+ Post New Thread
Results 1 to 6 of 6
Internet Related/Filtering/Firewall Thread, Advice on TMG in Technical; I only want to setup a web listener feature of it to we can have lots more subdomains for things ...
  1. #1
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25

    Advice on TMG

    I only want to setup a web listener feature of it to we can have lots more subdomains for things ie autodiscover for exchange, lync server, maybe sharepoint etc.

    Since I have installed the TMG onto the server I can only get to it through Hyper-v, anyway to enable to remote into it normally?

    Also since the TMG has been installed it doesn't seem to be using the proxy settings either through the auto dectect (wpad) of typing it in manually. It annoying because we get do any updates on this server. And will the web listener even work without the internet?

    I know the tmg is meant to be used as a proxy server, but we already have e2bn and impero for blocking content.


    Thanks

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,800
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    If its anything like ISA (which it should be considering it is the newer version) as well as enabling RDP you need to setup in TMG a rule to allow access from x range to the machine itself otherwise it blocks it.

  3. #3
    rh91uk's Avatar
    Join Date
    Sep 2008
    Location
    UK
    Posts
    876
    Thank Post
    137
    Thanked 132 Times in 114 Posts
    Rep Power
    35
    Yes you definetly do, I allow RDP to just our IT Support computers and it works a treat.

  4. #4
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Where do you set this, when I type in a computer name on the TMG console, termial settings, I can type in a computer name but you have to type in a IP address, we don't have our computers on static IP addresses.



    Before I cause lots of problems can someone confirm if this is right.


    DNS provider plus there Name Servers (123REG)

    for example the eportal.ockendonacad.co.uk, this needs to be set the the external IP address of the TMG2010 server plus any other subdomains, that we want right?

    And get the council to unblock all the ports we need just on the external IP address of the TMG server, for all the subdomain services/sites.

    Also is there any external ports that need to be opened for the TMG server to function? (I cant seem to find this answer)
    Last edited by vikpaw; 3rd November 2012 at 01:10 PM. Reason: google false positives on domain - user request

  5. #5

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,256
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    TMG should only have one set of DNS servers configured on its NICs, and in an AD environment they should be your Domain intergrated DNS servers on your DCs.
    You should ensure there is a rule to allow DNS queries out to your ISP/RBC DNS servers from your DCs.

    On my TMG there is a default system rule to allow RDP management - you just need to add the management computers to the 'remote management computers' Computer set.

    As long as your internal and external interfaces are correctly configured, the basic functionality you configure through wizards will open the necessary ports for TMG to function.

    For each rule you consfigure/site published you can get the council to forward those ports to your TMG. For HTTPS sites you will probably need to publish each site on a different port.

    If you are using it as an explicit proxy server (rather than transparent) then the quickest way to ensure traffic gets through (after creating your web access policy) is to set the client proxy settings to explicitly be the internal FQDN of the TMG - this allows Kerberos authentication to work and reduces the load on the TMG and DCs which otherwise tend to buckle under Secondary School loads. There is a 'better' way - but this is easiest while you are just finding your feet.

    If you haven't already: Read the TMG Administrators Companion from MS Press. And sketch some pictures of how things work - it really helps to develop understanding of the product.
    Last edited by psydii; 28th May 2012 at 04:22 PM.

  6. #6

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,256
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Just re-read your post - I beleive you want to get TMG to use a proxy that already exists. In which case it should be similar to any other Windows Server, from an elevated commandline:

    netsh winhttp set proxy set proxy proxy-server="http=myproxy;https=sproxy:88" bypass-list="*.foo.com"

    You will need to create a rule that allows HTTP and HTTPS traffic from 'Local Host' to the proxy server.

SHARE:
+ Post New Thread

Similar Threads

  1. Advice on hot swapping Raid Drive
    By tosca925 in forum Windows
    Replies: 3
    Last Post: 28th September 2006, 08:22 PM
  2. Advice on Setting up a Server 2003 domain at home.
    By Kyle in forum How do you do....it?
    Replies: 6
    Last Post: 14th August 2006, 06:15 AM
  3. Replies: 12
    Last Post: 7th July 2006, 08:44 PM
  4. Help and advice on using the GPMC
    By standunstan in forum Windows
    Replies: 6
    Last Post: 21st March 2006, 09:46 PM
  5. Advice on leaving RM
    By scotty in forum Windows
    Replies: 20
    Last Post: 14th March 2006, 10:43 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •