Internet Related/Filtering/Firewall Thread, Microsoft Threat Management Gateway 2010 - Wifi Managing in Technical; We currently have TMG in place and working well, however we are looking at making more use of TMG's features. ...
Microsoft Threat Management Gateway 2010 - Wifi Managing
We currently have TMG in place and working well, however we are looking at making more use of TMG's features. We are implementing a new wireless system that i want to be open but secure, to get this we are hoping TMG can step in and work well.
These are laptops that are not school owned and must not be any configuration change so the user just clicks connect to network, once connected any laptop that are in this group will go through the TMG to access the internet and require the user to login. We have selected captivate as a possible solution for this as you can utilise a listener to capture login info.
These laptops are school owned laptops that have to be usable at the users home address (E.G no proxy server stated), and can connect to all the school services without any login information as it should all be in the laptop as part of its login process. Theese laptops are connected to a domain.
The above is what I am trying to achieve and so far I have managed to get un-trusted laptops to work perfectly, however when it comes down to the Trusted laptops it’s a different outcome. When i read up on TMG it has a client that you can use, even though when I install it the laptops are still not passing on login information.
My Network config is very simple in terms of the clients, the wireless is on its own VLAN and the TMG is plugged into this VLAN via a dedicated NIC with an IP address of 172.16.80.254. The DHCP server hands out the IP addresses and the default gateway is the TMG (172.16.80.254).
The most annoying part is it doesn’t ask for login information, it just fails!!
How are clients configured i.e. the trusted laptops? they should be able to just use the wpad info to configured the proxy file automatically. This is done by setting up the wpad on the dns server and then allowing the TMG clients to pick it up. You may need to create rules on tmg to allow appropriate traffic i.e. allow access from internet to external.
Need a bit more info on what type of client the trusted laptops are i.e. secureNAT, webproxy or firewall client
If they are joined to the domain, then you can create the rules in TMG (if tmg 2010 is joined to the domain as well) to allow users access to the internet. The rules are based on network objects, computer accounts, subnets etc.