• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 921
  • Last Modified:

Public Name tab under TMG Firewall Policy

What do the website and IP addresses represent under Public Name tab of TMG Firewall policy ? How is it different from "To" tab as I find the server defined are different. I suppose the To tab and Public Name should be the same. ...

Tks
Lync-Web-Publishing.png
Lync-To-Tab.png
0
AXISHK
Asked:
AXISHK
1 Solution
 
Bruno PACIIT ConsultantCommented:
Hi,

This is about "publishing rules", meaning tules that will allow external clients to reach internal servers.

I a publishing rule there is no direct dialog between the external client and the internal server ! The external client dialogs with the TMG, and the TMG act as a client to reach the internal server.

The "To" tab only concerns how TMG will reach the internal servers. In this tab you will give the DNS internal name TMG should use to reach the internal server. If the TMG server is unable to resolve internal DNS names (that might be the case in some situations) then you should type the internal IP address of the internal server TMG will have to reach.

The "Public Names" tab only concerns HTTP requests coming from the external client to the TMG.
As TMG is able to apply several different publishing rules on the same IP and Port combination there must be a way for TMG to decide which published server a request is about.
Let me explain better : let's suppose you want to publish 2 internal servers that hosts 2 different applications with only one TMG server that use only one external NIC and one public IP. You need a way to separate requests that are for the first application to redirect them to the good application server, and the same for the second application.
When the external client connects to your TMG server it uses the external public IP of your TMG, and use the same TCP port as both applications are HTTP (TCP 80). Then in the HTTP dialog the client ask for the URL, with some command like "GET http://www.app1.com/" for the first application, or "GET http://www.app2.com/" for the second application. Both names www.app1.com and www.app2.com are resolved to the same public IP that matches with your unique TMG server.
www.app1.com and www.app2.com are called "Public Names" and you can restrict a publishing rule to match ONLY for a specific public name so that requests for www.app2.com will not match the publishing rule for the first application and will not be send to the wrong server.

If the example you gave us, the publishing rule will only match if the URL requested by the client contains one of the 3 names that appear in the "Public Names" tab. Any other request will be ignored by this publishing rule, and TMG will continue to check next rule for matching.

If your case, if an external client use the public IP address in the URL instead of using one of the 3 names allowed the rule will not match because the IP address does not appear as a public name in the rule.

Have a good day.
0
 
AXISHKAuthor Commented:
tks
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now