{"id":2906,"date":"2010-04-30T17:45:03","date_gmt":"2010-04-30T16:45:03","guid":{"rendered":"http:\/\/www.it-training-grote.de\/blog\/?p=2906"},"modified":"2010-04-30T17:45:03","modified_gmt":"2010-04-30T16:45:03","slug":"https-inspection-in-forefront-tmg-und-ip-ausnahmen-ergaenzung","status":"publish","type":"post","link":"https:\/\/www.it-consulting-grote.de\/blog\/?p=2906","title":{"rendered":"HTTPS Inspection in Forefront TMG und IP-Ausnahmen &#8211; Ergaenzung"},"content":{"rendered":"<p>Hallo Leutz,<\/p>\n<p>dieser Beitrag ergaenzt die Aussage des Microsoft TMG Support aus meinem Artikel:<br \/>\n<a href=\"http:\/\/www.it-training-grote.de\/blog\/?p=2591\">http:\/\/www.it-training-grote.de\/blog\/?p=2591<\/a><br \/>\nIn dem Artikel steht, dass man mit Forefront TMG keine Ausnahmen von der HTTPS Inspection fuer IP-Adressen machen kann.<br \/>\nDie Original Aussage des MS Support war:<br \/>\n<span style=\"font-family: &quot;Calibri&quot;,&quot;sans-serif&quot;; color: black; font-size: 10pt; mso-fareast-font-family: &quot;Times New Roman&quot;;\"><br \/>\n&#8220;No, but if you know the certificate subject and SAN names used by those services, you can enter those in the exceptions.<br \/>\n<\/span><span style=\"font-family: &quot;Calibri&quot;,&quot;sans-serif&quot;; color: black; font-size: 10pt; mso-fareast-font-family: &quot;Times New Roman&quot;;\">TMG uses the subject and SAN attributes to determine if the upstream server is &#8220;exceptional&#8221; as well as how to build the spoof cert if it needs to. <\/span><span style=\"font-family: &quot;Calibri&quot;,&quot;sans-serif&quot;; color: black; font-size: 10pt; mso-fareast-font-family: &quot;Times New Roman&quot;;\">The primary reason IPs aren&#8217;t usable is that in the hosted cloud Internet of today, IP addresses do not represent anything even remotely like &#8220;identity&#8221; and identity is exactly the context in which certificate validation operates.&#8221;<\/span><\/p>\n<p>Dem scheint nicht so zu sein. In einem Posting in der deutschen ISA Server Newsgroup vom 30.04.2010 schreibt Alex111:<br \/>\n&#8220;Nachtrag: zum Gl\u00fcck erlaubt es TMG die IP wie folgt einzugeben. So hat es bei mir funktioniert: *.236.97.247&#8221;<\/p>\n<p>Gruss Marc<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hallo Leutz, dieser Beitrag ergaenzt die Aussage des Microsoft TMG Support aus meinem Artikel: http:\/\/www.it-training-grote.de\/blog\/?p=2591 In dem Artikel steht, dass man mit Forefront TMG keine Ausnahmen von der HTTPS Inspection fuer IP-Adressen machen kann. Die Original Aussage des MS Support &hellip; <a href=\"https:\/\/www.it-consulting-grote.de\/blog\/?p=2906\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8,5,46,10,3],"tags":[],"_links":{"self":[{"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2906"}],"collection":[{"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2906"}],"version-history":[{"count":1,"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2906\/revisions"}],"predecessor-version":[{"id":2908,"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2906\/revisions\/2908"}],"wp:attachment":[{"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.it-consulting-grote.de\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}