Hi,
I try to replace an old proxy (allegroserv) server with an already installed TMG 2012 (latest update installed). We use a white list on the older proxy and allow only access to well-known sites.
1. I created an URL Set and added all our URLs to it.
2. I created a new "Web Access Policy": Allow everyone from internal to the created "URL set".
3. I change my proxy setting pointing to the TMG on the test PC.
We only use the Web Proxy, all other functions are disabled in TPG Web Access Policy.
Most websites could be opened as expected. When I
tried to open a "forbidden" website
"bing.com" was displayed (default browser search option on the test PC)
We don't have any (visual) entry that points to "bing.com" website in the URL set list and I found more and more websites that I could open (no one was white listed)
After further investigation I found a white listed website, which will be redirected to "akamai.com". For proper function "*.akamai.com" must be on the white list. Removing this site and "bing" is no more accessible, put it on the list and "bing" is back.
As I know "akamai" hosts a lot of websites and it looks like all of them are accessible if akamai is on the white list. I have found the reason why I can open "bing" but I don't know how to fix this. Open *.akamai.com gives access to many unknown website. Reducing the access to "a248.e.akamai.com" may block the access to "bing". But this server name may change and I don't know how many other websites are still accessible. In the mean time I found there must be more sites like akamai!
1. Did I something wrong?
2. Why is TMG give access to this sites (not on the whitelist) (Allegrosurf had no problem with that)?
3. Has anyone experience with white listing and may give some advice?
4. If TMG fails any other products for a proxy server?
thanks for any help