Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

TMG 2010 Work As a Router

March 27, 2018, 3:42 am
$
0
0

A tmg 2010 is installed in my organization and also work as proxy. My router suddenly becomes out of order due to physical failure.

I am managing my users by LAN and also using static WAN IP-Pool and different static ip are being used on servers machines. So the internet was stopped due to router failure.

So I put internet cable in one NIC of tmg servers with static WAN ip and then internet is available on the server. Then on the second NIC i configure the LAN ip 192.168.0.222 (i.e gateway for my LAN clients) and put the other end of the cable in my LAN switch . Now users are getting internet without any problem.

But the problem which i began to face after router failure that i can not use other WAN static IPs on my computer. When i use LAN ip (i.e. 192.168.0.10) then internet is working on my compuer, but when i remove LAN ip and put static IP on my same computer then internet is not working.

Now i want that i can also use the other WAN static ips from IP pool because sometimes management and managers need high speed of internet

Please help me in this regard. 

A quick easy solution will be highly appreciated....



Search

Blank Page for http://www.redalyc.org/coleccionHome.oa

April 3, 2018, 3:33 pm
$
0
0

We are traying to access the following address through an ISA web proxy, but we get a blank page.

When we try to access trhoug any other connection we can see the content.

The web browser receives an empty http 1.1 200 ok message.

I triyed creating a rule enabeling all the contect, but didn´t worked.

TMG 2010 IP Address Spoofed packet

April 4, 2018, 8:15 am
$
0
0

Hi guys,

I need some help...

TMG Interfaces:
1x External 192.168.178.0/24 -> 192.168.178.253
1x Internal 192.168.1.0/24 -> 192.168.1.253

The gateway of the 178 network is a Cisco Cablerouter, which has a portforwarding 80/443 to 192.168.178.253

In the 192.168.1.0 network I have a SharePoint 2016 server with two WebApplications. Both are published (first) on HTTP weblisteners.

Portfowarding is working towards the TMG, however TMG says the following:

My route-table:

What I'm I doing wrong in this setup?

Thank you in advance!!!


Applications transference to target domain (AD)

May 4, 2018, 1:06 am
$
0
0

Please I need your help.

I am a business web developer, but my bosses have involved me in a project that is in a different scope from my experience, and I think I have to get by for not to lose my job.

What I Know about this project is that my client company has to simplify its Active Directory, because it has a lot of domains and groups, and user access tokens are very long, hindering applications access, specially in new ones based in ADFS.

Tasks of the Project are divided in two great groups:

- Design target domain and object migration processes from actual domains

- Applications transference to target domain.

I am involved in this second group of tasks. In particular this would be my tasks:

- Create a global strategy of applications/services migration, considering access coexistence

- Define applications target architecture, considering connections to third party

- Analysis and definition of changes in Framework FrontEnd / BackEnd (I think web applications based in Kerberos), and in TMG setting up

- Define needed changes and detailed migration process on 1 application that uses this framework (maybe this can be the only one thing related to my work experience)

- Create migration recommendations and back-out plan for these technologies: IIS, HIS, BizTalk, Apps SQL(T-SQL, Jobs, DTS, SSRS, ETL/SSIS), CRM (I imagine Dynamics), SharePoint,  File Server

The most prioritary task is the one shown in bold. The problem is I don´t know anything about applications transference to a migrated target domain in Active Directory.

Please, if you can give me some technical advise about these, specially in the task shown in bold, just a start guide for me to do the job, technical steps, appropiate links with appropiate information....

Sorry if this is not the best forum category, I didn´t know what to choose.

Thank you for your attention

 

 

FF TMG 2010 on Server 2012

July 6, 2012, 11:29 pm
$
0
0

Has anyone tried successfully installing Forefront TMG 2010 on Windows Server 2012?

I tried but failed, it complained about unable to add roles and features.

Valuable skills are not learned, learned skills aren't valuable.


TMG 2010 SP2 , TMG CONTROL Service Control Service not starting

May 28, 2018, 11:44 am
$
0
0

Tmg 2010 SP2 Roll up 4

After NIC change , TMG control service not starting

Microsoft Forefront TMG Control failed to start. The failure occurred during Security Watchdog notification processing because the system call ApplyAccessControlSettings failed. Use the source location 122.86.7.0.9193.601 to report the failure. The error description is: An attempt was made to reference a token that does not exist.


Any help on how to solve this issue without full re install ?

Clickjacking vulnerability OWA

July 5, 2013, 8:15 am

https response header for anticlick jacking in TMG2010 Sp2

June 26, 2016, 2:20 pm
$
0
0

Hello, 

The company I am doing some work for needs to implement a http response header "X-Frame-Options" "SAMORIGIN" on our published websites via TMG. 

Now I have researched it and found some previous questions asked here, but they all seem to point to "https://tmgblog.richardhicks.com/2009/03/27/using-the-isa-http-filter-to-modify-via-headers-and-prevent-information-disclosure/"

But when I go here and look, its not very intuitive and I am left confused on how to implement the above change. 

if someone could describe a plain english version, and how to use this function inside TMG to control the "X-Frame-Otions" header, that would be great. 

Regards,

Andy


Search

Cross Site Framing on TMG HTML Form

October 21, 2015, 1:43 am
$
0
0

During a recent Penetration test of a SharePoint site (published through TMG) the site was found to be vulnerable to Cross Site Framing.

