I'm having trouble publishing a web server using HTTPS over port 4433. The rule is setup to listen for HTTPS on port 4433, and uses client certificate authentication with no delegation. We have the exact same rule/listener setup on our production tmg array, and it works just fine. I have copied the rule over to our dev TMG environment, and any traffic on port 4433 hits the default rule and gets blocked.
I have checked the production TMG array, and there is no custom protocol for HTTPS on port 4433. It's using a regular web publishing rule, and just has 4433 as the HTTPS port in the listener. The bindings are setup to redirect requests to 443 on the web server. When I monitor traffic coming in on that port on the production array, it doesn't show that it's hitting any rule at all, it just shows the following:
Log type: Firewall service
Status: The operation completed successfully.
Source: External (X.X.X.X:41556)
Destination: Local Host (X.X.X.X:4433)
Protocol: Unidentified IP Traffic (TCP:4433)
Additional information
Number of bytes sent: 0 Number of bytes received: 0
On the dev TMG server I have even tried to create a custom protocol (TCP inbound, port 4433), and allowed traffic from external to localhost on that protocol. When that rule active, it shows the same initiated connection logging, but never tries to do client cert. authentication. The browser will give a "this page can't be displayed" error.
What am I missing?