Solved

Setup ForeFront TMG as a forward proxy

Posted on 2013-01-15
4
1,133 Views
Last Modified: 2013-01-29
Hi,

We have a client that has requested a Forefront TMG 2010 server be installed and configured as a forward web proxy ONLY. They don't want any of the other cool Forefront features.

As per their spec, I've installed the Forefront server in a single adapter setup with it on the DMZ network and added the LAN ranges to the Internal Networks.

Does anyone have any instructions or handy links for step by step configuring of Forefront as a forward web proxy and any other best practice?

I've searched the web and EE and there are numerous resources for everything else related to Forefront but this?

Any tips would be appreciated. Thanks.
0
Comment
Question by:southwestsixteen
  • 2
4 Comments
 
LVL 3

Author Comment

by:southwestsixteen
ID: 38777927
UPDATE: I've done what I believe to be the forward proxy config but when I set this server as the proxy in IE I get the attached error when navigating to a website.
ProxyError.PNG
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 38778193
Make sure that the client which you are testing from can reach tmg server... The attached error mag is not returned from tmg.

By default tmg listen for web clients on port TCP 8080... Male sure that this port is allowed from internal to dmz (or tmg).
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38779533
If you look at the error message it states that the page cannot be displayed - not that it cannot be reached. It also notes 'bad data' which is normally a red herring to be honest.

This should be a doddle but assumes you have set the server up correctly - not only for TMG but just as a plain windows server in the first instance.

For example, is the routing set up correctly to ensure traffic can get back into the internal network?
What ip address ranges have you added into the TMG gui network config? Port No in the browser?
What firewall policies have you added?
How is DNS being handled - from an external dns service or your internal dns service?

Have you fired up the best practice analyser to check the obvious issues to start with?

if you still have issues I will point you to a walk through link but always best to understand your own mistakes so you learn for the future before just following 'the guide'....
0
 
LVL 3

Author Comment

by:southwestsixteen
ID: 38831978
Thanks for the input guys. The mistake was apparently that IE had the proxy port as 80 but when I changed it to 8080 it worked ok. We're still in the testing phase but it all seems ok.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Remove ISA from an EBS 2008 environment 5 649
TMG ISP Redudancy and DNS 11 663
Server 2012 Domain Controler 4 464
Email forensics? 6 212
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question