I have trouble with My Firewall (TMG) when I need to access any link such as a website (https://securem78.sgcpanel.com:2096)
also Link for my Oracle Programm www.contoso.com:9522
Whatever any Link with Specific port No can access Tmg Deny It
so kindly I need to solve this problem
We did enable TLS 1.2 on the TMG and everything is working fine. TMG services 1.2 without problem and for compatibility with older products it can talk 1.0, 1.1, 1.2.
But now SQL Logging is broken.
The strange thing is, when we click "Test" it works perfect and we see a connection made to the SQL Server. But logging stays on disconnected.
We tried so many things but finally we found out that TMG is not even try to connect the SQL Servers at all. It looks like TMG does not initialialize connections, with network monitor no traffic is seen at all.
Future of Forefron TMG - only Support and service packs ?
Will be full compatibility with Windows 2012 Server ?
And what native support of IPv6 ?
TIA
Miroslav
Rajakumar
We have internal site on IIS published to public world thru TMG. TMG works as a reverse proxy in this situation.
We are thinking about moving reverse-proxy functionality for this page to WAP on new server 2016.
How to achieve moving reverse-proxy functionality from TMG to WAP (TMG will still stay as firewall role).
Please advise.
with best regards
bostjanc
Hi, I hope someone can help me. I need one of two hotfixes for ISA Server 2004 SE English x86.
Either
v4.0.2167.910
KB970454 Description of the ISA Server 2004 hotfix package: June 2, 2009
Or
v4.0.2167.911
KB976289 FIX: Connections to a Web site that was published by ISA Server 2004 may fail and you receive a connection time-out error
I drew the short straw and have been transported back to when ISA 2004 was the new thing! I have been tasked to bring this ancient system up to date (Server, SQL, Exchange 2016).
The problem is that ISA isn't being used in the normal. Custom development hastaken place and this needs to be investigated. I've cloned the machine onto a development machine but ISA won't load unless I limit the processor cores to 4 but then debugging is
too slow.
PLEASE HELP!!!
Hello,
i have an ISA Server 2006 so as to protect my internal network.Inside my network i have a WEB server which responds to http protocol until today.Now, this server replays at https protocol. My question is how i will create an array on ISA Server 2006 so as to permit pass protocol https (port 443).In present situation i have create an array that web server replays at http protol (port 80).In specific properties (Listener) i could not enable https protocol.Additionally,when i try to enable https protocol on Listener, then the ISA ask me for SSL.
If possible to send me a procedure so as to find a solution in my problem?
PGavriil
Hi,
At this moment we have one vlan in our company and our TMG server has two cards, one NIC with iternal adress 10.0.x.200 and an external NIC with adress 94.xxx.2.21. The default gateway for the clients is the TMG sever 10.0.x.200 Now we want to
set multiple vlans that will be routed with our L3 switch. So the config for the switch is:
VLAN 99
Network 10.0.99.0 -> Default gateway 10.0.99.1
VLAN 13
Network 10.0.13.0 -> Default Gateway 10.0.13.1
But if the clients ask for internet it doesn't work, how I need to config the TMG server so all the traffic will be routed to the server?
Thanks in advance.
hi,
our TMG has two network cards: for External network - 193.219.57.20, internal - 10.0.30.49.
I can't access internal web server (10.0.30.50) through TMG server. I get errorr SPOOFING_PACKET_DROPPED (Status:A packet was dropped because Forefront TMG determined that the source IP address is spoofed).
As I read "The only reasons packets are denied as spoof are that either the ISA Server does not have the source IP in its address range for that network or if ISA does not have a route to it."
Our route table is:
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 193.219.57.16 193.219.57.20 266
10.0.0.0 255.255.255.0 10.0.30.1 10.0.30.49 138
10.0.30.0 255.255.255.0
On-link 10.0.30.49 266
10.0.30.49 255.255.255.255 On-link 10.0.30.49 266
10.0.30.255 255.255.255.255 On-link 10.0.30.49 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1
255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.12.0
255.255.254.0 10.0.30.1 10.0.30.49 138
193.219.57.12 255.255.255.128 On-link 193.219.57.20 266
193.219.57.20 255.255.255.255 On-link 193.219.57.20 266
193.219.57.255 255.255.255.255 On-link 193.219.57.20 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 193.219.57.20 266
224.0.0.0 240.0.0.0 On-link 10.0.30.49 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 193.219.57.20 266
255.255.255.255 255.255.255.255 On-link 10.0.30.49 266
===========================================================================
how can I check if ISA Server does not have the source IP in its address range ?
how to solve this?
thanks
aurimas
Hi there,
I am running into a small problem which is stopping me to complete my project.
First of all let me discibe my scenario,
I am trying to connect My IP Soft Phone (SIP Based) to one of my IP-VPN branch Avaya IP Office PBX.