I was able to remediate this by adding a http response header in IIS (Header: X-Frame-Options Value: SAMEORIGIN).

The problem now is the TMG logon HTML form can still be captured in a frame.

I can't see any way to add the header so I was thinking about adding some frame busting code to the HTML form but not sure where to put it.

Is there a way to stop the TMG form from being captured in a frame?

How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking

February 27, 2013, 7:41 pm
$
0
0
How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking. I have put the IIS setting X-Frame-Options:SAMEORIGIN  on my Internal CAS Server. However as the OWA page is published through Forefront TMG 2010, the iFrame tag is not blocked when the page is first opened. Only when you login with your credentials to the OWA page inside the frame and the page reaches IIS on the Internal CAS it gets blocked. I want to block it in the first instance when it is opened from TMG.

Skype traffic being routed to TMG?

May 29, 2018, 4:44 am
$
0
0

Hi, please excuse me I'm very new to all of this. Someone has left the company and my manager has asked me to look into how our Skype traffic is routed. So not sure if I should be asking this in a Skype forum or TMG forum.

Basically our external Skype meetings do not connect, internal is fine. We have two proxies Zscaler and TMG, and my manager wants to know if we can push the Skype traffic through to an alternative proxy. In Zscaler I see no traffic forwarding rule in our PAC file to suggest that it's passed to TMG. Zscaler support however have advised that the traffic probably goes straight to TMG.

Again I apologise but no one in our organisation seems too familiar with TMG and I would really appreciate any help in knowing where to look in TMG for how the Skype traffic is managed and handled please?

I've noted in TMG that we have Lync related firewall and web access policies for Skype. I'm not sure if deleting them will route the traffic to the Zscaler traffic.

Any help will be most gratefully received!!

FTMG decompression of GZIP files locally

October 12, 2012, 11:38 am
$
0
0

I am experiencing a problem with our FTMG where content that exists on the web in a GZIP format is arriving on my desktop decompressed instead of compressed.  Note that the content  still has the filename with the extention of .gz so from Windows perspective it still thinks the content is compressed.

I've verified that this is happening on multiple computers that utilze the FTMG and that this behavior is NOT happening when I use a computer that is not attached to the FTMG.

I cannot find any settings or configuration information that would allow me to turn this "feature" off.

This only happens for HTTP traffic and does not happen for FTP traffic since I can routinely download other gzip compressed files using the FTP protocol and those files arrive on my local desktop still compressed.

This is a problem since the software that I'm using - provided by an external agent - is expecting the files that it is working with to arrive fully compressed. This software crashes (as it should) when trying to decompress a file that is already decompressed.

I have verified that this is happening irrespective of the use of caching, i.e. it happens with the cache turned on and with the cache turned off.

Note that this problem started about two days ago since the software I have been using for years started crashing two days ago.

Please provide some advice on how to stop this behavior.

Sincere yours

Jerry W. Manweiler, Ph.D.

Jerry W. Manweiler, Ph.D.

TMG Service Problem needs a NIC re-enabling

June 24, 2018, 7:49 pm
$
0
0

Hi there ,

So I have this TMG with two NICS (External & Internal) . from time to time TMG would not connect any internal connection and clients see "Proxy Refused Connection" , at that moment Forefront Services are all Up and Running. Then I disable and Re-enable the Internal NIC and all things would work fine till three or four days and then it would happen again.

What should i do ?

Tnx ;)

thnx

June 30, 2018, 3:59 am

can i install Forefront Threat Management Gateway (TMG) 2010 on windows 2016 STD

July 4, 2018, 8:23 am
$
0
0
can i install 

Forefront Threat Management Gateway (TMG) 2010 on windows 2016STD server. if Yes please provide steps. i am facing issues to install this on win2016 server. 

Search

Could not establish secure channel for SSL/TLS with authority

July 10, 2018, 12:49 am
$
0
0

Hi Everyone,

An external provider is trying to submit files to an internal RHEL server via our TMG 2010 Reverse proxy.

I log a filter on the web listener IP address and can see it accepts the connect, but the external provider reports this error:

<ExceptionString>System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'fqdn.com'. ---> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.

regedt32 returns:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001

Hope someone has seen this issue, thanks in advance.


Did July 2018 updates screw TMG on 2008 r2?

July 24, 2018, 12:34 pm
$
0
0

Hi guys.

I know TMG is deprecated but we are experiencing strange behavours on TMG and I think they are related to JULY 2018 MS security/rollup updates. Anyone else experience?

Simptoms: TMG on 2008 r2 server stops responding; you can log into console and do the reboot, after the reboot it starts working ok.

Nothing userful on event viewer app/system... :/


F1? Pretty please.

bostjan - halcom d.d.

Macafee Security

August 18, 2018, 4:39 pm
$
0
0
I keep getting an message that my MacAfee has expired and that I need to renew...at a cost.  Is it not included in the MSN subscription fee?

web stats

August 20, 2018, 4:07 am
$
0
0

hi every body

i have tmg on server 2008 for proxy. i enabled web stats that users see remaining volume.

but when users types web.stats/ this massage shows:

"

No data available to display, probably because you don't have any traffic quotas.

"

can anyone help me?

note: user have traffic

Best Practices to Streamline Patching Management

August 25, 2018, 12:42 am
$
0
0

Hi, Guys.

Do you have documentation regarding best practices to streamline patching management?

Thank you.

Viewing all 3822 articles
Browse latest View live
Search