Hi.
I have some questions.
My questions are in the pictures.
plz download file and help me.
http://uploadtak.com/images/n887_TMG.zip
Hi.
I have some questions.
My questions are in the pictures.
plz download file and help me.
http://uploadtak.com/images/n887_TMG.zip
Hello Everyone,
I've a problem routing Internal and Perimeter traffic to Subnets through a router.
Our network Layout:
What I want to achieve:
- Use TMG as the default gateway for the Internal and Perimeter network.
- Route Internal, subnets and Perimeter.
- Accomplish this without using a static route in the clients machines.
What I've done so far:
- Added a third NIC and Network for Perimeter.
- Added a Route rule between Perimeter and Internal.
- Added an Access Rule to allow traffic between Perimeter and Internal.
- Added a Range address in the Internal network (172.16.0.0 ~ 172.16.255.255).
- Added a static route using the OS or/and TMG console (172.16.0.0 255.255.0.0 172.16.71.8).
TMG settings:
- IPv6 is disabled in all NIC's.
- Adapters binding orders is (Internal, Perimeter, External)
- Only one gateway is set, and it's in the External NIC.
- Only one DNS server is set, and it's in the Internal NIC.
What is working:
- TMG to ALL.
- Internal to subnets (ONLY ping works)
- Perimeter to Internal (172.16.71.0)
What is NOT working:
- Perimeter to subnets.
- Internal to subnets (other than PING)
what I don't understand is that I have another TMG (built for tests) machine
with the same settings (without TMG SP 1 & 2) that can route to
subnets.
Thanks for your help.
Hi,
My scenario as below:
I have iPad connected to VPN configured on external NIC of TMG and running some application. On Internal NIC inside our LAN I have some web server.
I created new Outbound TCP protocol on port 1111 (My1111) and configured allow rule on TMG to allow traffic from VPN to Internal. iPAD application connected to web server on port 1111 with protocol My1111, user authenticated on server IIS and everything is OK.
But when I am trying to switch both iPAD and server binding to port 80, the application can connect only once. Next tries are failed.
I tried to find solution with TMG logs. There is no dropped packets. The only problem is protocol changed from My80, that I created, to http. This is only difference from traffic through port 1111.
Looking like a problem with caching on TMG. I already disabled all caching, but it wasn't help.
Is any way to prevent it TMG to recognize the traffic through port 80 as http?
Any help is appreciated.
hi
pls help me step by step
how to slove it????? pls help me step tp step
Hi,
When I configure NLB on my network adapters using TMG, I found a information dialog in the wizard, which states NLB should NOT be applied to the external network if the array is not directly connected external network. what does it mean? thx!
Best Regards,
zancan
Hi!
Unable to connect to ISA 2006 (build 5.0.5723.526) using Remote Desktop after installingKB2799494.
Uninstalling update solves this problem.
Are the anyone have a similar probled and it is decided?
I am looking to implement IPSEC according to white paper "securing remote Access to Exchange Server using IPsec". Now it is not really stated into the document, but does the TMG need to be domain joined? I think it is, but at is not stated into the document.
reference: http://www.microsoft.com/en-us/download/details.aspx?id=23708
Answers provided are coming from personal experience, and come with no warranty of success. I as everybody else do make mistakes.
Hi Folks
In TMG 2010 I'm noticing that Forefront TMG Packet Filter is bound to all NIC's in the server.
Is there any way to selectively choose which NIC's it's bound to?
Thanks in advance!
Q: Marking a question as answered when it's not - is this something new? A: Not at all, it's standard Nick Gu!
Hi Guys,
Anyone can resolved or any idea with ISA 2006 Dashboard System Performance Monitoring Not Working..
Is there any update patch which needs to update ISA Server 2006?
Installed Service Pack 1, all firewall policy are working, implemented a Web Filtering and Web Caching ISA Server 2006 with single NIC only...