I am on behind ISA 2006 Firewall (Internal 192.168.0.99 External : 172.XX.XX.242) with Cisco Router (172.XX.XX.241), i have created access rule as follows
1. (IN):Original Client IP192.168.22.115Server NameSECURETransportUDPBidirectionalNoGMT Log Time2/29/2012 11:51Source Port5060Result Code0x80070008 ERROR_NOT_ENOUGH_MEMORYLog Time2/29/2012 14:51Destination IP192.168.0.14Client IP192.168.22.115Destination Port63604ProtocolOUTActionDenied ConnectionRuleSource NetworkExternalDestination Network
Internal
Any Help weill be highly appreacted.
dare to dream
Life means More...
Has anyone tried successfully installing Forefront TMG 2010 on Windows Server 2012?
I tried but failed, it complained about unable to add roles and features.
Valuable skills are not learned, learned skills aren't valuable.
Hi guys.
Don't know how alive is TMG forum still but hoping for the best.
Scenario
SITE A - TMG
SITE B - TMG
ADDING SITE C in progress
A working site to site vpn is curently established between SITE A and SITE B between TMG servers.
There will be a new SITE C which will not have a TMG but some other hardware firewall (I believe Juniper + Mikrotik Router).
Basically SITE C will be a replacement for SITE B in long term, and the network team in SITE C wants to prepare (and test) everything before moving all the devices from SITE B to SITE C, and afterwards decomissing SITE B.
So the idea is that:
- Site2SiteVPN between SITE A (TMG) and SITE B (TMG) remains,
- we are adding new Site2SiteVPN between SITE A (TMG) and SITE C (other fw hw)
SITE C will have the same internal subnets as SITE B.
- How to achieve routing traffic on TMG on SITE A which will have to deal with same networks on SITE B and SITE C?
- How to achieve routing traffic on SITE B, SITE C to SITE A while SITE B and SITE C are using same internal subnets?
Any tutorials on that subject?
with best regards
bostjanc
SYED WASIL UDDIN, IT Specialist Directory, Messaging & Collaboration / Agha Khan University & Hospital
Hi folks,
Our TMG 2010 (SP2) installation is configured using default settings for Firewall & Web Proxy Logging. However, we are seeing the Log Status as being 'disconnected'. We are logging to the default folder which just appears to contain .llq files. Could someone please point me in the right direction to begin troubleshooting this issue as we are hoping to move this installation on to our live network as soon as possible?
Many thanks,
JP
Hi,
I recently installed bitdefender in our company. but I can't add any client to it. Just my TMG 2010 server is detected in their cloud system. I checked all their destination addresses and allowed it in firewall rules. but I don't understand below request
that is being denied. The client ip is 192.168.0.37 and TMG ip is 192.168.0.4
Denied Connection ISA 5/2/2019 3:13:24 PM
Log type: Web Proxy (Forward)
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: Internal (192.168.0.36:65296)
Destination: External (192.168.0.4:443)
Request: elb-ore-amz.nimbus.bitdefender.net:443
Filter information: Req ID: 06f0ab2d; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: SSL-tunnel
User: T****N\MODELING-PC3$
Additional information
Client agent: BDNC v2.3.2.49923 Mar 4 2019 22:28:05 windows_amd64
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x0
Processing time: 0 MIME type:
I need to reconfigure the ports that are used for Skype for Business so as to avoid using port 443 which I need for another program. I recently learned that the lastest build of regular Skype no longer allows users to reconfigure ports!
What I was wondering is if the latest build of Skype for Business uses port 443 and if so, if I can reconfigure it to move to an alternative port than 443 so I can use it for my other program.
Here is the info I have on skype and how it is curerntly impossible to reconfigure it, for win 10 PC
https://support.skype.com/en/faq/FA148/which-ports-need-to-be-open-to-use-skype-on-desktop?q=port+requirements+for+skype
https://answers.microsoft.com/en-us/skype/forum/all/change-the-connection-port-of-skype-desktop-8/ccd1f72f-5fb3-4524-9504-53d58acad822
Is skype for busiesss the same or does it have more flexibiity?
Also - can I subscribe to Skype for business and talk to other people who are using regular skype? I don't care if in doing that I lose some of the special features of skype for business - I just don't want to require everyone I talk to to have to purchase the business version. Any suggestions very welcome!
Dear sir
I need to know is Microsoft for front threat management gateway 2012 compatible with win server 2012 data center
Hi Everyone,
We have Atlassian Confluence installed on our internal LAN that uses websockets (listening on port 8091) for collaborative real time editing.
Our TMG 2010 Server is single NIC solution; I believe a multi-NIC solution is required to publish a websockets non-web server protocol publishing rule.
According to Atlassian when a user cannot connect to Confluence via a WebSocket, "we'll fall back to a XML HTTP Request (XHR), allowing them to edit pages successfully."
https://confluence.atlassian.com/conf610/administering-collaborative-editing-952623315.html
Does TMG 2010 need any further configuration given we already have a HTTP/HTTPS web publishing rule in place to permit XHR?
Is it possible to use the HTTP filter to change the header to "UPGRADE" for websockets ???
https://en.wikipedia.org/wiki/HTTP/1.1_Upgrade_header
Thanks.