?
Solved

Public Name tab under TMG Firewall Policy

Posted on 2014-01-06
2
Medium Priority
?
865 Views
Last Modified: 2014-01-11
What do the website and IP addresses represent under Public Name tab of TMG Firewall policy ? How is it different from "To" tab as I find the server defined are different. I suppose the To tab and Public Name should be the same. ...

Tks
Lync-Web-Publishing.png
Lync-To-Tab.png
0
Comment
Question by:AXISHK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 2000 total points
ID: 39765231
Hi,

This is about "publishing rules", meaning tules that will allow external clients to reach internal servers.

I a publishing rule there is no direct dialog between the external client and the internal server ! The external client dialogs with the TMG, and the TMG act as a client to reach the internal server.

The "To" tab only concerns how TMG will reach the internal servers. In this tab you will give the DNS internal name TMG should use to reach the internal server. If the TMG server is unable to resolve internal DNS names (that might be the case in some situations) then you should type the internal IP address of the internal server TMG will have to reach.

The "Public Names" tab only concerns HTTP requests coming from the external client to the TMG.
As TMG is able to apply several different publishing rules on the same IP and Port combination there must be a way for TMG to decide which published server a request is about.
Let me explain better : let's suppose you want to publish 2 internal servers that hosts 2 different applications with only one TMG server that use only one external NIC and one public IP. You need a way to separate requests that are for the first application to redirect them to the good application server, and the same for the second application.
When the external client connects to your TMG server it uses the external public IP of your TMG, and use the same TCP port as both applications are HTTP (TCP 80). Then in the HTTP dialog the client ask for the URL, with some command like "GET http://www.app1.com/" for the first application, or "GET http://www.app2.com/" for the second application. Both names www.app1.com and www.app2.com are resolved to the same public IP that matches with your unique TMG server.
www.app1.com and www.app2.com are called "Public Names" and you can restrict a publishing rule to match ONLY for a specific public name so that requests for www.app2.com will not match the publishing rule for the first application and will not be send to the wrong server.

If the example you gave us, the publishing rule will only match if the URL requested by the client contains one of the 3 names that appear in the "Public Names" tab. Any other request will be ignored by this publishing rule, and TMG will continue to check next rule for matching.

If your case, if an external client use the public IP address in the URL instead of using one of the 3 names allowed the rule will not match because the IP address does not appear as a public name in the rule.

Have a good day.
0
 

Author Closing Comment

by:AXISHK
ID: 39773173
tks
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question