0

I have installed Forefront 2010 and added a rule to allow ALL Outbound traffic of any type to the external network as a test. It works OK for http traffic but blocks everything https. Can anyone help me understand why this is? There is no specific rule to block https apart from the default Deny that blocks any traffic not specifically allowed.

Click for image of rules setup

For Google this is the log that is recorded:

Status: 12202 Forefront TGM denied the specified Uniform Resource Locator

Image of log for blocked Google access

RichGK
  • 101
  • 1
  • 1
    This rule set should *not* block HTTPS. Have a look at the logs, they will show you what is being blocked and why. – Massimo Jul 25 '16 at 21:40
  • I've updated the question to show the log result where attempting to access Google gets blocked – RichGK Jul 26 '16 at 20:05
  • I've just discovered that this is by design and I need to read up on redirecting https traffic requests by the server to overcome https requests getting blocked. – RichGK Jul 26 '16 at 20:27
  • I see a "Protocol: https-inspect" there. Did you by chance turn on HTTPS inspection on TMG? You really should avoid it; it's a pain to get it to work correctly, lots of applications just don't like it at all, and it also might conflict with several laws, depending on your jurisdiction and on how much you make your users aware of it. – Massimo Jul 26 '16 at 22:05

0 Answers0