I need to create a protocol definition for HTTP which doesn't include the Web Proxy Filter to workaround a problem as specified in this blog:
"To allow the nonstandard HTTP traffic, you need to create two access rules:
- An access rule that uses the CustomHTTP protocol andallows traffic from <source>to the computer object representing the nonstandard HTTP server.
- An access rule that uses the predefined HTTP protocol anddenies traffic from <source> to the computer object representing the nonstandard HTTP server.
The new allow rule must come before your original rule that allows HTTP traffic from <source> to the External network in the ordered list of policy rules, and the new deny rule should be placed immediately after the new allow rule."
I created a new protocol, choosing TCP port 80 outbound and made sure not to add the HTTP Proxy Filter. I must be doing something wrong because the access rule that I created (similar to the Allow rule above) using the custom protocol is skipped over when the source client tries to access the destination URL specified in the rules. It goes right to the Deny rule (similar to the one mentioned above).
The difference is that the Deny rule (which has the Web Proxy Filter) shows up under the Web Access Policy, whereas the Allow rule (with no Web Proxy Filter) only shows under the Firewall Policy. I believe this is a clue that I didn't create the protocol correctly, but I can't see any other way to do it.
Thanks in advance for any help on this. By the way, the reason I need to do this is because the Windows 10 1511 Update will not sync with a WSUS that is behind TMG. It seemed to work for another person affected. See my post for that issue: