Solved

Public Name tab under TMG Firewall Policy

Posted on 2014-01-06
2
797 Views
Last Modified: 2014-01-11
What do the website and IP addresses represent under Public Name tab of TMG Firewall policy ? How is it different from "To" tab as I find the server defined are different. I suppose the To tab and Public Name should be the same. ...

Tks
Lync-Web-Publishing.png
Lync-To-Tab.png
0
Comment
Question by:AXISHK
2 Comments
 
LVL 16

Accepted Solution

by:
PaciB earned 500 total points
ID: 39765231
Hi,

This is about "publishing rules", meaning tules that will allow external clients to reach internal servers.

I a publishing rule there is no direct dialog between the external client and the internal server ! The external client dialogs with the TMG, and the TMG act as a client to reach the internal server.

The "To" tab only concerns how TMG will reach the internal servers. In this tab you will give the DNS internal name TMG should use to reach the internal server. If the TMG server is unable to resolve internal DNS names (that might be the case in some situations) then you should type the internal IP address of the internal server TMG will have to reach.

The "Public Names" tab only concerns HTTP requests coming from the external client to the TMG.
As TMG is able to apply several different publishing rules on the same IP and Port combination there must be a way for TMG to decide which published server a request is about.
Let me explain better : let's suppose you want to publish 2 internal servers that hosts 2 different applications with only one TMG server that use only one external NIC and one public IP. You need a way to separate requests that are for the first application to redirect them to the good application server, and the same for the second application.
When the external client connects to your TMG server it uses the external public IP of your TMG, and use the same TCP port as both applications are HTTP (TCP 80). Then in the HTTP dialog the client ask for the URL, with some command like "GET http://www.app1.com/" for the first application, or "GET http://www.app2.com/" for the second application. Both names www.app1.com and www.app2.com are resolved to the same public IP that matches with your unique TMG server.
www.app1.com and www.app2.com are called "Public Names" and you can restrict a publishing rule to match ONLY for a specific public name so that requests for www.app2.com will not match the publishing rule for the first application and will not be send to the wrong server.

If the example you gave us, the publishing rule will only match if the URL requested by the client contains one of the 3 names that appear in the "Public Names" tab. Any other request will be ignored by this publishing rule, and TMG will continue to check next rule for matching.

If your case, if an external client use the public IP address in the URL instead of using one of the 3 names allowed the rule will not match because the IP address does not appear as a public name in the rule.

Have a good day.
0
 

Author Closing Comment

by:AXISHK
ID: 39773173
tks
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Low Virtual Memory 8 28
Exchange 2010 3 253
Exchange 2010 OWA 403 error 7 717
RDP access via TMG 11 515
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now