[isalist] Re: Publishing server,

• From: "Ruba Al-Omari" <romari@xxxxxxxxx>
• To: isalist@xxxxxxxxxxxxx
• Date: Mon, 21 Apr 2008 13:10:25 +0300

I am using server publishing rule, I defined a protocole that has all the
three ports, and set teh server pubilshing rule then set an allow access
rule for the traffic to go out.

Is there another way I can do it so that users behind a firewall do not see
the non standard ports? the oracle portal it self needs these three ports
and do not allow teh authentication without these ports. did any body
publish an oracle portal other wise?


Thanks,
Ruba

 ------------------------------
*From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison [Jim@xxxxxxxxxxxx]
*Sent:* Monday, 21 April 2008 8:11 AM
*To:* ISA Mailing List
*Subject:* [isalist] Re: Publishing server,

  The solution Stefaan offered **will** solve the error you quoted as; "502
Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed".
For those environments where those users see this message as it's a 99.444%
guarantee that anyone seeing this error is behind an ISA Server.

There is no way to solve that error from the user's perspective other than
them contacting the firewall admins, either directly or via the helpdesk.



How have you published these sites; using web- or server-publishing?





*From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Ruba Al-Omari
*Sent:* Sunday, April 20, 2008 2:36 PM
*To:* isalist@xxxxxxxxxxxxx
*Subject:* [isalist] Re: Publishing server,



Thank you stefaan, but this solution suggests that I add these ports to my
SSL range which will not solve my problem, as this solution should be used
by the firewall administrators of the clients who are behined a firewall and
are using the portal system am publishing, but in real life this doesn't
happen, as not all clients know or can contact the firewall administrator
they fall behind to make such adjustements for the firewall SSL ports.



My question is why is it seeing the negotiation process that happens on teh
other 2 ports, although the inital port is 443, and is there a way to setup
my publishing rules to allow these clients who are behined a firewall to be
able to access the protal without having thier administrators change
anything?



Thanks,

Ruba


 ------------------------------

*From:* 
isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>[
isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>]
On Behalf Of Stefaan Pouseele
[stefaan.pouseele@xxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3astefaan.pouseele%40skynet.be>
]
*Sent:* Saturday, April 19, 2008 2:10 PM
*To:* 
isalist@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist%40freelists.org>
*Subject:* [isalist] Re: Publishing server,

Hi Ruba,



check out 
http://www.isaserver.org/articles/2004tunnelportrange.html<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=https%3a%2f%2fwebmail.dah.edu.sa%2fOWA%2fredir.aspx%3fC%3dcf42bca3df614bb2becd2d9d780ec303%26URL%3dhttp%253a%252f%252fwww.isaserver.org%252farticles%252f2004tunnelportrange.html>.




HTH,

Stefaan



*From:* 
isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>[mailto:
isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>]
*On Behalf Of *Ruba Al-Omari
*Sent:* zaterdag 19 april 2008 12:54
*To:* 
isalist@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist%40freelists.org>
*Subject:* [isalist] Publishing server,



Ok thanks for letting me know this list is alive, now I need you to help me,
I published this server oracle portal, it consists of 2 parts, one is called
mtier and one is infra, the mtier has 2 servers webcache port 6789 and http
server 443(apache) and the infra has one http server 8541(apache), all over
https, the main login page is 443, now the users on DSL and dial up are
working fine and can get into portal and access their data.



users behind a firewall gets the error : Error Code: 502 Proxy Error. The
specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not
configured to allow SSL requests from this port. Most Web browsers use port
443 for SSL requests. (12204)

even though the first page is on port 443 it calculates another link that
involves negotiation with teh webcache and the infra over the other ports
and the user gets this error

How can I work around this?

bridging will not do me any good I think, as I am using a server publishing
rule not webserver publishing rule.



Thanks for any help,

• Follow-Ups:
  • [isalist] Blocking Instant messenging for SecureNAT
    • From: Tom Rogers

Other related posts:

• » [isalist] Publishing server,
• » [isalist] Re: Publishing server,
• » [isalist] Re: Publishing server,
• » [isalist] Re: Publishing server,
• » [isalist] Re: Publishing server,
• » [isalist] Re: Publishing server,
• » [isalist] Re: Publishing server,

1. Home
2. isalist
3. Archive
4. 04-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---