For the record, this is my *first* time using Microsoft Forefront TMG, and it's been years since I've looked at ISA Server, or any software-based proxy/firewall solution.
Anyhow, we're attempting to do some cache/load-balance testing with some internal websites. Ultimately, we're looking to test against (8) web servers, but I'm having trouble even getting traffic routed to a single server. The setup is as follows:
Forefront TMG Server
Ext IP: 10.1.1.152
Int IP: 10.1.7.10
Server1: Win1 / 10.1.7.11
The Forefront server has (2) NICs -- one for external access (client-facing), and one for internal access (web server facing). Forefront is up and running, and I've walked through this document to publish multiple web sites over a basic HTTP connection
. Honestly, I'm not doing anything particularly fancy here.
My Listener is set to use the Ext IP (10.1.1.152). The Firewall Policy is coming FROM "anywhere" and TO "10.1.7.11", which is our single web server, in this case. I've also created a Public Name -- "lbtest" -- so that clients on the 10.1.1.x subnet can hit the Forefront server and get routed to the web server. The "lbtest" name has a DNS "A" record of the Forefront EXT IP, 10.1.1.152. Otherwise, there is no authentication needed, no specific users, no specific times, etc.. It's pretty wide open. If a client requests "http://lbtest
", it should route to the Forefront server EXT IP address, which should then be picked up by Forefront and routed to the web server (10.1.7.11). Also, the internal Forefront configuration tests all appear to pass.
So, what am I missing here? I try to hit http://lbtest
from my box and it goes nowhere. I'm guessing that it's something fairly straightforward, but I can't for the life of me figure it out.