Avatar of Patrick Elsen
Patrick Elsen
Flag for Belgium asked on

Different authentication for internal and external access through TMG 2010

Suppose you need to publish some sites both internally and externally using TMG 2010...

When a user is "internal" (connected to the LAN), we do not want users to enter extra authentication to access the site as they are already logged in using their active directory account.

When the same user is "external" (coming in through the internet - we have a hardware firewall in front of the TMG), we want the users to enter their userid/password before being admitted to the same site.

Is this is configuration that can be setup with TMG 2010? How should this be done?
Microsoft Forefront ISA ServerSecurity

Avatar of undefined
Last Comment
pwindell

8/22/2022 - Mon
Kini pradeep

1. Is the TMG a part of a workgroup or added to an AD domain ?
The servers are a Part of the LAN and since the users Authenticate against the AD, you donot need additional user/password for authentication, but when the users accesses the applications / websites the user should use the AD user name/ pwd? correct me if wrong.

You will need to register the application on the public DNS and map it to the public IP.
If TMG is the perimeter firewall then assign the public IP on external interface and create a web publishing rule.
ASKER CERTIFIED SOLUTION
pwindell

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Your help has saved me hundreds of hours of internet surfing.
fblack61