Good morning,
I would like if someone can explain to me the traffic below
in which TMG denies exit as anonimous and then releases authenticated on port 80.
I've been researching and talking with several people, some linked to microsoft, and the explanation I got was that it is a normal feature of the product,
Below the sequence entering the site technet forum, he seeks wpad, then tries out the door 8080 as anonymous, and only after the traffic is released authenticated on port 80, you can see that it is the same page, and not apply the TMG NIS because I thought it was a scan of the malware inspection.
What was explained to me that this is a product feature, however still did not understand why.
Some logical explanation must have, not like this is a feature, some explanation must be logically
If anyone has more information tell me.
Allowed Connection
Log type: Web Proxy (Forward)
Status: 200 OK.
Source: Internal (192.168.0.126:50411)
Destination: 192.168.0.4:8080
Request: GET http://srv.registro.local/wpad.dat
Filter information: Req ID: 0d4a9c7e; Compression: client = No, server = No, compress rate = 0% decompress rate = 0%
Protocol: http
User: anonymous
Failed Connection Attempt
Log type: Web Proxy (Forward)
Status: 5 Access is denied.
Rule: Acesso_Internet
Source: Internal (192.168.0.126:50417)
Destination: External (192.168.0.4:8080)
Request: GET
http://technet.microsoft.com/Areas/Sto/Content/Scripts/modernizr2.js
Filter information: Req ID: 0d4a9c92; Compression: client = No, server = No, compress rate = 0% decompress rate = 0%
Protocol: http
User: anonymous
Allowed Connection
Log type: Web Proxy (Forward)
Status: 0 The operation completed successfully.
Rule: Acesso_Internet
Source: Internal (192.168.0.126:50415)
Destination: External (192.168.0.4:80)
Request: GET
http://technet.microsoft.com/Areas/Sto/Content/Scripts/modernizr2.js
Filter information: Req ID: 0d4a9c94; Compression: client = No, server = No, compress rate = 0% decompress rate = 0%
Protocol: http
User: Registry \ Luis