Manual routes on TMG would have fixed that. From my mangophone -----Original Message----- From: Ruba Al-Omari, Eng. Sent: 1/10/2012 1:16 To: 'Jim Harrison'; isalist@xxxxxxxxxxxxx Subject: RE: [isalist] Re: https wireless traffic blocked through TMG fortheiPhone, It didn’t work, although logically it should, could be because of being on different subnets, the traffic could travel to the gateway on the other subnet but couldn’t come back from TMG to the client, Thanks, Ruba From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, January 03, 2012 5:53 PM To: Ruba Al-Omari, Eng.; isalist@xxxxxxxxxxxxx Subject: RE: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, You couldn’t simply configure the “core” to route all traffic through TMG original internal interface? That would have been a less complicated solution. From: Ruba Al-Omari, Eng. [mailto:romari@xxxxxxxxxx] Sent: Tuesday, January 03, 2012 01:18 To: isalist@xxxxxxxxxxxxx; Jim Harrison Subject: RE: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Hi Jim, Thanks for all your help offline, the problem is solved, I am posting the solution here for anyone else who faces the same problem: all worked perfectly, had to install a physical interface on the TMG and assign an ip from the wireless vlan to it, then configure the core to have all wireless vlan traffic gateway to be the new physical interface, this was the only way to get non-windows non-http traffic to pass, thanks again, ruba From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 11:47 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Ruba, That log entry by itself is typical of a broken conversation between the client and TMG. Rob knows all about this now <VBG>. You'll want to observe the entire log sequence between the client and TMG for the failing case. You may need to gather some netcaps at the client, TMG and the destination (if possible). If you don't feel comfy analyzing those, I'm happy to help (Rob knows this, too <VBG>) From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 09:04 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, sorry :( its 11 PM here and was replying from the convenient of my bed, I am quoting the reply from the desktop now, hope it appears: "You are absolutely right :) after i arrived in the office in the morning, i checked the rule again and it appeared its not set to all users, so i changed it back to all users, and the prompt stopped but the problem stayed, with the gmail on the mac os, it keeps saying "checking for email" and the error shown below, this error is from one of ios 5.0.1 ips at the time of the error, now how do i go about it?" thanks for your help, From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 11:28 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, Your iPood is messing things up. Pls respond from another client? From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Sunday, December 25, 2011 09:04 To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: https wireless traffic blocked through TMG forthe iPhone, That won’t cause authentication prompts. What you need to do is get the IP address from one of the failing clients and filter the logs from that client IP. Since the listener is not configured to require authentication, your clients must be hitting an authenticated rule or they’re lying about the response they get from TMG. [The entire original message is not included.]