Not using any content filtering on the Firewall. We had tested it, but weren't overly impressed as compared to the product we already use.
So at this point we don't have a "Content Filter" rule at all. Not even using local. Bob -----Original Message----- From: Chris Green [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 18, 2005 9:54 AM To: [email protected] Subject: RE: [gb-users] OWA anomaly Have you tried disabling all content filtering for a user as a test? I don't have any Exchange 5.5 OWA boxes among my customers to test with or I'd try to reproduce for you. Chris Green -----Original Message----- From: Reasoner, Bob (PHES) [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 18, 2005 9:47 AM To: [email protected] Subject: RE: [gb-users] OWA anomaly I have tried to cut the GBWare out of the loop entirely and that does appear to be where the problem is occurring. We have a county link ingress/egress point so I declared a static route to go through their Internet connection and we can connect just fine through them. They have a different firewall and since we are part of the same agency we don't firewall their connection to us. Both connections pass through the same IPS system and switch though so I that this way I could cut out just the firewall. So even though I don't see an error occurring it does seem to be related to going from the Protected network out on the GBWare server. Bob -----Original Message----- From: Reasoner, Bob (PHES) Sent: Tuesday, October 18, 2005 9:29 AM To: [email protected] Subject: RE: [gb-users] OWA anomaly Thanks Gus, none of that helped, I even defaulted the pass through filters. I can see a "Close outbound, NAT" in my logs, but no errors related to that. I get one each time I attempt to connect. I cleaned up the public Ips to protect the innocent, but the log statement is here: Oct 18 09:14:02 pri=5 msg="Close outbound, NAT" proto=443/tcp src=10.2.210.1 srcport=2909 nat=XX.XX.XX.XX natport=2909 dst=XX.XX.XX.XX dstport=443 rule=3 duration=48 sent=253 rcvd=164 pkts_sent=5 pkts_rcvd=4 Anyone else have any thoughts? Bob -----Original Message----- From: Gus Zader [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 18, 2005 8:54 AM To: Reasoner, Bob (PHES) Subject: RE: [gb-users] OWA anomaly The problem still seems to be around there though. Only because you say you get a cert warning from one connection, but you never get that far with the other one. Are your pass through / NAT setups correct? One of my rules is: # Pass through from Protected to PSN Accept notice "PROTECTED" ALL coalesce(all) trafficShaping <DEFAULT> weight 5 from ANY_IP to ANY_IP In the pass through section. It helped prevent some issues where we couldn't maintain consistent. Let the list know what ends up helping. Gus -----Original Message----- From: Reasoner, Bob (PHES) [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 18, 2005 8:15 AM To: Gus Zader Subject: RE: [gb-users] OWA anomaly No. We hit SSL all over. As I indicated I defaulted the outbound filters to ensure that it wasn't related to filter issues. Bob -----Original Message----- From: Gus Zader [mailto:[EMAIL PROTECTED] Sent: Monday, October 17, 2005 3:23 PM To: Reasoner, Bob (PHES) Subject: RE: [gb-users] OWA anomaly Any chance you are blocking the SSL port? -----Original Message----- From: Reasoner, Bob (PHES) [mailto:[EMAIL PROTECTED] Sent: Monday, October 17, 2005 12:47 PM To: [email protected] Subject: [gb-users] OWA anomaly I'm looking for a little help here that maybe someone else has run into. Since upgrading to GBWare 3.70 we are having trouble getting to an external Outlook Web Access (Exchange 5.5) server. The odd part is that I can get to it from my DMZ, but not from my protected network. IE 6 just gives a "The page cannot be displayed" error. Firefox says "The remote server disconnected unexpectedly". I have reset the outbound filters to default to verify it wasn't an incorrectly formulated filter, but that didn't make a difference. Obviously, there are physical differences between the Protected network and the DMZ network (different switches and subnets), but nothing that I can identify that would make this occur. I have tried this with and without a proxy server on the protected network and either way I get the same response. I don't know that it is directly related to the GBWare 3.7 upgrade, but that is the time frame that this started (based on user reports). This particular OWA server is a Military site that some of our Reservists have to access to verify schedules etc. and that site is using a private SSL certificate. In the DMZ you get the warning about not having Installed the certificate then it loads fine, but in the private you never get the certificate warning. Anyone out there have any suggestions? ________________________________ Bob Reasoner Harris County Public Health & Environmental Services ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ __________ NOD32 1.1259 (20051018) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/ ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
