Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

TMG - OWA customization based on per tenant organization.

September 24, 2011, 7:50 am
$
0
0

Dear friends...

i need ideas if this is possible .. how to customize owa login screen from TMG based on each client request. if i am not wrong .. this can be done via IIS by creating different web sites and binding them with individual names.. dont know never tried .. just giving a thought. let me know if i am wrong. or any one has done this ever please share if this can be done.

Setup is Hosted Exchange 2010 published on TMG 2010.

2 (CAS/HUB/MBX)

Thanks for the time and help

Thanks Happiness Always Jatin
Search

How to break ISA firewall rules

November 15, 2013, 7:00 am
$
0
0

i want to know that, how to bypassing the firewall rules on client pc. Is there any software or another way to do this, because i am working with ISA server environment, my client are accessing only my corporate site. but i can't control internet usage in my network.

i have doubt on my users. So please share, is there any option to bypassing the firewall rules on client system.

Microsoft Outlook cause an error

November 15, 2013, 9:42 pm
$
0
0

Good day,

           I am using TMG 2010 with latest updates and rollups. I created a role for pop3, POP3S, SMTP, and SMTP3S from internal to external to all users. The policy was working fine but after few months I received the following errors,

Denied Connection SQ-TMG-2K8 11/16/2013 8:37:51 AM

Log type: Firewall service

Status: The policy rules do not allow the user request. 

Source: Internal (192.168.160.49:137)

Destination: Local Host (192.168.160.255:137)

Protocol: NetBios Name Service

 Additional information

Number of bytes sent: 0 Number of bytes received: 0

Processing time: 0ms Original Client IP: 192.168.160.49

Denied Connection SQ-TMG-2K8 11/16/2013 8:37:53 AM

Log type: Firewall service

Status: The policy rules do not allow the user request. 

Source: Internal (192.168.160.49:137)

Destination: Local Host (192.168.160.255:137)

Protocol: NetBios Name Service

 Additional information

Number of bytes sent: 0 Number of bytes received: 0

Processing time: 0ms Original Client IP: 192.168.160.49

Regards,

TMG stops passing traffic after windows update

November 13, 2013, 3:55 am
$
0
0

Hello,

Have a TMGSP2RU3 running on 2008R2SP1 in a VM with dynamic memory on a Hyper-V 2008R2 server and no VMQ's.
After installing these updates TMG stops passing traffic after an unspecific amount of time, typically an hour or two.

Uninstalling these updates brings everything back to normal. This installation has worked flawlessly for years.

Any suggestion what update is causing this? Any recommended action?

This is a production environment and I have had no time to investigate yet.

Regards,

Henning


TMG reporter

November 18, 2013, 3:43 am
$
0
0

When I create report, I see the following information.

09:07:47
  09:27:16   
00:00:00
     myvideo.az
      757 MB

User was in internet 20 minutes and watched the video 750 Mb. But  As you see the browsing time is 00:00:00. Can you explane this?

Thank you in advance


Internet Design Help

November 18, 2013, 4:50 am
$
0
0

Hello

 

I want the achieve the following setup

 

ASA in between the router and everything else. Terminate VPN connections here.

TMG ( Microsoft Threat Management Gateway) Proxy server behind the ASA with one NIC in the outside network and one NIC to your inside network.  The 3560 goes behind the TMG server.

Use the ASA to control inbound traffic and NATing to the allowed internal servers.  TMG server to control outbound Internet access,

I want to use TMG as transparent proxy and if the TMG goes down the outbount internet traffic will be routed to Cisco ASA

 

How do I achieve the line mentioned in bold ?

 

I would highly appreciate your help.

 

 

Thanks in advance

Isa 2006

November 18, 2013, 8:48 am
$
0
0

I need to updatea domain withISA2006 member server,todomain controllerwindows2008 R2 orWindows2012.
ISAis supportedas a memberof a domain"only" windows2008R2/ windows2012?
What are the domain functional levelsare supported ?

Thanks a lot,

Mauro

Unable to block https://Youtube

November 18, 2013, 11:28 pm
$
0
0

Hi All, 

   I want to block YouTube in my environment irrespective of the protocol it uses . I created a Access rule to block few websites , details provided below

Action : Deny

Protocols : Http,Https,Https server,Http Proxy and all streaming media protocols

From : Internal

To : Blocked Websites (Domain name set) 

Rule applies to : All users

   While creating Domain name set (Blocked Websites) I use a wildcard before the domain Eg.*.youtube.com . Now all the specified sites are getting blocked . But ppl are still able to open Youtube alone as a secured site (Https://youtube.com) . Tried with different combinations like youtube.com , Youtube.com/*, *.youtube.com . Still issue remains the same 

Created a new URL Set (*.youtube.com:443) attached this URL set to existing rule , still issue persist . Any help will be very much appreciated .

