<div>
Web Server? Yes,...but not recommended. &nbsp;Faster, less failure points, and more efficient to go directly to the internal web server.<br />
Web Publishing is based on a Reverse Web Proxying,..so yes this is possible.<br />
Server Publishing (non-web server publishing) is based on a Reverse NAT,...and this process is impossible with that due to the way NAT generically functions (it's a NAT thing,...not a TMG thing).<br />

</div>


Web Server? Yes,...but not recommended.  Faster, less failure points, and more efficient to go directly to the internal web server.
Web Publishing is based on a Reverse Web Proxying,..so yes this is possible.
Server Publishing (non-web server publishing) is based on a Reverse NAT,...and this process is impossible with that due to the way NAT generically functions (it's a NAT thing,...not a TMG thing).


<div>
yeah, I hear you, but the web team wants to test the sites via SSL even if SSL is offloaded on the ISA. &nbsp;So when they hit the site from within, https fails since the cert is only on TMG/ISA. &nbsp;
</div>


yeah, I hear you, but the web team wants to test the sites via SSL even if SSL is offloaded on the ISA.  So when they hit the site from within, https fails since the cert is only on TMG/ISA.  

<div>
Another issue that came up is using TMG to load balance a farm of internal servers. &nbsp;How can the internal users access the load balanced farm if if the VIP is an external IP address?
</div>


Another issue that came up is using TMG to load balance a farm of internal servers.  How can the internal users access the load balanced farm if if the VIP is an external IP address?

<div>
<div class="content wysiwyg-content">
Can microsoft TMG / ISA perform hairpinning? &nbsp;Specifically, can an internal client access the external IP address of a published web server? &nbsp; 
</div>
</div>


Can microsoft TMG / ISA perform hairpinning?  Specifically, can an internal client access the external IP address of a published web server?   

Microsoft TMG / ISA Hairpinning?

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.