Solved

Setup ForeFront TMG as a forward proxy

Posted on 2013-01-15
4
1,118 Views
Last Modified: 2013-01-29
Hi,

We have a client that has requested a Forefront TMG 2010 server be installed and configured as a forward web proxy ONLY. They don't want any of the other cool Forefront features.

As per their spec, I've installed the Forefront server in a single adapter setup with it on the DMZ network and added the LAN ranges to the Internal Networks.

Does anyone have any instructions or handy links for step by step configuring of Forefront as a forward web proxy and any other best practice?

I've searched the web and EE and there are numerous resources for everything else related to Forefront but this?

Any tips would be appreciated. Thanks.
0
Comment
Question by:southwestsixteen
  • 2
4 Comments
 
LVL 3

Author Comment

by:southwestsixteen
ID: 38777927
UPDATE: I've done what I believe to be the forward proxy config but when I set this server as the proxy in IE I get the attached error when navigating to a website.
ProxyError.PNG
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 500 total points
ID: 38778193
Make sure that the client which you are testing from can reach tmg server... The attached error mag is not returned from tmg.

By default tmg listen for web clients on port TCP 8080... Male sure that this port is allowed from internal to dmz (or tmg).
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38779533
If you look at the error message it states that the page cannot be displayed - not that it cannot be reached. It also notes 'bad data' which is normally a red herring to be honest.

This should be a doddle but assumes you have set the server up correctly - not only for TMG but just as a plain windows server in the first instance.

For example, is the routing set up correctly to ensure traffic can get back into the internal network?
What ip address ranges have you added into the TMG gui network config? Port No in the browser?
What firewall policies have you added?
How is DNS being handled - from an external dns service or your internal dns service?

Have you fired up the best practice analyser to check the obvious issues to start with?

if you still have issues I will point you to a walk through link but always best to understand your own mistakes so you learn for the future before just following 'the guide'....
0
 
LVL 3

Author Comment

by:southwestsixteen
ID: 38831978
Thanks for the input guys. The mistake was apparently that IE had the proxy port as 80 but when I changed it to 8080 it worked ok. We're still in the testing phase but it all seems ok.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Exchange 2010 3 259
Accessing the internet with forefront after subnet change. 3 393
SFTP Behind ISA 2000 22 561
Isa 2006 Dynamic Ports 9 550
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now