Solved

Public Name tab under TMG Firewall Policy

Posted on 2014-01-06
2
844 Views
Last Modified: 2014-01-11
What do the website and IP addresses represent under Public Name tab of TMG Firewall policy ? How is it different from "To" tab as I find the server defined are different. I suppose the To tab and Public Name should be the same. ...

Tks
Lync-Web-Publishing.png
Lync-To-Tab.png
0
Comment
Question by:AXISHK
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Bruno PACI earned 500 total points
ID: 39765231
Hi,

This is about "publishing rules", meaning tules that will allow external clients to reach internal servers.

I a publishing rule there is no direct dialog between the external client and the internal server ! The external client dialogs with the TMG, and the TMG act as a client to reach the internal server.

The "To" tab only concerns how TMG will reach the internal servers. In this tab you will give the DNS internal name TMG should use to reach the internal server. If the TMG server is unable to resolve internal DNS names (that might be the case in some situations) then you should type the internal IP address of the internal server TMG will have to reach.

The "Public Names" tab only concerns HTTP requests coming from the external client to the TMG.
As TMG is able to apply several different publishing rules on the same IP and Port combination there must be a way for TMG to decide which published server a request is about.
Let me explain better : let's suppose you want to publish 2 internal servers that hosts 2 different applications with only one TMG server that use only one external NIC and one public IP. You need a way to separate requests that are for the first application to redirect them to the good application server, and the same for the second application.
When the external client connects to your TMG server it uses the external public IP of your TMG, and use the same TCP port as both applications are HTTP (TCP 80). Then in the HTTP dialog the client ask for the URL, with some command like "GET http://www.app1.com/" for the first application, or "GET http://www.app2.com/" for the second application. Both names www.app1.com and www.app2.com are resolved to the same public IP that matches with your unique TMG server.
www.app1.com and www.app2.com are called "Public Names" and you can restrict a publishing rule to match ONLY for a specific public name so that requests for www.app2.com will not match the publishing rule for the first application and will not be send to the wrong server.

If the example you gave us, the publishing rule will only match if the URL requested by the client contains one of the 3 names that appear in the "Public Names" tab. Any other request will be ignored by this publishing rule, and TMG will continue to check next rule for matching.

If your case, if an external client use the public IP address in the URL instead of using one of the 3 names allowed the rule will not match because the IP address does not appear as a public name in the rule.

Have a good day.
0
 

Author Closing Comment

by:AXISHK
ID: 39773173
tks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question