Solved

Public Name tab under TMG Firewall Policy

Posted on 2014-01-06
2
826 Views
Last Modified: 2014-01-11
What do the website and IP addresses represent under Public Name tab of TMG Firewall policy ? How is it different from "To" tab as I find the server defined are different. I suppose the To tab and Public Name should be the same. ...

Tks
Lync-Web-Publishing.png
Lync-To-Tab.png
0
Comment
Question by:AXISHK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 500 total points
ID: 39765231
Hi,

This is about "publishing rules", meaning tules that will allow external clients to reach internal servers.

I a publishing rule there is no direct dialog between the external client and the internal server ! The external client dialogs with the TMG, and the TMG act as a client to reach the internal server.

The "To" tab only concerns how TMG will reach the internal servers. In this tab you will give the DNS internal name TMG should use to reach the internal server. If the TMG server is unable to resolve internal DNS names (that might be the case in some situations) then you should type the internal IP address of the internal server TMG will have to reach.

The "Public Names" tab only concerns HTTP requests coming from the external client to the TMG.
As TMG is able to apply several different publishing rules on the same IP and Port combination there must be a way for TMG to decide which published server a request is about.
Let me explain better : let's suppose you want to publish 2 internal servers that hosts 2 different applications with only one TMG server that use only one external NIC and one public IP. You need a way to separate requests that are for the first application to redirect them to the good application server, and the same for the second application.
When the external client connects to your TMG server it uses the external public IP of your TMG, and use the same TCP port as both applications are HTTP (TCP 80). Then in the HTTP dialog the client ask for the URL, with some command like "GET http://www.app1.com/" for the first application, or "GET http://www.app2.com/" for the second application. Both names www.app1.com and www.app2.com are resolved to the same public IP that matches with your unique TMG server.
www.app1.com and www.app2.com are called "Public Names" and you can restrict a publishing rule to match ONLY for a specific public name so that requests for www.app2.com will not match the publishing rule for the first application and will not be send to the wrong server.

If the example you gave us, the publishing rule will only match if the URL requested by the client contains one of the 3 names that appear in the "Public Names" tab. Any other request will be ignored by this publishing rule, and TMG will continue to check next rule for matching.

If your case, if an external client use the public IP address in the URL instead of using one of the 3 names allowed the rule will not match because the IP address does not appear as a public name in the rule.

Have a good day.
0
 

Author Closing Comment

by:AXISHK
ID: 39773173
tks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question