Https websites are used by many banks and other financial institutions to provide secure transmission of data. By default the only SSL port that is allowed is 443. This means that ISA only allows secure socket layer communications to happen on this port. This is the standard port used by https websites. Some administrators have varied from the standard port and are using other ports for secured communication. If you find that you are unable to access an https website, the first step is to call the administrator of the website and ask which port is being using for SSL. For the purposes of our example we'll say that the website requires port 5443. The SSL port designations held in the Registry are a little difficult to modify directly. Fortunately, the website http://isatools.org, which is known for housing many useful ISA scripts, has one that makes adding, removing, and displaying your SSL ports easy. The script can be downloaded at http://isatoools.org/ISA_tpr.js. After you have downloaded the script, simply double-clicking on it causes it to display which SSL ports are currently installed on your server. However, running it from the command prompt is where the power is. Enter /? After the filename and press Enter to view the available switches and syntax for this script. To allow SSL communications on port 5443 enter the following at the command prompt after navigating to the folder where you have saved the script. We'll call the port bankport5443. Type Isa_tpr.js /add bankport5443 5443 and press Enter. (see Figure 24.12) After the command has processed, a Windows Script Host box pops up and reminds you to restart the Web Proxy service; click OK. Another series of script boxes appear that display the new port information. Figure 24.12. Using the script to create a new port for SSL also confirms that it was successful.
|