TMG 'IP Spoofing' issues

I'm having issues with a couple of rules on my TMG 2010 server

The server is setup as Edge Firewall

LAN Nic - 10.10.10.x
DMZ Nic - 10.10.90.x

Eg rule configured


Same issue for RDP also (in separate rule)

Other Web Publishing Rules work fine
StuartTechnical Architect - CloudAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Amit KumarCommented:
Please follow below steps:

1. Open TMG Console, open the Firewall Policy and in the right pane under tasks, you have on the bottom option to edit system policy:

2. Scroll to Remote Management and in Terminal Server General tab select Enable…

3. In the from tab specify from which sources you want to allow Terminal Server:

4.Hit OK and apply configuration:

On the other hand please check this article and rule number 11 for ICMP

Allow ICMP (PING) requests from selected computers to Forefront TMG
Diagnostic Services
Remote Management Computers
Local Host
Any computer that must ping the Forefront TMG computer must be included in the Remote Management Computers computer set.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StuartTechnical Architect - CloudAuthor Commented:
Spot on again Amit, the third was SNMP can you guide me on this also please
Amit KumarCommented:
It is really very tough to allow SNMP in TMG, but still try below steps.. do remember keep SNMP rule on first priority (top of al rules)

Create an inbound protocol definition with the following specifications :
a. Protocol Type : UDP
b. Ports : 161-162
c. Direction : Receive and Send. ( Donot set it to Send and Receive as that represents Outbound Traffic)
Add ip address to the External Interface of the Firewall. This ip address should be in the range of the ip addresses allocated to the External interface of the ISA server.
Add aNon Web Server publishing Rule with the ip address of the DMZ server you want to do an SNMP walk to as the destination .
Choose the newly created SNMP protocol that you have defined in 1.
Group the SNMP Manager hosts ( or your source servers) into a Computer Set ( from Toolbox under Firewall Policy) and set the group as Source.
StuartTechnical Architect - CloudAuthor Commented:
Thanks I will let you know if it works in the morning (GMT)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.