I am using server publishing rule, I defined a protocole that has all the three ports, and set teh server pubilshing rule then set an allow access rule for the traffic to go out. Is there another way I can do it so that users behind a firewall do not see the non standard ports? the oracle portal it self needs these three ports and do not allow teh authentication without these ports. did any body publish an oracle portal other wise? Thanks, Ruba ------------------------------ *From:* isalist-bounce@xxxxxxxxxxxxx [isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison [Jim@xxxxxxxxxxxx] *Sent:* Monday, 21 April 2008 8:11 AM *To:* ISA Mailing List *Subject:* [isalist] Re: Publishing server, The solution Stefaan offered **will** solve the error you quoted as; "502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed". For those environments where those users see this message as it's a 99.444% guarantee that anyone seeing this error is behind an ISA Server. There is no way to solve that error from the user's perspective other than them contacting the firewall admins, either directly or via the helpdesk. How have you published these sites; using web- or server-publishing? *From:* isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] *On Behalf Of *Ruba Al-Omari *Sent:* Sunday, April 20, 2008 2:36 PM *To:* isalist@xxxxxxxxxxxxx *Subject:* [isalist] Re: Publishing server, Thank you stefaan, but this solution suggests that I add these ports to my SSL range which will not solve my problem, as this solution should be used by the firewall administrators of the clients who are behined a firewall and are using the portal system am publishing, but in real life this doesn't happen, as not all clients know or can contact the firewall administrator they fall behind to make such adjustements for the firewall SSL ports. My question is why is it seeing the negotiation process that happens on teh other 2 ports, although the inital port is 443, and is there a way to setup my publishing rules to allow these clients who are behined a firewall to be able to access the protal without having thier administrators change anything? Thanks, Ruba ------------------------------ *From:* isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>[ isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>] On Behalf Of Stefaan Pouseele [stefaan.pouseele@xxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3astefaan.pouseele%40skynet.be> ] *Sent:* Saturday, April 19, 2008 2:10 PM *To:* isalist@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist%40freelists.org> *Subject:* [isalist] Re: Publishing server, Hi Ruba, check out http://www.isaserver.org/articles/2004tunnelportrange.html<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=https%3a%2f%2fwebmail.dah.edu.sa%2fOWA%2fredir.aspx%3fC%3dcf42bca3df614bb2becd2d9d780ec303%26URL%3dhttp%253a%252f%252fwww.isaserver.org%252farticles%252f2004tunnelportrange.html>. HTH, Stefaan *From:* isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>[mailto: isalist-bounce@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist-bounce%40freelists.org>] *On Behalf Of *Ruba Al-Omari *Sent:* zaterdag 19 april 2008 12:54 *To:* isalist@xxxxxxxxxxxxx<https://webmail.dah.edu.sa/OWA/redir.aspx?C=cf42bca3df614bb2becd2d9d780ec303&URL=mailto%3aisalist%40freelists.org> *Subject:* [isalist] Publishing server, Ok thanks for letting me know this list is alive, now I need you to help me, I published this server oracle portal, it consists of 2 parts, one is called mtier and one is infra, the mtier has 2 servers webcache port 6789 and http server 443(apache) and the infra has one http server 8541(apache), all over https, the main login page is 443, now the users on DSL and dial up are working fine and can get into portal and access their data. users behind a firewall gets the error : Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA Server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204) even though the first page is on port 443 it calculates another link that involves negotiation with teh webcache and the infra over the other ports and the user gets this error How can I work around this? bridging will not do me any good I think, as I am using a server publishing rule not webserver publishing rule. Thanks for any help,