Re: https is not working

  • From: "Jim Harrison" <jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 14 May 2002 13:40:15 -0700

..luck-o-the-draw...

Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Steve Bostedor" <Steveb@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, May 14, 2002 1:16 PM
Subject: [isalist] Re: https is not working


http://www.ISAserver.org


Wow, that was a fast response!

-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, May 14, 2002 4:07 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Re: https is not working


http://www.ISAserver.org


SSL connections can't be content-limited because it's impossible for ISA to
determine what's being passed between the client and server.
Once the connection is made between them, it's encrypted and thus invisible
to ISA.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
Read the books!
----- Original Message -----
From: "Steve Bostedor" <Steveb@xxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, May 14, 2002 1:03 PM
Subject: [isalist] https is not working


http://www.ISAserver.org


This is weird.  For the longest time, this company has been using the ISA
server as a basic SNAT router.  It had full outside access to their entire
plant.  I am attempting to move everything to a per user basis.  I have
given GroupA access to all protocols at the firewall layer (for testing).  I
set up an application filter to allow only HTTP, HTTPS, Images, and text.
Regular web pages work just fine.  The moment that someone visits a HTTPS
site, though, the ISA server prompts them for authentication.
For the sake of troubleshooting, I selected the radio button that told the
application filter to allow all content groups.  After trying again on the
client computer, they where able to access the HTTPS site.  Curiously, I
went back to the ISA server and selected every individual content group (all
of the canned ones), then went back and tried again.  This time it failed.
If the radio button to allow all content groups works, but individually
selecting all of the content groups does not, what can be the missing piece
needed to allow SSL communication?  These SSL sites are just every day ones
like hotmail and con-way.com.  Does anyone have a clue?

Thanks!
Steve Bostedor


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')



------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
junk@xxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 05-2002