cjameson74
asked on
Forefront TMG 2010
I am planning on deploying a test server to see if I like the TMG product. Easy question.
Do I need to join this server to the domain? I am going to have it inside the Cisco ASA appliance.
Just wanted to see what the best practice usually is for that.
Do I need to join this server to the domain? I am going to have it inside the Cisco ASA appliance.
Just wanted to see what the best practice usually is for that.
stivostenberg
You do NOT have to join the TMG to the domain, unless you want to use domain integrated authentication for controlling access to the Internet.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
What does domain integrated authentication do for me?
Domain Integrated Authentication allows you to use a users Domain Credentials in rules to determine what they are allowed to do through the TMG. It gives you finer grain control over what individual users are allowed to do. If you dont care, and apply the same rules to everybody, then there is no need for it.
Oh, sorry, was thinking only about outbound connections. Are you planning on having users come IN through TMG? In that case, joining the domain allows them to use Domain Creds to get in, assuming you set the rules to perform that function. In both cases, inbound and outbound, joining the Domain allows you to authenticate to the TMG using the domain credentials, rather than some other authentication scheme.
ASKER
Well right now I am just trying to find something to replace my Cymphonix.
TMG is something that we can access for free due to our MS partner network agreement. SO I am just testing it for now.
TMG is something that we can access for free due to our MS partner network agreement. SO I am just testing it for now.