Monday , September 23 2019
Home / Systems Admin / Threat Management Gateway (TMG) 2010 Tunnel Port Ranges

Threat Management Gateway (TMG) 2010 Tunnel Port Ranges

By default ISA Server and Threat Management Gateway (TMG) 2010 Server allow SSL Tunnel over port 443 only. If we try to access HTTPS traffic on other then 443 port, we face following error:

HTTP/1.1 502 Proxy Error (The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.)

Following Screenshot shows this error in Real Scenario:

1- SSL Tunnel Error  Threat Management Gateway (TMG) 2010 Tunnel Port Ranges 1 SSL Tunnel Error 373x250

To resolve this error, we need to add custom port in Windows Registry, as ISA and TMG Servers use Windows Settings for port ranges. Download Scripts given below and Edit/Add port in them and execute as follows:

 Download Scripts Here

The Add TP Range Script (tpportadd.vbs):

– Edit this script, change ports from “8443” to your desired ones in it:

Dim root
Dim tpRanges
Dim newRange
Set root = CreateObject(“FPC.Root”)
Set tpRanges = root.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set newRange = tpRanges.AddRange(“SSL 8443“, 8443, 8443)

– In this script:

NOTE:  (“The name”  , The START port number, the end port number)

– Change port in all three locations highlighted in RED colour.

– Save this script somewhere, Recommended: at C:\


From a command prompt run the script with:
cscript AddTPPort.vbs
– No output will be shown on command prompt to let us know if it succeeded.
– We will have to restart the firewall service on each of the TMG node in array.
– To Verify port ranges added, run following script:
The List TP Ranges Script (tpportslist.vbs):
– Extract this script, place it at C:\
– Execute:
#    cd c:\
#    cscript tpportslist.vbs
– Result will be shown with the added ports as:
3- Port Added  Threat Management Gateway (TMG) 2010 Tunnel Port Ranges 3 Port Added 373x250
– Now try to connect to the required SSH Port, it should be Successful now.
2- SSL Tunnel Allowed  Threat Management Gateway (TMG) 2010 Tunnel Port Ranges 2 SSL Tunnel Allowed 373x106

About Muhammad Attique

Check these out :)

How to Modify GRUB Bootloader version 2

I’m going to show you how can we edit and modify GRUB Bootloader version 2, …

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

If you agree to these terms, please click here.