TMG denied the specified Uniform Resource Locator (URL) to the custom policy (Network Steve Forum)

TMG denied the specified Uniform Resource Locator (URL) to the custom policy

Hello and good day,

I have installed TMG 2010. I delete the Allow Internet to all web access policy and create a custom internet access policy HTTP, HTTPS and DNS protocol from Internal to custom URL Set to HR Active directory user group.

I tried to access the allow sites on HR computer and find the following errors under logs and reports

Denied Connection SQ-TMG-2K8 6/26/2013 9:31:44 AM Log type: Web Proxy (Forward) Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL). Rule: Default rule Source: Internal (192.168.165.10:59741) Destination: External (192.168.165.2:8080) Request: GET http://google.com/ Filter information: Req ID: 0ad4c3f5; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: http User: anonymous

Denied Connection SQ-TMG-2K8 6/26/2013 9:31:44 AM Log type: Web Proxy (Forward) Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL). Rule: Default rule Source: Internal (192.168.165.10:59742) Destination: External (192.168.165.2:443) Request: urs.microsoft.com:443 Filter information: Req ID: 0ad4c3f7; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: https-inspect User: anonymous

Denied Connection SQ-TMG-2K8 6/26/2013 9:31:44 AM Log type: Web Proxy (Forward) Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL). Rule: Default rule Source: Internal (192.168.165.10:59743) Destination: External (192.168.165.2:443) Request: urs.microsoft.com:443 Filter information: Req ID: 0ad4c3f9; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: https-inspect User: anonymous

Denied Connection SQ-TMG-2K8 6/26/2013 9:31:45 AM Log type: Web Proxy (Forward) Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL). Rule: Default rule Source: Internal (192.168.165.10:59745) Destination: External (192.168.165.2:443) Request: urs.microsoft.com:443 Filter information: Req ID: 0ad4c3fe; Compression: client=No, server=No, compress rate=0% decompress rate=0% Protocol: https-inspect User: anonymous

June 26th, 2013 9:41am

Hi,

if you want to force authentication for users in your Firewall policy rule for protocols other as HTTP/HTTPS - in your case DNS, the clients must be Firewall clients / TMG clients. Webproxy clients only support authentication for HTTP/HTTPS.
the DNS rule must be configured for ALL USERS

Free Windows Admin Tool Kit Click here and download it now

June 26th, 2013 10:21am

How do I permit different users with different access?

June 30th, 2013 8:10pm

This topic is archived. No further replies will be accepted.