw the "proxy" header or if a request came from a "new" IP address for the same session (not allowed for authenticated sessions). How many TMG are you running; one or more than one (thinking CARP exception)? Are you using multiple external IPs? You may have to coordinate with the web site tech team to understand what's happening. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Thursday, December 20, 2012 06:42 To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: Cannot access a particular website I thought it was from the website, but webmaster never responded, and when I accessed it via our guest AP that bypasses TMG, I figured it was TMG Tom Rogers Systems Administrator Schneider Packaging Equipment ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. P Please consider the environment before printing this email. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, December 20, 2012 9:29 AM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: Cannot access a particular website My immediate reaction is that this error is coming from the Web site, not TMG. Do you have any 3rd-party plugins (such as WebSense or Chaperon) operating on your TMG? From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Tom Rogers Sent: Wednesday, December 19, 2012 08:06 To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Cannot access a particular website None of my clients going through TMG 2010 can access www.cnycentral.com<http://www.cnycentral.com>, but if we bypass the TMG 2010, we are able to access the site. There are no other sites giving us a problem (that I am aware of) In IE we get the following error: Access Denied You don't have permission to access "http://www.cnycentral.com/"; on this server. Reference #18.76341818.1355932796.1c0fea70 (This Reference # changes all the time) I have not been able to track down where it is failing. The TMG log, when accessing the site, returns the data below: Allowed Connection TMGSVR 12/19/2012 10:49:10 AM Log type: Web Proxy (Forward) Status: 403 Forbidden Rule: Limited Outbound Access for all other protocols Source: Internal (client.domain.net 192.168.1.30:63287) Destination: External (24.24.52.89:80) Request: GET http://www.cnycentral.com/ Filter information: Req ID: 0f5ce7ce; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: http User: DOMAIN\trogers [cid:image001.png@01CDDEA3.D299C220]Additional information <javascript:ToggleList('AddInfoNode')> ** Client agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)<javascript:ToggleList('AddInfoNode')> ** Object source: Internet (Source is the Internet. Object was added to the cache.)<javascript:ToggleList('AddInfoNode')> ** Cache info: 0x41000000 (Response includes the EXPIRES header. Response should not be cached.)<javascript:ToggleList('AddInfoNode')> ** Processing time: 16 MIME type: <javascript:ToggleList('AddInfoNode')> This has to be in our TMG config, but not sure where. URL filtering is disabled, HTTPS inspection is disabled, Web Caching is disabled, SafeSearch is disabled. Looks like 10% of physical RAM is used for caching using a DEFAULT CACHING rule. Any advice, TIA. Tom Rogers Systems Administrator Schneider Packaging Equipment [cid:image002.jpg@01CDDEA3.D299C220] [cid:image003.jpg@01CDDEA3.D299C220] PO Box 890 5370 Guy Young Road Brewerton, NY 13029 Tel: 315-676-3035 x108 - Fax: 315-676-2875 E-mail: trogers@xxxxxxxxxxxxxxxxxx<mailto:trogers@xxxxxxxxxxxxxxxxxx> Website: http://www.schneiderequip.com<http://http:/www.schneiderequip.com> Follow us online [cid:image004.gif@01CDDEA3.D299C220]<http://www.youtube.com/SchneiderPack> [cid:image005.gif@01CDDEA3.D299C220] <http://www.facebook.com/#!/SchneiderPackaging> [cid:image006.gif@01CDDEA3.D299C220] <http://www.linkedin.com/company/659261> ________________________________ This email and any files transmitted with it are confidential and intended solely for the use of the individual to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. P Please consider the environment before printing this email.