Microsoft Forefront Threat Management Gateway question

Postreply

Distinguished
Jun 19, 2009
131
0
18,680
Hye,

A newbie question, so the forfront is configured on my server, an my internet wireless router is plugged to one of the nic ports, where do i go from here? do i need to plug another wireless router set as an AP with same ssid to another nic?


Would really appreciate your help.


Thank
 
Not entirely sure what you're trying to achieve here.

Do you want TMG to sit between the internal network and the internet?
 
OK - Then you will need 2 NICs in the TMG server

Configre one NIC to be the internet (External) side of TMG and connect to a router, turn off the DHCP and wireless on this router and connect it to your ISP.

Configure the other NIC as internal, and connect the other router (this will be little more than a wireless access point now) configure rules in TMG to allow your traffic through, remember like most firewalls TMG processes rules from the top down so be mindful on your rule ordering.

Clients will then either be SecureNAT clients (use the TMG internal IP as their default gateway) or Web Proxy Clients (add the TMG internal IP to the clients proxy settings).
 
Another newbie question , so please bear with me.

Ap is working fine now, Not sure if Forefront rules can be implemented through what i did though.


Port I on the server is connected to the Cisco switch, AP is connected to the Cisco switch and my internet cable is connected to the switch.

AP has internet now , because its taking it directly from my isp via cisco switch, But as i have the server connected to the switch , will TMG have control over the websites.


Here's the diagram

ZQIWp.jpg
 
Guys one more thing, when i connect the cisco AP to the server ,and i connect myself to the AP and i try to ping the server, it tells me destination host unreachable, although i have the firewall off, and i executed this command " netsh firewall set icmpsetting 8 disable" and still nothing.
 
The above diagram will work for Web Proxy clients, but users will be able to bypass the TMG server simply by unchecking the proxy settings, ideally the TMG box should have 2 NICs to stop this.

What is your IP topology?
 
The above diagram will work for Web Proxy clients, but users will be able to bypass the TMG server simply by unchecking the proxy settings, ideally the TMG box should have 2 NICs to stop this.

What is your IP topology?



ISP is a router with a public ip


server xxx.xxx.11.230 -------> nic 1

AP xxx.xxx.11.250---------> nic 2