Microsoft Forefront Threat Management Gateway question

waelkd · Dec 14, 2012

Hye,

A newbie question, so the forfront is configured on my server, an my internet wireless router is plugged to one of the nic ports, where do i go from here? do i need to plug another wireless router set as an AP with same ssid to another nic?

Would really appreciate your help.

Thank

Guest · Dec 14, 2012

Not entirely sure what you're trying to achieve here.

Do you want TMG to sit between the internal network and the internet?

waelkd · Dec 15, 2012

Yes i do , exactly this

Guest · Dec 17, 2012

OK - Then you will need 2 NICs in the TMG server

Configre one NIC to be the internet (External) side of TMG and connect to a router, turn off the DHCP and wireless on this router and connect it to your ISP.

Configure the other NIC as internal, and connect the other router (this will be little more than a wireless access point now) configure rules in TMG to allow your traffic through, remember like most firewalls TMG processes rules from the top down so be mindful on your rule ordering.

Clients will then either be SecureNAT clients (use the TMG internal IP as their default gateway) or Web Proxy Clients (add the TMG internal IP to the clients proxy settings).

waelkd · Dec 21, 2012

Another newbie question , so please bear with me.

Ap is working fine now, Not sure if Forefront rules can be implemented through what i did though.

Port I on the server is connected to the Cisco switch, AP is connected to the Cisco switch and my internet cable is connected to the switch.

AP has internet now , because its taking it directly from my isp via cisco switch, But as i have the server connected to the switch , will TMG have control over the websites.

Here's the diagram

waelkd · Dec 21, 2012

Guys one more thing, when i connect the cisco AP to the server ,and i connect myself to the AP and i try to ping the server, it tells me destination host unreachable, although i have the firewall off, and i executed this command " netsh firewall set icmpsetting 8 disable" and still nothing.

Guest · Dec 21, 2012

The above diagram will work for Web Proxy clients, but users will be able to bypass the TMG server simply by unchecking the proxy settings, ideally the TMG box should have 2 NICs to stop this.

What is your IP topology?

waelkd · Dec 21, 2012

The above diagram will work for Web Proxy clients, but users will be able to bypass the TMG server simply by unchecking the proxy settings, ideally the TMG box should have 2 NICs to stop this.

What is your IP topology?

ISP is a router with a public ip

server xxx.xxx.11.230 -------> nic 1

AP xxx.xxx.11.250---------> nic 2

Search

Microsoft Forefront Threat Management Gateway question

waelkd

Distinguished

Guest

Guest

waelkd

Distinguished

Guest

Guest

waelkd

Distinguished

waelkd

Distinguished

Guest

Guest

waelkd

Distinguished

TRENDING THREADS

Latest posts

Moderators online

Share this page