Attempting today to use Bing(web search, images search works) on a host(with IE 8 or IE 6, web proxy+secure NAT client or secure NAT client only) behind TMG Beta 3 in my lab, and:
![behind3 behind3](/blog/image.axd?picture=behind3_thumb.png)
As already said, images search is fine:
![behind10 behind10](/blog/image.axd?picture=behind10_thumb.png)
Nothing special, the default web policy:
![policy_tmgb3 policy_tmgb3](/blog/image.axd?picture=policy_tmgb3_thumb.png)
When I try from TMG itself, although it also logs a failure, it displays the search result:
If I exclude bing’s IP address from Request Compressed Data:
![compr_exclude compr_exclude](/blog/image.axd?picture=compr_exclude.png)
It works fine:
![behind5 behind5](/blog/image.axd?picture=behind5_thumb.png)
Being a little curious, I’ve fired up Wireshark, and took some captures on TMG Beta 3 external interface:
- for the host behind TMG Beta 3, the server’s reply looks like:
- for the request from TMG itself, the server’s reply looks like:
I’m not entirely convinced the server’s reply(data) is invalid and it cannot be decompressed.
Here is a trick(in case you did not know it already): first I’ve filtered the needed conversation(the server’s reply), then clicked on the packet containing the 200 OK message, expanded the HTTP area, right-clicked the Line-based text data: and clicked Export Selected Packet Bytes…, as can be seen from bellow we are actually exporting the web page received from the web server(note that Wireshark reassembled and decompressed the server’s reply, see the HTTP Preferences Wireshark’s help web page for more info):
![behind8 behind8](/blog/image.axd?picture=behind8.png)
If I apply this trick to both captures, and then open the obtained web pages, we can see something from the web server’s reply:
- for the host behind TMG Beta 3:
![behind9 behind9](/blog/image.axd?picture=behind9_thumb.png)
- for the request from TMG itself:
![local3 local3](/blog/image.axd?picture=local3_thumb.png)
The question was why did TMG Beta 3 dropped the packet.
I’m not sure if I’ve spilled the milk somewhere(I have tried only in a single lab).
I feel lazy for the moment, it’s Friday evening, so I will leave it for later. –:)