Suggestions, Recommendation it would be a great help...Thanks,
Hello, I have TMG Array(NLB) with 4 servers, I try configure ISP Redundancy(load balancing): add second network adapter for my vitrual servers, configure using article
http://www.isaserver.org/tutorials/Exploring-ISP-Redundancy-Forefront-Threat-Management-Gateway-TMG-2010.html but my balance is not an array or a general or throwing packets at random. Perhaps the problem in the routing table windose. On all servers
in the table are two routes
0.0.0.0 0.0.0.0 IP_ISP1 metric 2
0.0.0.0 0.0.0.0 IP_ISP2 metric 3
Help please, why does not work balancing?
Hi
I use MS Forefront 2010 as a proxy. I do config wpad.dat with DHCP & DNS. My client windows XP work well with IE or Firefox. However, client with windows 7 didn't work on IE/Chrome. But for Firefox it working fine.
All client with windows 7 will result this. When I choose Auto discovery setting. For client that unjoin with network It can gethttp://proxy/wpad.dat . However,for client join with network, it can't gethttp://proxy/wpad.dat . It has this error message below
Network Access Message: The page cannot be displayed
Both of them can't access internet. Until I check it to use manual proxy.
I do nslookup on both windows 7 client, it resolve right on wpad. Its point to forefront TMG.
As my understand Firefox working fine because its use DNS to resolve WPAD, but for IE 8 / chrome. They both use windows setting for proxy. So, when I check auto discovery setting, they can't find wpad.dat. That why both can't access internet. I don't know the reason why.
Could someone will suggest anything, thank you for your help.
I have a quick question that I cant seem to find any documentation. How long does it take for the PPTP authentication to switch from one DC on the same domain to another and is there a way to force or manually change it.
Anyone able to point me in the right direction?
Thanks.
We have a host file configured on our workstations to point to our website using our external IP instead of the internal IP.
Some of the workstations are working correctly and some are not. I can't determine if this is a forefront issue or not.
This problem started happening after some power outages. I have rebooted both problem workstations and forefront servers and it doesn't appear to make a difference.
In forefront I can see the connection made but for the ones that are not work I am seeing a 408 timeout, it is consistent from the problem workstations.
I don't believe it is a problem with the website itself because it is working for some workstations and from the outside no problem.
The host file is exactly the same for both working and problem machines. Any ideas?
I have 2 TMG servers on a DMZ AD domain, 2 Exchange 2010 CAS servers in the production AD domain and a RSA server v7.1 in the production domain. The domains arecompletely separate. I followed the documentation on setting up RSA with TMG. The TMG servers are configured with 1 NIC. All the servers are on the latest service packs and rollups.
TMG is set with form based authentication and Exchange CAS servers has basic authentication. When I enter a the user's name in the user name field under remote access credential in username format (no domain), RSA authentication works and AD authentication fails. If I enter the user's name in domain\username format then RSA authentication will fail and AD authentication will work. If I enter the user name (no domain) and then check use a different user name under internal network credentials and enter the user's name in the domain\username format then I am able to successfully authenticate.
We would like for the user to just enter the username (no domain), RSA passcode and AD password.
I have read adding the TMG servers to the production domain would fix this issue but I am trying to avoid that.
Any help would be appreciated. Thanks.
Purchase of forefront gate2010 within the last 90 days
I have had no luck on getting information on the malware inspection subscription which is about to run out on it eval time.
Any suggestions out there on how to resolve,
the product is licensed from the key but not the malware inspection?
The best the technet came up with did not answer how to get the malware inspection license ?
Dear All
I have 2 TMG Server TMG05 and TMG06, I install enterprise edition, and Configure it TMG05 is master of array and reporting Service, TMG06 is member of array. Both on it is configure NLB too
I already configure daily report, and user sql reporting service, that build in on install forefront. So it working 6 month past. But on last week it not working. For all scheduled report is not Gen ( daily and weekly ) and I try to create one time report too. It not generate too. so I got error is
Error: 0xc0040432
The report testdaily could not be generated. Report Sever error information: The operation has time out.
The error occurred on object “Reports’ of class ‘Reports Configuration’ in the scope of array ‘TMG06’
Please help me to explain is error and tell me how to fix it