Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

unable to ping VIP NLB tmg 2010

April 22, 2013, 8:25 pm
$
0
0

Hi, below is my environment:

  • 2 virtualized TMG 2010 Server on VMWARE
  • Configure Network Load Balance Integration with Multicast Mode
  • Both TMG 2010 Server has 2 network cards (DMZ and Server Farm)
  • Users are able to ping both TMG 2010 IP
  • Users unable to Ping VIP for TMG 2010
  • Users can surf internet if proxy is either TMG 2010 IP
  • Users cannot surf internet if proxy is on VIP
  • TMG 2010 connects to Cisco switch 3750
  • Already configured static ARP on switch

Based on the situation above, I am still unable to ping or let users to proxy to VIP. The NLB for TMG 2010 is working but its like useless. can anyone please help?


Search

Failed to pass SNMP traffic from TMG

April 28, 2013, 8:27 pm
$
0
0

Hi,

We have deployed TMG 2010 in our client environment for publishing their inhouse sharepoint site on Internet. now, client wants to monitor the TMG services through SNMP. 

The SNMP server is in the MZ (secure) zone and the TMG server is in DMZ (non-secure). TMG is deployed in a single network adapter topology. The single network adapter on the TMG server is named as INTERNAL

For allowing the SNMP traffic, we have created a web access policy to allow the protocols SNMP and SNMP Trap from INTERNAL to LOCALHOST and vice-versa.

When we tried to connect the TMG server from the SNMP server, the connection is initiated at the TMG server and then the connection is disconnected from the SNMP tool with the status FILTERED.

Below are the traffic logs generated at TMG server when the connection is initiated:

There is no ALLOWED or DENIED traffic logs at TMG but still we are unable to flow the SNMP traffic through TMG server.

Can somebody please help me to configure the TMG to allow the SNMP traffic, so that we can monitor the TMG services through the SNMP tool.

Thanks,

Sanjog

Network inspection system on forefront 2010 not show

May 2, 2013, 2:33 am
$
0
0

2/5/2556 15:22:21 INFO    Going to search Microsoft Update via proxy: localhost:8080
2/5/2556 15:22:21 INFO    Network Inspection System updates will be searched...
2/5/2556 15:22:21 INFO    Network Inspection System updates will be re-installed as requested.
2/5/2556 15:22:21 INFO    Proxy: localhost:8080
2/5/2556 15:22:21 INFO    Searching for updates, source = Microsoft Update Direct, criteria=(IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains 'ae4483f4-f3ce-4956-ae80-93c18d8886a6' and CategoryIDs contains 'e0789628-ce08-4437-be74-2495b842f43b'), attempt=1
2/5/2556 15:22:28 INFO    Search completed with 0 warnings
2/5/2556 15:22:28 INFO    Search completed successfuly
2/5/2556 15:22:28 INFO    Found update: Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 4.32)
2/5/2556 15:22:28 INFO    Found update: Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 17.36.0.0)
2/5/2556 15:22:28 INFO    Found 2 Network Inspection System updates
2/5/2556 15:22:28 INFO    Downloading Network Inspection System updates...
2/5/2556 15:22:28 INFO    Download progress 100
2/5/2556 15:22:28 INFO    Download progress 100
2/5/2556 15:22:28 INFO    Download succeeded with no error
2/5/2556 15:22:28 INFO    Installing Network Inspection System updates...
2/5/2556 15:22:28 INFO    Installation progress 0
2/5/2556 15:22:28 INFO    Installation progress 0
2/5/2556 15:22:31 INFO    Installation progress 50
2/5/2556 15:22:31 INFO    Installation progress 50
2/5/2556 15:22:31 INFO    Installation progress 50
2/5/2556 15:22:43 INFO    Installation progress 100
2/5/2556 15:22:43 INFO    Installation progress 100
2/5/2556 15:22:43 ERROR   Installation succeeded with error, hr = 0x  240003
2/5/2556 15:22:43 INFO    Process installed update, index=0
2/5/2556 15:22:43 ERROR   Failed to install Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 4.32) update, hr = 0x80070643
2/5/2556 15:22:43 INFO    Process installed update, index=1
2/5/2556 15:22:43 INFO    Successfuly installed Definition Update for Microsoft Forefront Threat Management Gateway (Network Inspection System 17.36.0.0) update
-----------------------------------------------------------

help me please  

how to fix it?

Regarding smtp relay service

May 1, 2013, 1:03 pm
$
0
0

Hi,

we have forefront deployed in college as firewall, and we using google apps Gmail as email client for all staff, works perfectly fine in both browser, outlook office.

the finance department ,using payment system application require email setup both email name and password, but the problem it's : when I try to establish connection for email, it's failed stating wrong in the connection or check your internet. the company who provided the application software, said only what you need it's smtp relay service to be enabled. I am 100% sure that smtp.gmail.com it's working fine.

