Forefront TMG is not configured to allow SSL requests from this port.
If you ever get this error when trying to visit an SSL site on a non-standard port, you will have to use a script to change the allowed SSL Ports.
Go to http://www.isatools.org/, go to “TMG Tools” and download the “ISA Tunnel Port tool”.
Go to a command prompt and then run “cscript isa_tpr.js /show SSL”
This will show you what port (or range) of SSL ports are allowed.
This has to be changed (otherwise you wouldn’t be here).
run “cscript isa_tpr.js /del SSL”
and then “cscript isa_tpr.js /add SSL 443 8443″.
Change 8443 with the value you need, the custom port I had to allow is 8443.
This will allow the whole range from 443 to 8443, but there is no other way as far as I know.
run “cscript isa_tpr.js /show SSL” to confirm the change.
Restart the Microsoft Firewall service, and you’re done.
It can be done, but in two steps:
1. Add the tunnel port/range using isa_tpr.js
2. Add a user-defined protocol in Forefront TMG and define the outbond TCP port range exactly as you’ve defined them in step one.
If I’m not mistaken, you have to add the user-defined protocol even if you follow the method you’ve described.
In my case, I didn’t have to allow the port as I allow everything to external except for a few blocked ports.
I did find out that this issue is only present with EBS 2008. I now use Forefront TMG Beta 3, and I didn’t have to change the allowed SSL range.