Search

OWA methed in EDRISI software

November 19, 2013, 7:29 am
$
0
0
How I can use Image calculator for OWA?

TMG and UDP ports

November 19, 2013, 12:47 pm
$
0
0

Hi guys,

we are working with our SIP providers to set up VOIP through the TMG server. The requirements are to allow UDP ports 10k-60k from the SIP IP address to our internal VOIP server (trixbox). 

intially they had asked not to Limit 10k-60k instead allow all UDP ports be forwarded to the internal VOIP server. so i created the rule and put in the UDP port rangeof 0-65535, send receive.

Enabled the Rule, and as soon as the tmg server updated the configs, wspsrv.exe started consuming all memory.

Internet access died and had to reboot the server manually so that i could disable the Rule.

Next the SIP provider asked us to enable 10k-60k and not maximum UDP range. which i did, also provided 24GB memory to the server and see what happens. memory consumption increased from 15% to 22% and stopped there. Server seemed to be stable, but again internet access started to fail for users. Issues came up such as DNS error, connections randomly dropped.

we have again disabled the rule, and now building another machine so that i can test the same configs on another server and not affect production server.

any one has similar issues? any suggestions/solutions?

I see the issue 1 above where opening all UDP ports has been highlighted here.

http://social.technet.microsoft.com/Forums/forefront/en-US/79742f33-eca2-4507-95da-617fd9a5fcc2/wspsrvexe-taking-all-memory-and-crashes?forum=FTMGNext

VPN SITE TO SITE with traffic in one direction

November 19, 2013, 11:31 pm
$
0
0

Hello,

I have an issue with a configuration of site to site vpn using TMG in both sides, with protocol L2TP with certificate authentication. Here is the topology:


The problem is the following:

  • The ping from TMG2 to SERVER1 works fine, while ping from SERVER2 to SERVER1 does not pass.
  • In the other side, ping from TMG1 to SERVER2 is not working at all....

I even checked the routing tables of both tmg servers:

  • TMG1, does contain a route to the remote site of SERVER2, sent to the PPP SITE 2 interface
  • TMG2, does contain a route to the remote site of SERVER2, sent to the PPP SITE 1 interface

For the network rules and firewall rules, nothing has been changed, and both tmg servers have the same config (the same logic, ie)

What could be the problem please? and how can i troubleshoot this?

Regards, and thanks in advance!

Lotfi BOUCHERIT

TMG 2010 network adapter losing connectivity after application of MS updates for October 2013

November 19, 2013, 5:08 pm
$
0
0

Shortly after we applied the Microsoft October 2013 updates to our TMG 2010 SP2 server we started experiencing loss of connectivity on our Internet facing adapter (could not longer ping the gateway etc).  A reboot would resolve the issue.  The problem kept recurring so we removed a couple of the networking related updates for October (http://support.microsoft.com/kb/2888049 ) and (http://support.microsoft.com/kb/2882822 ) as a test.  After these were removed the problem stopped.

We inadvertently reapplied these two updates during the November 2013 update cycle and the problem happened again. We removed the updates and everything is back to normal.

Just wondering if anyone else has applied these two updates to their TMG 2010 SP2 server and experienced any unusual issues?

Thanks

VPN Connection pass through to another server PPTP

November 4, 2013, 3:22 am
$
0
0
Hi Guys,
Here’s a question that will get you thinking! I have the following situation: I have two Academies that need to be connected using a VPN. Academy 1 has a TMG Server which NATS from the SWGFL IP Range to our internal range which is much bigger than the SWGFL Provided range. Academy 2, has a RRAS Server and has a small number of computers with a DNS and DHCP Server.
I need these two Academy to connect to each other. We have decided to use RRAS to join Academy 2 to Academy 1 using PPTP. I have configured the TMG Server at Academy 1 to allow PPTP Through to the RRAS Server (172.16.0.26) and configured a On Demand interface. When I try to connect from Academy 2 I get the following error (see screen capture).

VPN Connection Issue-networkconnectionerror.jpg

Does anyone have any idea as to what is going wrong or how I can setup the RRAS server on the Legacy (SWGFL) network and connect to our internal network.
Academy 1 setup
TMG Server 10.3.128.69 (SWGFL Netowrk)
10.3.128.2 NAT to 172.16.0.26 (PPTP)
Internal Network
IP Range Start: 172.16.0.1
IP Range End: 172.16.65.254
Academy 2
RRAS Server: 172.16.100.1 (Default Gateway)
DHCP Server: 172.16.100.8
Network Range: 172.16.100.1 – 172.16.101.254
Hope this makes sense to you I can provide more details if required to assist with this issue.
Kind Regards

TPark IT Technician

some example about file extensions which are considered Ambiguous by TMG HTTPfiltering ?