But when I try to telnet to smtp.gmail.com 465 within the college domain it's NOT working, I am just wondering if anyone can help me or provide me assist to resolve the problem.

TMG 2010 detected SYN attack and all Clent in Internal network can not access to Internet

May 2, 2013, 4:09 am
$
0
0

Dear All

My system using TMG 2010 happen error " Forefront TMG detected a possible SYN attack and will protect the network accordingly" and all PC clent can not access to Internet.

There are some legal reasons for a clients which creates more connections at a timeto my customer fortheir work

Please help me how fix this problem.

TMG Malware Inspection License‎ Expired 30. April 2013

April 10, 2013, 2:46 am
$
0
0


OK guys, excuse me if i have wrong information, but I heard that Microsoft give no more support and new security updates for Malware Inspection. 
Our License‎ will expired 30.  April 2013.  Can somebody give me more information about TMG Malware Inspection and new update?  

What is the best alternative, if my information is correct?    

Thanks a lot! 


Ninja 4 IT


TMG - RT streaming media

May 2, 2013, 3:20 pm
$
0
0

Does the TMG have any capability to optimize real time streaming media flows from the Internet? By that I mean if two or more people tuned in to the same real time streaming media would the TMG bring in only one flow from the Internet and then distribute it to the two or more clients?

Thanks, Boris

Invoke Servlet Through TMG

April 29, 2013, 11:47 pm
$
0
0

I am trying to invoke a servlet of client application through TMG which is taking care of session management in share point site. But not able to invoke servlet but able to launch jsp kind files of client application through TMG. Could any one suggest if I missing anything here. Sorry If its basic query, I am very new to TMG and servlet.

Thanks,

Balajee

Search

access internet with schedule Error

April 30, 2013, 7:04 am
$
0
0

hi
i have imported firewall policy from a tmg in domain x.com and imported theme to tmg in domain y.com

i have already created the users and schedules in the tmg in domain y.com an then import firewall policy

and clients in spesific schedule rule can not access to internet except clients in full time schedule
how can i fix this?

thanks for helping

accessinf internet with schedule Error

April 30, 2013, 7:05 am
$
0
0

hi
i have imported firewall policy from a tmg in domain x.com and imported theme to tmg in domain y.com

i have already created the users and schedules in the tmg in domain y.com an then import firewall policy

and clients in spesific schedule rule can not access to internet except clients in full time schedule
how can i fix this?

thanks for helping

Unblock Torrent

May 2, 2013, 8:55 pm
$
0
0

Hi Everybody,

As i am new user of Isa Server 2004, I a trying to unblock the torrent from ISA server. Anyone tell me how to unblock torrent from ISA server 2004....    Please Help me out regarding this 

Allow SSL on port 80

May 3, 2013, 2:01 am
$
0
0

Hello,
our TMG is blocking SSL over port 80:

Failed Connection Attempt 
Log type: Web Proxy (Forward) 
Status: 12204 The specified Secure Sockets Layer (SSL) port is not allowed. Forefront TMG is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests.  
Source: Internal (<ClientIPAddress>:63346) 
Destination: <InternalTMGIPAddress>:80 
Request: <ExternalIPAddress>:80 
Filter information: Req ID: 09eb22aa; Compression: client=No, server=No, compress rate=0% decompress rate=0% 
Protocol: SSL-tunnel 

As I understand by message above the application is trying to connect to port 80 via SSL; isn't it ? As I know, I should enable not-standard SSL on TMG by launching this script:

Const NewRangeName = "SSL 80"
Const NewRangePort = "80"

Dim root 
Dim tpRanges 
Dim newRange 

Set root = CreateObject("FPC.Root")
Set tpRanges = root.GetContainingArray.ArrayPolicy.WebProxy.TunnelPortRanges
set newRange = tpRanges.AddRange(NewRangeName, NewRangePort, NewRangePort)
tpRanges.Save

The question is: could I add port 80 (normally used for HTTP) ? Or does it cause some problem on TMG ?

Thank you,
Luca

Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. | Whenever you see a helpful reply, click on "Vote As Helpful" & click on "Mark As Answer" if a post answers your question.

Exchange & Sharepoint 2013 support with TMG

May 2, 2013, 9:59 am
$
0
0

Hello,

I know that the Forefront TMG product will be discontinued.

I heard that a KB/Service Pack will add the support of Exchange, SharePoint, Office Web Apps 2013, is it really the case?

