Sign in with
Sign up | Sign in
Your question

Microsoft Forefront Threat Management Gateway question

Tags:
  • Firewalls
  • Wireless Router
  • NIC
  • Management
  • Microsoft
  • Gateway
  • Networking
Last response: in Networking
Share
December 14, 2012 10:13:34 AM

Hye,

A newbie question, so the forfront is configured on my server, an my internet wireless router is plugged to one of the nic ports, where do i go from here? do i need to plug another wireless router set as an AP with same ssid to another nic?


Would really appreciate your help.


Thank

More about : microsoft forefront threat management gateway question

Anonymous
December 14, 2012 2:01:13 PM

Not entirely sure what you're trying to achieve here.

Do you want TMG to sit between the internal network and the internet?
m
0
l
December 15, 2012 5:12:40 AM

Yes i do , exactly this
m
0
l
Anonymous
December 16, 2012 11:18:17 PM

OK - Then you will need 2 NICs in the TMG server

Configre one NIC to be the internet (External) side of TMG and connect to a router, turn off the DHCP and wireless on this router and connect it to your ISP.

Configure the other NIC as internal, and connect the other router (this will be little more than a wireless access point now) configure rules in TMG to allow your traffic through, remember like most firewalls TMG processes rules from the top down so be mindful on your rule ordering.

Clients will then either be SecureNAT clients (use the TMG internal IP as their default gateway) or Web Proxy Clients (add the TMG internal IP to the clients proxy settings).
m
0
l
December 21, 2012 7:54:22 AM

Another newbie question , so please bear with me.

Ap is working fine now, Not sure if Forefront rules can be implemented through what i did though.


Port I on the server is connected to the Cisco switch, AP is connected to the Cisco switch and my internet cable is connected to the switch.

AP has internet now , because its taking it directly from my isp via cisco switch, But as i have the server connected to the switch , will TMG have control over the websites.


Here's the diagram

m
0
l
December 21, 2012 10:55:41 AM

Guys one more thing, when i connect the cisco AP to the server ,and i connect myself to the AP and i try to ping the server, it tells me destination host unreachable, although i have the firewall off, and i executed this command " netsh firewall set icmpsetting 8 disable" and still nothing.
m
0
l
Anonymous
December 21, 2012 1:30:05 PM

The above diagram will work for Web Proxy clients, but users will be able to bypass the TMG server simply by unchecking the proxy settings, ideally the TMG box should have 2 NICs to stop this.

What is your IP topology?
m
0
l
December 21, 2012 5:10:18 PM

Quote:
The above diagram will work for Web Proxy clients, but users will be able to bypass the TMG server simply by unchecking the proxy settings, ideally the TMG box should have 2 NICs to stop this.

What is your IP topology?




ISP is a router with a public ip


server xxx.xxx.11.230 -------> nic 1

AP xxx.xxx.11.250---------> nic 2
m
0
l
!