Internet Related/Filtering/Firewall Thread, Advice on TMG in Technical; I only want to setup a web listener feature of it to we can have lots more subdomains for things ...
22nd May 2012, 10:07 PM #1
Advice on TMG
I only want to setup a web listener feature of it to we can have lots more subdomains for things ie autodiscover for exchange, lync server, maybe sharepoint etc.
Since I have installed the TMG onto the server I can only get to it through Hyper-v, anyway to enable to remote into it normally?
Also since the TMG has been installed it doesn't seem to be using the proxy settings either through the auto dectect (wpad) of typing it in manually. It annoying because we get do any updates on this server. And will the web listener even work without the internet?
I know the tmg is meant to be used as a proxy server, but we already have e2bn and impero for blocking content.
IDG Tech News
22nd May 2012, 10:10 PM #2
If its anything like ISA (which it should be considering it is the newer version) as well as enabling RDP you need to setup in TMG a rule to allow access from x range to the machine itself otherwise it blocks it.
22nd May 2012, 10:24 PM #3
Yes you definetly do, I allow RDP to just our IT Support computers and it works a treat.
28th May 2012, 10:58 AM #4
Where do you set this, when I type in a computer name on the TMG console, termial settings, I can type in a computer name but you have to type in a IP address, we don't have our computers on static IP addresses.
Before I cause lots of problems can someone confirm if this is right.
DNS provider plus there Name Servers (123REG)
for example the eportal.ockendonacad.co.uk, this needs to be set the the external IP address of the TMG2010 server plus any other subdomains, that we want right?
And get the council to unblock all the ports we need just on the external IP address of the TMG server, for all the subdomain services/sites.
Also is there any external ports that need to be opened for the TMG server to function? (I cant seem to find this answer)
Last edited by vikpaw; 3rd November 2012 at 02:10 PM.
Reason: google false positives on domain - user request
28th May 2012, 05:05 PM #5
TMG should only have one set of DNS servers configured on its NICs, and in an AD environment they should be your Domain intergrated DNS servers on your DCs.
You should ensure there is a rule to allow DNS queries out to your ISP/RBC DNS servers from your DCs.
On my TMG there is a default system rule to allow RDP management - you just need to add the management computers to the 'remote management computers' Computer set.
As long as your internal and external interfaces are correctly configured, the basic functionality you configure through wizards will open the necessary ports for TMG to function.
For each rule you consfigure/site published you can get the council to forward those ports to your TMG. For HTTPS sites you will probably need to publish each site on a different port.
If you are using it as an explicit proxy server (rather than transparent) then the quickest way to ensure traffic gets through (after creating your web access policy) is to set the client proxy settings to explicitly be the internal FQDN of the TMG - this allows Kerberos authentication to work and reduces the load on the TMG and DCs which otherwise tend to buckle under Secondary School loads. There is a 'better' way - but this is easiest while you are just finding your feet.
If you haven't already: Read the TMG Administrators Companion from MS Press. And sketch some pictures of how things work - it really helps to develop understanding of the product.
Last edited by psydii; 28th May 2012 at 05:22 PM.
28th May 2012, 05:20 PM #6
Just re-read your post - I beleive you want to get TMG to use a proxy that already exists. In which case it should be similar to any other Windows Server, from an elevated commandline:
netsh winhttp set proxy set proxy proxy-server="http=myproxy;https=sproxy:88" bypass-list="*.foo.com"
You will need to create a rule that allows HTTP and HTTPS traffic from 'Local Host' to the proxy server.
By tosca925 in forum Windows
Last Post: 28th September 2006, 09:22 PM
By Kyle in forum How do you do....it?
Last Post: 14th August 2006, 07:15 AM
By projector1 in forum Hardware
Last Post: 7th July 2006, 09:44 PM
By standunstan in forum Windows
Last Post: 21st March 2006, 10:46 PM
By scotty in forum Windows
Last Post: 14th March 2006, 11:43 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)