Thursday , July 29 2021

Threat Management Gateway (TMG) 2010 Tunnel Port Ranges

By default ISA Server and Threat Management Gateway (TMG) 2010 Server allow SSL Tunnel over port 443 only. If we try to access HTTPS traffic on other then 443 port, we face following error:

HTTP/1.1 502 Proxy Error (The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.)

Following Screenshot shows this error in Real Scenario:

1- SSL Tunnel Error  Threat Management Gateway (TMG) 2010 Tunnel Port Ranges 1 SSL Tunnel Error 373x250

To resolve this error, we need to add custom port in Windows Registry, as ISA and TMG Servers use Windows Settings for port ranges. Download Scripts given below and Edit/Add port in them and execute as follows:

 Download Scripts Here

The Add TP Range Script (tpportadd.vbs):

– Edit this script, change ports from “8443” to your desired ones in it:

Dim root
Dim tpRanges
Dim newRange
Set root = CreateObject(“FPC.Root”)
Set tpRanges = root.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set newRange = tpRanges.AddRange(“SSL 8443“, 8443, 8443)

– In this script:

NOTE:  (“The name”  , The START port number, the end port number)

– Change port in all three locations highlighted in RED colour.

– Save this script somewhere, Recommended: at C:\


From a command prompt run the script with:
cscript AddTPPort.vbs
– No output will be shown on command prompt to let us know if it succeeded.
– We will have to restart the firewall service on each of the TMG node in array.
– To Verify port ranges added, run following script:
The List TP Ranges Script (tpportslist.vbs):
– Extract this script, place it at C:\
– Execute:
#    cd c:\
#    cscript tpportslist.vbs
– Result will be shown with the added ports as:
3- Port Added  Threat Management Gateway (TMG) 2010 Tunnel Port Ranges 3 Port Added 373x250
– Now try to connect to the required SSH Port, it should be Successful now.
2- SSL Tunnel Allowed  Threat Management Gateway (TMG) 2010 Tunnel Port Ranges 2 SSL Tunnel Allowed 373x106

About Muhammad Attique

Check these out :)

Installing & Configuring WingIDE on Kali Linux (64-bit) wing

Installing & Configuring WingIDE on Kali Linux (64-bit)

Wingware Python IDE a.k.a. Wing IDE is a full-featured Python IDE designed for professional programmers. …

Leave a Reply

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.