November 20, 2013, 3:57 am
$
0
0

hi friends

in TMG http  filtering, there is an option as "Block Requests Containing Ambiguous Extensions ".

can someone give me some example about files which TMG considers them as Ambiguous ?

if we compress a picture with winrar & make it as .rar file with password or without password, does TMG considers it as Ambiguous ?

thanks a lot 

in TMG HTTP filtering a question about Maximum Query Length

November 20, 2013, 4:14 am
$
0
0

hi friends

in TMG HTP filtering, there is an option called : Maximum Query Length (Bytes)

in documents we read: " this option allows you to control the maximum acceptable query length in url. here query is referred to the portion of the URL that follows the question mark (?)."

i am not familiar with web programming. what is this question mark  in URL ?

where in the URL it is added ? is there any standard for example this question mark (?) is added after specific character in URL?

does browser itself performs this adition ? (adding question mark ?)

where can i read about this things ?

thanks a lot


Search

Does POST method is use when searching in search engines?

November 20, 2013, 4:21 am
$
0
0

hi friends

i have a question about post method because in TMG HTP filtering we can block HTTP POST method.

Does in the following situations,HTTP POST method is used by client Applications?

1) searching in search engines

2) When search something in the search section of a website.

so is it true to say if we want to prevent users from searching in search engines, we can block POST method.?

thanks in advance

Traffic being "blocked" from htts:\\login.live.com

November 19, 2013, 2:59 pm
$
0
0

We are running into a problem.  We are currently blocked from https:\\login.live.com. When the system restarts, we can connect and stay connected in the morning... then by afternoon/evening when our traffic increases... it shuts down (gets blocked).... but not all https, just going to this site. If we restart in the afternoon, it gets blocked right away. 

When it's blocked we can still bring up the page http:\\login.live.com, but when loging in... it jumps over to HTTPS and gets blocked.

  • The logging cache is not full.
  • Running the Traffic Simulator.... it shows Unrestricted internet access. 
  • It does not show (that I can find) Blocked Web policy violations

Is it going into lockdown mode? How do I determine that this is it? and how to tell what is causing it?

Or any clues to diagnose or fix?

Any help would be greatly appreciated.

Promoting a standalone installation to EMS (EMS Setup )

November 14, 2013, 1:43 pm
$
0
0

here is my existing setup for TMG .

Server 1Server 2Server 3
Specs :ISP-A, ISP-B, Internal LAN(Two LAN Cards total) ISP-A,Internal LAN  (Two LAN Cards total)ISP-B, Internal LAN (Two LAN Cardstotal)
TMG Installation :Standalone arrayStandalone arrayFresh Windows
Roles:Access Rules, Web Publishing , Server Publishing, Inbound Client VPN, Site to Site VPNs(4 sites)web publishing 

I want to have an EMS server with two members (or best solution for internal (outgoing internet), External Traffic (ISP) load balancing, and also all publishing load balancing  

Here is my plan or please suggest the best plan for this

Promote Server 1 to EMS (is it possible?)

Join Server 3 to EMS

Enable internet and external load balance with fault tolerance

Move services from server 2 to newly created EMS setup

Redo Server 2 and join into EMS  

Distribute publishing between all servers

Is it good and what roles on each server should I have ?

how to prevent windows to respond to enumerations tools

November 20, 2013, 9:31 pm
$
0
0

hi friends

i have a public web server which is windows 2008 R2. i don't have any network firewall (TMG,....).

in some websites or Applications , when i check my web server ip address, they scan(enumerate) it & they show information about my windows, for example they detect that my OS is win2008R2 & other information. (although i have configured my windows firewall with maximum strictness).

this is a security concern for me.

how can i configure my windows so that it doesn't respond to these scans & enumerations?

thanks a lot.

TMG 2010 L2TP & Reverse DNS...

November 20, 2013, 2:38 pm
$
0
0

Hi folks!

I'm setting up a L2TP VPN on TMG 2010 for external clients. I'm having a problem connecting and I suspect it's due to reverse DNS entries for the WAN links on TMG not being correct (not the same as on the TMG certificate).

If my assumption is correct is it possible to work around this check when connecting?

ie. Two WAN links on TMG 2010;

with a machine certificate for edge.cocacola.com when the reverse DNS is actually edge.pepsicola.com

Q: Marking a question as answered when it's not - is this something new? A: Not at all, it's standard Nick Gu!

Viewing all 3822 articles
Browse latest View live
Search