Regards,

TMG VPN

April 29, 2013, 7:52 am
$
0
0

Hi everyone

I am trying to establish a site to site VPN between two TMGs. the thing is that the two of them are configured with private IP addresses. is there a particular configuration to make in order to allow each one of them to identify the other side of the VPN?

thank you

Publishing Exchange coexistance urls between exchange 2007 and exchange 2013 on ISA 2006 using Single UCC certificate

April 27, 2013, 2:43 am
$
0
0

Hi,

     We have successfully setup coexistance between exchange 2007 and exchange 2013 and internally exchange are working such url redirection for owa, active sync, outlook web access etc.. using single UCC certificate and we tried to publish the below urls for both exchange 2007 and exchange 2013 on ISA 2006 using the Same UCC which have all SAN's but it did not work.

can you please help me to publish the coexistance url in ISA 2006 ASAP?

Here is below exchange url and UCC certificate common name

1. Exchange 2013 URL name

https://hybrid.ramu.com/owa

https://hybrid.ramu.com/ActiveSync..

https://autodiscover.ramu.com/

2. Exchange 2007 url

https://mails.ramu.com/owa

https://mails.ramu.com/activesync..

https://mails.ramu.com/

Certificate common name is mails.ramu.com

SAN names: mails.ramu.com

                    hybrid.ramu.com

                    autodiscover.ramu.com

                    owa.ramu.com

Please help me to create a new policy rules for publishing exchange urls

Thanks

Ramu


Search

How TMG works if it is set as the gateway?

May 4, 2013, 2:40 am
$
0
0

Hi everyone, this may have been asked before but I'm searching for this for a couple of hours and could not find a good answer.

My TMG and all servers are virtual and setup is like this:

Virtual Servers (Internal, 10.0.1.x/24) - VLAN2 ------- Hyper-v Host Virtual Switch ------- Physical Switch ------- TMG Int ------- TMG Ext ------- Internet

Virtual Clients (Internal, 10.0.0.x/24) - VLAN3 -------

I have IPv4 Routing in the switch for routing between VLAN2 and VLAN3. The servers and clients gateway are set to the physical switch.This works fine so far. I think currently the communication in the internal side is done without reaching the TMG, only on the physical switch itself.I can tell this because when I start tracing in TMG, I only see the internet access from internal side, not any DHCP or DNS or any internal related requests.

1. Now the question is, in documents, it says to set the gateways as TMG Internal IP which makes them SecureNAT clients. If I set the gateways to TMG Internal IP, will all the internal traffic routed on the TMG server, thus leaving my IPv4 Routing on the switch redundant? Also I think I will need a bunch of rules for internal AD infrastructure to work like DNS, DHCP etc..

2. Second question is, in general if I set a servers gateway to the TMG leg, will all its communication go through the TMG like its connected to a router? Or is the TMG just a police officer here, checking the rules and if allowed, form a direct connection between the target and destination, then step aside? Can it connect two physically isolated networks like a router, or do I still need a physical direct access between the two networks?

3. Can I set the internal sides gateways to the switch (to get rid of creating infrastructure rules), and any isolated network, like a DMZ leg servers gateway to the appropriate TMG IP? Does a hybrid config like this work when accessing between DMZ & Internal?

Thank you for your comments.

RDP through TMG doesn't work

May 4, 2013, 4:25 am
$
0
0

I have problem for remoting through Inernet to my LAN recently.

I can connect to TMG through Internet however it’s not possible to connect to a local computer in LAN using port (79.XXX.XXX.XXX:20221).

I set it before and it worked properly but it dosen’t work now.     

TMG 2010 web protection license renewal

February 28, 2013, 4:01 am
$
0
0
Is it possible to renew the license after expiration?

TMG 2010 with 2 NICs

May 5, 2013, 3:32 am
$
0
0
Dear All,

I have a TMG 2010 with 2 NICs working perfectly for LAN Range 192.168.0.255 ~ 192.168.1.255. Furthermore I want to add one more range 192.168.3.0/255.255.255.0 inside Internal but that's a remote private range outside a domain connected over a lease circuit. Upon adding it, TMG authentication window appears to all clients asking for domain credantials before browsing any website since those are workgroup computers which cannot be authenticated by our domain.

I created Access Rules bypassing IP range but still the popup comes for authentication everytime, the user tries to browse internet.

I would really appreciate if could would help me?

Thanks.

Microsoft Forefront TMG Managed Control Service on server TMG is not responding

May 5, 2013, 1:53 pm
$
0
0

Hello,

I am trying to configure TMG to allow EdgeSync for my Exchange 2010.

When I follow the steps to create and Generate Edge Subscription Files, I receive an error: Microsoft Forefront TMG Managed Control Service on server TMG is not responding.

The service is started, reseting it or reseting the server does not help. No errors are found in the Event Viewer. Whatever I try to do, I am unable to generate subscription files and am stuck at that point. Disabling - reenabling the Connectivity for EdgeSync does not help also.

Can it be related to configuration? I had EdgeSync working before I implemented TMG 2010. Now when I have Perimeter network and my Edge role is in there, I am simply trying to make it work through TMG.

Thank you in advance.

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>