Announcement

Collapse
No announcement yet.

Whitelisting IP ranges w/ caching disabled in FF TMG 2010?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Whitelisting IP ranges w/ caching disabled in FF TMG 2010?

    Hi all,

    The students at our school use a website called VMathLive.com and have been for a year or so. In August, I installed a ForeFront TMG server to use as a proxy server and firewall.

    God knows I am NO expert at TMG, especially since I never used ISA before it!

    Anyway, now that were solidly into the school year, the kids are starting to use VMath more heavily and issues are popping up. Largely, the site works, but for most kids there are "sporadic" issues. I won't bore you with what those are.

    Suffice it to say that VMath's technical support has told me the following:
    Please have your District Admin add these IP addresses to your proxy white list with caching disabled. The issue sounds like a corrupt proxy cache within the school network. You will probably need... to purge it.
    202.167.245.0/24
    202.58.100.0/24
    203.99.142.0/24
    202.9.83.0/24
    Let me know if this helps to resolve the VMathLive issue.
    So, here's what I did.. And it's changed nothing. If anything, it seems to have made things worse...

    ForeFront TMG Management --> Web Access Policy --> Configure Web Caching --> New

    I created the IP Addresses Sets as follows and added them to the "TO" tab:
    • 202.167.245.0 - 202.167.245.255
    • 202.58.100.0 - 202.58.100.255
    • 203.99.142.0 - 203.99.142.255
    • 202.9.83.0 - 202.9.83.255

    Cache Store and Retrieval tab:

    Retrieve From Cache is set to "Only if a valid version of the object exists in cache. If no valid version exists, route the request."

    Store In Cache is set to "Never, no content will ever be cached."

    HTTP tab:
    "Enable HTTP Caching" is checked. - Could this be the issue? How is this different from "Store In Cache" above?

    FTP tab:
    "Enable FTP Caching" is checked.

    Advanced tab:
    "Cache SSL Responses" is checked.


    The only other Web Caching configured is "Microsoft Update Cache Rule", "Web Access Scenario Cache Rule", and "Default Rule". And I believe those are all ForeFront Rules that the system, not me, created.

    Basically, it SEEMS to me that I've done what they wanted. But I don't understand or know how to do the "...corrupt proxy cache within the school network. You will probably need to purge it" part of their suggested fix. How can I do that?

    Thanks, everyone!

    Chris

  • #2
    Re: Whitelisting IP ranges w/ caching disabled in FF TMG 2010?

    Any ideas anyone?

    Comment


    • #3
      Re: Whitelisting IP ranges w/ caching disabled in FF TMG 2010?

      Right now I'm on France, buy when I'm back I can have a look at it.
      Does the rule you created worked out already?
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Whitelisting IP ranges w/ caching disabled in FF TMG 2010?

        About clearing the cache... I thought it would be like this:

        http://technet.microsoft.com/en-us/l.../cc995154.aspx
        To clear the cache, disable the cache through Forefront TMG Management and then delete the cache storage file, such as Dir1.cdat (the default name of the Forefront TMG cache file). There is a cache file in the Urlcache folder on each drive that is configured for caching. After you delete the cache file, enable the cache in Forefront TMG Management.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Whitelisting IP ranges w/ caching disabled in FF TMG 2010?

          Hi again Marcel,

          Well, it seems as though this was all for naught. I just received a call from the VMath people. The problem WAS on their end and is now resolved. Nevertheless, I did delete the cache before getting that call and it helped nothing. I've now restored it and we're back to status quo.

          All's well that ends well, and I have a slightly larger knowledge base now.

          THANKS!

          Chris

          Comment

          Working...
          X