forefront TMG, default gateway & Proxy server

Posted on 2011-09-27
Last Modified: 2012-05-12

I Installed Forefront Threat Management Gateway 2010
First Connected to External Internet router at
Second to Lacal Network at -
Local Gateway address (The Machine I installed on)
Gateway (forefront TMG)  is in Workgroup Mode

My questions:

1. I understand that only one DNS must be set in the Gateway (forefront TMG) in the external LAN in My case  the First Connection, is that correct ?

2. What should I set for each computer inside my Local Lan for:
    The Default Gateway ?
    The DNS ?
    Should I need to set Proxy server in each computer to Port 8080 ?

Question by:DoronAviad
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 51

Accepted Solution

Keith Alabaster earned 500 total points
ID: 36714660
1. No - dns mus ONLY be set on the INTERNAL nic and must point to the INTERNAL dns server. Nothing should ever know about the external DNS except the DNS forwarders in the YOUR DNS server service.
2. default gateway on internal PC's/Servers will be the TMG internal IP adrress.
3. As above, the Internal DNS
4. Yes

5. These are absolute basics not only for TMG but for Windows generally. I would suggest you read one of the good admin books or get yourself on a course else TMG will trip you up significantly. It is not forgiving when you get it wrong - if you do not know the detail of how it operates then to make it work people often have tp put in entries that also open big holes in their security without realising it.


Author Closing Comment

ID: 36715750
Thank you

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question