• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1221
  • Last Modified:

Setup ForeFront TMG as a forward proxy

Hi,

We have a client that has requested a Forefront TMG 2010 server be installed and configured as a forward web proxy ONLY. They don't want any of the other cool Forefront features.

As per their spec, I've installed the Forefront server in a single adapter setup with it on the DMZ network and added the LAN ranges to the Internal Networks.

Does anyone have any instructions or handy links for step by step configuring of Forefront as a forward web proxy and any other best practice?

I've searched the web and EE and there are numerous resources for everything else related to Forefront but this?

Any tips would be appreciated. Thanks.
0
southwestsixteen
Asked:
southwestsixteen
  • 2
1 Solution
 
southwestsixteenAuthor Commented:
UPDATE: I've done what I believe to be the forward proxy config but when I set this server as the proxy in IE I get the attached error when navigating to a website.
ProxyError.PNG
0
 
Suliman Abu KharroubIT Consultant Commented:
Make sure that the client which you are testing from can reach tmg server... The attached error mag is not returned from tmg.

By default tmg listen for web clients on port TCP 8080... Male sure that this port is allowed from internal to dmz (or tmg).
0
 
Keith AlabasterCommented:
If you look at the error message it states that the page cannot be displayed - not that it cannot be reached. It also notes 'bad data' which is normally a red herring to be honest.

This should be a doddle but assumes you have set the server up correctly - not only for TMG but just as a plain windows server in the first instance.

For example, is the routing set up correctly to ensure traffic can get back into the internal network?
What ip address ranges have you added into the TMG gui network config? Port No in the browser?
What firewall policies have you added?
How is DNS being handled - from an external dns service or your internal dns service?

Have you fired up the best practice analyser to check the obvious issues to start with?

if you still have issues I will point you to a walk through link but always best to understand your own mistakes so you learn for the future before just following 'the guide'....
0
 
southwestsixteenAuthor Commented:
Thanks for the input guys. The mistake was apparently that IE had the proxy port as 80 but when I changed it to 8080 it worked ok. We're still in the testing phase but it all seems ok.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now