Create a new Access Rule Access rule name: 2X Traffic over port 80 Action to take when rule conditions are met: Allow This rule applies to: Selected Protocols Click ‘Add...’ Select All Protocols > HTTP [ADD] Select HTTP Protocol and click ‘Edit...’ Description (optional): 2X Traffic over HTTP In the Application Filters list [a list of application filters that can be applied to the protocol definition] MAKE SURE THAT NONE IS SELECTED By Default Web Proxy Filter is enabled - UNCHECK THIS OPTION This rule applies to traffic from these sources: Add Network Entities where 2X Clients are located This rule applies to traffic sent to these destinations: Add Network Entities where 2X Client Gateway is located Choose the users if you want to limit access to specific users sets. Finish. To save changes and update the configuration, click Apply. Clients will be able to connect over port 80 through MS ISA 2004.
...then you better uninstall ISA, you disable one of the core components of ISA. (Application Filter)
This is the only solution to pass non HTTP traffic over port 80 using ISA. If Web Proxy Filtering is enabled, ISA will expect HTTP traffic only. 2X Traffic is not HTTP traffic. If you want to enable Application Filtering, you may tunnel 2X Traffic over SSL. Please use build 159 (beta version) http://downloads.2x.com/AppServer-LoadBalancer/betaversion/2XAppServer-LoadBalancer-Client.msi
What could be the solution then? Hello guys I read Cedric's work around for access 2x application server through ISA 2004 (we are using ISA 2006) Out of curiosity I flexed as Cedric has mentioned about HTTP web proxy filter and I was able to access the 2x application server located in Jordan from Kuwait. Then the second post said, if we disable the web proxy filter with HTTP, it is better not to have ISA. Guys, Connecting to 2x Application server through ISA on port 80 is my immediate requirement and I am already running out of options. Could one of you please explain me the potential threats I would invite by disabling the HTTP web proxy filter? regards,
This is only an outbound access rule Cedric is explaining how to give access to 2X application server to clients that are behind an ISA server. This is not about publishing a 2X server using ISA, so filtering has no meaning in here, as well proxy filter is not enabled by default to any access rules in ISA.
Re: Hi! I would like to disable mine nut i'm having a hard time..Any suggestions? Hope you'll post some guides soon..Thanks! Regards, althearim Pret voiture
Re: What could be the solution then? Its a very bad idea to disable the web proxy filter. This means your ISA would basically be nothing more than a aport filter for that traffic. Hence your ISA would not inspect any malicious attacks comming down the HTTP channel of which there are far too many. In SSL/TLS mode, again you should make sure that the ISA is configured as a reverse proxy...i.e. the SSL certificate in installed on the ISA, the connection is de-crypted by the ISA< inspected by the ISA and than sent to the 2X server. However i think because 2X does not actually use the HTTP Protocol correctly, this wil not work either. I could be wrong but if you have to simply let SSL/TLS traffic straight through into your environment without the ISA inspecting it, than it is a very poor application open to abuse. The whole point of the ISA is to inspect the traffic, not to act as a port filter... if you want a port filter you can get a US$20 router to do that for you.