Actually, "FIN ACK" is the end of a conversation. If you see "SYN" or "SYN ACK" being blocked, that's the start. Try disabling "Enable filtering of IP fragments" in IP Packet Filtering properties. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/authors/harrison/ Read the books! ----- Original Message ----- From: Stefano Peduzzi To: [ISAserver.org Discussion List] Sent: Monday, July 01, 2002 6:46 AM Subject: [isalist] Problem Connecting to https web site http://www.ISAserver.org Hi, When I try to connect to www.sella.it (an https web site) I can't: the web browser doesn't show anything until i get 10060 message from isa. I checked the Log and I found this lines: 2002-06-25 14:19:48 192.168.1.2 212.210.166.90 Tcp 24476 443 FIN ACK BLOCKED 192.168.1.2 2002-06-25 14:51:38 192.168.1.2 212.210.166.90 Tcp 24649 443 FIN ACK BLOCKED 192.168.1.2 2002-06-25 14:53:06 192.168.1.2 212.210.166.90 Tcp 24649 443 FIN ACK BLOCKED 192.168.1.2 192.168.1.2 is the external interface of Isa Server. Note that I don't have any problem with other https web sites. Also lines like this ones sometimes generate a ISA SCAN ATTACK event... in fact now I ignore this type of event (usually coming from a pop3 server). Any idea on the problem?? Why this packages are blocked (high ports shouldn't be blocked!)? FIN ACK is the package sent to establish the connection, ain't it? Stefano Peduzzi ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')