My network connectivity is
Firewall Client / Web Proxy Client(10.0.0.10) - ISA server 2006 (10.0.0.25) - Cisco Router - Internet
I configure two policies
1. Ping from internal to local host - its working fine.
2. Ping from internal to external( internet) - this is not working.
Now ISA server can ping to internet and firewall client can ping to isa server, but firewall client cannot ping to internet
Regards,
Syed
I'd like to configure ISA2006 Server to LOG onto remote Azure SQL database
and I fail
testing connection works but only after I included login for that purpose into Master as user
configured logging can't connect the server (database) and service will stop
My own diagnostic tells me that ISA Logging connects 1st to master and then change database with USE - this is not supported in Azure
Is my diagnostic right and is that true "ISA2006 couldn't LOG to Azure SQL"
or is there misconfig I didn't noticed to do
and to prevent unnessessary attempt - will I succeed when I replace my ISA with TMG
with bests
Henn Sarv (SQL MVP)
Henn Sarv
Hi
I wonder is there eny posibility to automatic install client from SCCM to TMG machine?
I have this environment
SCCM 2012 on virtual server ( remote SQL ), on another machine TMG
When i filter log on TMG I see that RPC (all interfaces) and Microsoft CIFS (TCP) are block.
When I allow them in TMG ( from SCCM to TMG ) all go well and on last log it give me this:
| Closed Connection | |
|---|---|
| Log type: FirewallService | |
| Status: Unspecified error | |
| Rule: SCCM | |
| Source: Internal (192.168.2.252:53701) | |
| Destination: Local Host (192.168.2.1:445) | |
| Protocol: Microsoft CIFS (TCP) | |
any ideas?
Greetings,
I've seen a couple of other people asking about Server 2012 support, and there doesn't seem to have been any clear answers.
Regards,
Scott.
Hi,
I am trying to publish a mobile application (Nelix) that uses TCP port 8282.
I have made a user-defined protocol TCP Inbound port 8282 to 8282.
I have made a server publishing rule that uses this protocol and is poiting to the server running the application.
When trying to connect, I can see in the TMG logs, that the 'Default Rule' is blocking TCP 8282 as 'Unidentified TCP Traffic'. Why is that?
The TMG is only used for publishing (works just fine with websites, OWA, CRM etc.) so it is not used as gateway or proxy on servers or clients.
Thanks in advance!
/Michael
new to tmg.. just installed tmg 2010 in a member server
1. my objection is to block certain sites like facebook on certain time on different users. how can i go about this requirement.
2. after installing tmg (default settings), my owa was not working - it was blocked? help
Hiya,
For some reason eBay's ISAPI filter is being categorized as Phishing, so My eBay (my.ebay.co.uk) is being blocked.
http://my.ebay.co.uk/ws/eBayISAPI.dll = Phishing
http://my.ebay.co.uk/ws/ = Shopping
we are evaluating aerohive access points. we plug them in, they get an ip address, but they cannot seem to make a connection to the cloud based controller throught the tmg2010. if i ssh to the access point, i can easily ping (by name or ip) the cloud controller - so we have connectivity.
the config guidelines say it will try http and then try udp (12222) to make the connection. when i look at the tmg monitoring i see that:
1. when using http it has an allowed connection entry followed by a closed connection entry
2. when using UDP it says 'unidentified ip traffic (UPD:12222)
my basic access rules (that allow anyone access to anything over any protocol) should allow it to work. failing that, i have created some url and network address groupings and created a rule to allow all users and protocols access to those addresses. nothing has worked thus far.
suggestions?
thanks
Hi all
I use TMG 2010 sp2, i created a rule access name is ""allow all"
Protocol: all outbound traffic
From: Localhost, Internal
To: External, Internal
Condition: All Users
and Default rule Deny all
Result:
Success: My client can access internet via http, https, check mail via pop3 (port 110), smtp (port 25), access DNS server
Unsuccess: TMG machine can ping to clients, but clients can't ping to TMG
Clients can't remote to TMG, external network but internal network is OK
TMG can't remote external network, sometime TMG can remote to internal network.
Have anyone else seen this kind of behavior? Thank you for you answers.
Mrk chuoicanai.
Current Setup (Not a production environment - Lab setup for EXO Hybrid Configuration):
1 public ip
dmz set to NIC 2 on TMG
NIC 1 : 192.168.1.103 (Through DHCP server)
NIC 2: 192.168.1.105 (Manual Assignment)
Gateway: 192.168.1.1
Intended setup:
Requests for https://mail.domain.com from the internet -> TMG -> Internal 2007 CAS IP
Requests for https://hybrid.domain.com from the internet -> TMG -> Internal 2010 CAS IP 192.168.1.103 (TMG is installed on 2010 CAS)
Requests for https://fs.domain.com from the internet -> TMG -> Internal FS IP
Is this even possible to achieve through TMG 2010?
Thanks!
I have a problem that is causing much impact on the company. I have a server with TMG 2010 (SP2) + Windows Server 2008 R2.
I enabled the feature in TMG VPN client.
The VPN (RRAS specifically) is very unstable, failing to accept any new VPN client connection 5 to 10 times a week.
When this occurs, people already connected continue working normally, but those who try to make a new connection fail, the event is 20209.
Some situations I noticed when the problem occurs:
* The RRAS is "unmanageable", if I try to disconnect a user right-clicking on it and chosing disconnect , nothing happens, the user remains connected.
* If I try to restart the RRAS service it hangs on "stopping".
* The only way I can make everything work again is by restarting the server, then, all users can connect to the VPN again for another few hours or days.
