Hello all,
I installed forefront threat management gateway in Vsphere, configured a basic rule to allow all outbound traffic for users, i can ping , open http from clients, but i can't open https and some other protocols,
i get this error from browser:

Secure Connection Failed

An error occurred during a connection to facebook SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

i configured the vsphere server with two virtual switches and assigned a lan card to each one of them, the forefront virtual machine can ping both of lan and wan, any clue ? i am stucked!

Hi,

Have you checked TMG logging? Any error? How do you configure the basic rule? Have you included the https protocol in the rule?

Creating Access Rules with TMG 2010

Please check the blog below that has a similar error with yours. The steps in the blog could help you to trouleshoot this issue.

http://www.carbonwind.net/blog/post/Firefox-may-return-a-ssl_error_rx_record_too_long-error-when-trying-to-access-certain-secure-web-sites-through-Forefront-TMG-2010-RTM-doing-Outbound-HTTPS-Inspection.aspx

Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Best Regards,

Joyce

Yes i got the following errors:

Denied Connection EMEAEGYALXFPLAB 5/31/2015 4:43:01 AM
Log type: Firewall service
Status: A packet was dropped because Forefront TMG determined that the source IP address is spoofed

====================

Denied Connection EMEAEGYALXFPLAB 5/31/2015 4:42:38 AM
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.  
Rule: None - see Result Code

Hi,

The error "A packet was dropped because Forefront TMG determined that the source IP address is spoofed" means the IP of a packet is considered invalid for the network adapter. Please make sure that your network definition is correct. 

Understanding a scenario where TMG drops the packet as spoofed even when the source IP doesnt belong to the internal network

The error "A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer"means that TMG received part of a 3 way handshake that it didn't expect. For example, it may have received an ACK packet from a source that it had not already seen a SYN packet destined to. When TMG sees a conversation that is right in the middle and it never saw the beginning it drops the traffic. The way to find out what is going on is to use a Network capture utility on both TMG and the offending machine.

Best Regards,

Joyce

So let me know , can i use the same physical LAN card in my vpshere, for both of LAN and WAN cards in TMG vm ?