Thanks to all who can help.
MCP/MCSA/MCSE/MCTS & ITIL HBSIS - Soluções em TI
We have block all YouTube but recently we need to allow a specific YouTube video for training.
1) tried to create a new access rule with the specific YouTube url above the default deny YouTube, but didn't work.
2) tried to add the specific YouTube url into the exception of the default deny rule, didn't work either.
I have searched the solution by Google for a while but got TMG2010 can't allow only certain YouTube. It means block or unblock the whole YouTube.
Can TMG2010 actually allow a specific YouTube?
Thanks for your help.
Hi,
maybe some one can answer this question,
I have a server 2008 R2 in a domain that has with 2 NICs, NIC1: 10.0.10.15 (is atteched to an internal Switch) NIC2 62.XX.XX.186 (Atteched to ISP Excternal Switch At data center). I configure Hyper-V on this server with 4 VM servers. each of these VM servers also Has 2 NICs with the same IP range of the host i.e. Server1 has 2 NICs NIC1: 10.0.10.20 and NIC2 62.XX.XX.162. NIC1 of all the Virtual servers and Host server has no Default address. at this time custmoers access these VMs servers with thier exteran IP address i.e. to access server1 they use 62.XX.XX.162. all of the VMs also use the First NIC 10.0.10.0 only to access each others.
Now this what I want to do,
I did install TMG 2010 SP2 on a different Physical Server that has 2 NICs and I want to use this TMG to protect the VM servers, but becuse this network is an production network I have to put each VM servers one by one behind this TMG so this is my plan,
I going to add this new TMG server to domain then give the NIC one 10.0.10.1 and the NIC2 62.XX.XX.180 then I am going to connect the NIC 10.0.10.1 to the same internal swtich as the host server of VM servers and connect the NIC2 62.XX.XX.180 to the same externa switch as the external NIC of the Host of virtual VMs. but what I want to know is when we connect this TMG to the network would it still the Host of VMs (and eventually the VMs) could Access the internet? personaly I think is so becuse NIC1 of the VM servers has no default gateway so they will not use the TMG is thier gate way until I use the 10.0.10.1 of the TMG for thier default gateway.
also I think the customer can still access there VM servers from internet becuse they using the NIC2 of each VM (62.XX.XX.XX) to access them.
Then I put each of the Vm servers one by one behind this TMG by giving the 10.0.10.1 for thier default gateway and then disable thier NIC2 and use its IP i.e. 62.XX.XX.162 as second IP for the TMG external NIC and then create the necessery rules to allow Application and customers froom outside access them.
Would it this work?
Thanks
Shahin
Now that TMG will be discontinued, what should we be using to publish OWA ?<o:p></o:p>
Will Windows server 2012 remote access provide this functionality?<o:p></o:p>
We have Forefront TMG 2010. I need to block facebook and pintrest. Looking for the recommended best practice to do this.
Is it best to create a URL set? If so what are the correct steps?
Hi all
My environment is Forefront TMG 2010+ SharePoint 2010.
In this document:http://technet.microsoft.com/en-us/library/cc441474.aspx
HTTPS to HTTPS bridging:
| This scenario requires a server certificate on the Forefront TMG computer in order to authenticate it to the external client and requires a server certificate on the backend Web server in order to authenticate it to the Forefront TMG computer. |
These two certificate should be same, or not?
when i select as following pic, I can not see my certificate file. but i have imported it to this path: Certificates(locate computer)-> Personal->Certificates. and in the HTTPS Listener's properties can see it.
Anybody have idea about this?
Hi Support,
I have been using VPN over TMG for a while now and its been working fine.
I've however noticed that after using it for like 3 weeks it starts going off, that is i have to keep on restarting the services(TMG Controller) for it to resume. Its the second time am doing a fresh installation of TMG thinking it will resolve the behavior.
The other thing now is; guys are able to connect but they cant reach any server of which after checking i noticed they get the ip but they DONT get the default gateway. what could be the issue?
I appreciate the support.
Meshack
Hi,
I try to replace an old proxy (allegroserv) server with an already installed TMG 2012 (latest update installed). We use a white list on the older proxy and allow only access to well-known sites.
1. I created an URL Set and added all our URLs to it.
2. I created a new "Web Access Policy": Allow everyone from internal to the created "URL set".
3. I change my proxy setting pointing to the TMG on the test PC.
We only use the Web Proxy, all other functions are disabled in TPG Web Access Policy.
Most websites could be opened as expected. When I
tried to open a "forbidden" website
"bing.com" was displayed (default browser search option on the test PC)
We don't have any (visual) entry that points to "bing.com" website in the URL set list and I found more and more websites that I could open (no one was white listed)
After further investigation I found a white listed website, which will be redirected to "akamai.com". For proper function "*.akamai.com" must be on the white list. Removing this site and "bing" is no more accessible, put it on the list and "bing" is back.
As I know "akamai" hosts a lot of websites and it looks like all of them are accessible if akamai is on the white list. I have found the reason why I can open "bing" but I don't know how to fix this. Open *.akamai.com gives access to many unknown website. Reducing the access to "a248.e.akamai.com" may block the access to "bing". But this server name may change and I don't know how many other websites are still accessible. In the mean time I found there must be more sites like akamai!
1. Did I something wrong?
2. Why is TMG give access to this sites (not on the whitelist) (Allegrosurf had no problem with that)?
3. Has anyone experience with white listing and may give some advice?
4. If TMG fails any other products for a proxy server?
thanks for any help
Note: