Hi,
There are two Internet links in the company. link 1 and link 2. 100 users are connected to our wireless network and they need to use viber for their needs but I don't like them to have access to Internet. I need a solution in TMG to route all of the traffic going to viber server pass through link 1. by doing this they just can open viber website and make call.
Do you have any solution for this issue?
Thanks and regards,
Bahman
I have install TMG2010. below is my config.
i have some machines that runs ms outlook. i have face some issue while send and receive then i have found some work around. i have installed free proxy and run it in console mode.(see below image)
Akshay Pate Server Administrator
Hi Guys,
We have to block skype in our network. i tried https inspection and it works fine but it seems source exception doesn't work at all. at the moment i can block skype but cannot add clients to my exception list. is there any other way to do this in TMG at all?
Thanks and regards,
Bahman
hi friends
i have heard that it is possible to code applications ( if i don't mistake) so that TMG can not distinguish the Application on the basis of signature. imagine we have a browser which is coded ( something Like encryption, i mean the App has been encrypted)& TMG can't distinguished it). how can we block such unknown Applications ?
please describe the rule in details.
thanks in advance
Using ISA Server 2004 as part of SBS 2003. We have a hardware appliance (has its on IP address) on the network which needs to copy files (located on itself) to a folder share on a networked computer. The appliance can access the share but when it starts copying files it is stopped by ISA. The appliance communicates over port 445 (SMB).
How can we open this up in ISA and not put network at risk?
Thank you!
URL is replaced with IP address on the client browser when the client PC used as Secure Nat Client.
TMG is our gateway.
Example : http://www.google.co.in/?gws_rd=cr is replaced withhttp://xx.xx.xx.xx?gws_rd=cr
This is working fine when the Proxy address in mentioned on the client browser
With windows xp pc's we configure pop3/smtp on outlook as a our Email server hostname "domain.com" but on windows 7 the host name "domain.com" is not working,we have to configure pop3/smtp as IP address of our Email server insted of hostname only when it connect to internet through TMG client , but if connect direct to internet without TMG it's working fine .
Note: xp pc's also connect t internet through TMG and working fine .
A couple years ago, a customer had TMG on Hyper-V and from time to time it quit responding. A reboot brought it back to life, but with dozens of users, and highly burstful activity, it would occassionally quit responding again. A call to tech support immediately identified the situation as being unique to TMG on Hyper-V. It turns out that heavy bursts on TMG in this situation would cause delays in referencing the internal DNS and cause sufficient traffic that it falsely detected a host block situation (I recall it blocked the internal DNS server?). In any event, they walked me through setting up a second DNS server on TMG, allowing TMG to reference its own DNS server. It fixed the problem.
I've not found any document, white-paper, or step-by-step guide that covers all the territory we covered in that tech support phone call. As I recall, the solution involved creating a stub to the internal DNS server, a change in forwarding, a reverse DNS setup, and a change in NIC DNS settings. Tech support quickly identified the problem and quickly walked me through the solution, leading me to believe such a document exists.
I have a new customer facing the same situation. Can you point me to a procedure that discusses this situation and provides a step-by-step guide to setting up a second DNS server on TMG? thank you.
Beware of unmoderated moderators in the Expression Web forums.
Hi all,
I have strange issue with TMG and Lync 2010.
I have 4 VLANs and cisco L3 switch for routing between VLANs, with default route pointing to TMG internal NIC. I'm using TMG as back firewall.
Everything is working fine except Lync SIP traffic to outside. Actually, SIP trafic works only on VLAN of internal TMG NIC. On every other VLAN there is an error msg in TMG log "Status:No connection could be made because the target machine actively refused it".
So, I'm totally confused. I know it's not routing issue, and I have all static routes for every VLAN with -p. I also have all ranges defined networking>Internal network. Everything else is working perfectly HTTP, HTTPS, ICMP etc...so I guess it's not spoofing also.
Please help!
Running reports in Forefront TMG 2010 yields virtually unreadable reports no matter what browser or version of browser I use (see below).
I am running version 7.0.9193.515 on a Windows Server 2008 R2 Standard box. All of the latest updates, service packs and patches have been applied.
Don't know when this started.
Bob Esquenazi
Hi
A situation I don't understand - hopefully someone here does:
I have a TMG with 2 NICs (HP Teams).
External (public IP): 111.1.1.115\26
Internal: (DMZ): 10.10.10.88\25
Behind the Internal network are a whole bunch of subnets in the 10.0.0.0\8 ranges and also 192.168.0.0\16 ranges.
I therefore selected an Edge template, configured network settings as in Mr Jason Jones blog - so gateway on external, dns on internal (no gateway) and network topology routes pointing 10.0.0.0\8 back through the 10.10.10.88 interface and also 192.168.0.0\16 back through this interface. This appears to work well. I save the config. I can see the route information when I do a route print and can RDP, Ping etc anything on these subnets.
I reboot the box. All route information in both TMG and on OS appear to be there, nothing's changed. However network connectivity fails. I can ping only the router on the 10.10.10.88 interface (.1) when aiming back internally. If I ping anything on the local LAN or anything further than this router interface I get Destination Host Unreachable from the TMG interface.
In order to sort it out I can remove the Network Topology Routes, apply, and then add them in again. Or I can add a subset of the route - so eg 10.1.0.0\16. Both of these cases make the relevant route available. Reboot: same again.
I don't understand why it doesn't hold the information properly post reboot. ANy ideas?
Any info can be supplied.
Jim
Hello,
Currently I'm using server 2003 with isa 2006 for firewall and web proxy to control internet access for network users. Now I'm upgrading to server 2008 but TMG is already discontinued and support will also end in 2014. So what is the alternative for TMG? What product can i use in server 2008 to implement firewall and proxy server?
Honestly, not happy with such discontinuous decisions. I'm great fan of ISA/TMG and they work well.
Please suggest. Thanks
Cheers
Log Name: Application
Source: ESENT
Date: 29/08/2013 2:38:05 AM
Event ID: 482
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: wsexceli0002
Description:
Directory (924) An attempt to write to the file "\\?\Volume{818c0639-0942-11e3-a97c-005056b801ba}\Program Files\Microsoft Forefront Threat Management Gateway\ADAMData\edb.log" at offset 6816768 (0x0000000000680400) for 512 (0x00000200) bytes failed
after 0 seconds with system error 19 (0x00000013): "The media is write protected. ". The write operation will fail with error -1032 (0xfffffbf8). If this error persists then the file may be damaged and may need to be restored from a previous
backup.
Hi All,
From a Domain joined laptop (not connected to the internal network), Can I connect to Sharepoint 2010 (publish by TMG) without "credential prompt"? i mean connect with cached credential.
Regards
Jose Osorio
I fullful the criteria
Customers with active subscriptions for the online service as of November 30, 2012 may continue to use the online service until December 31, 2015"
But my license has an expiry of 31/8/2013 how can I ensure it continues to work until December 31 2015?
Hi,
configuration:2 tmg sp2 EE, configured internal NLB(multicast), nlb working, all services work as should
problem:
when user connect to one external site with IP1 that have authorization through another external IP2, requests comes from different external IPs of TMG nodes. one to IP1 comes from node1 second one (authorization) comes from external IP of node 2 and authorization failed because requests should be from one of the TMG nodes.
if replace connection settings of IE from auto detect( which connect to proxy through internal NLB on TMG) to directly node1 or node2 everything work, traffic flow from one node
so question why request comes from different nodes and how to fix it?
Hi,
I am setting up a new Forefront TMG as our primary firewall device and as I have no experience of this product thought I would seek advice from some who have or are using it.
Requirements:
1. The use of multiple external IP's in two subnets for traffic routing
2. 3 internal Subnets to separate traffic destined for our various customers and systems
3. Policy based NAT for port redirection
4. Monitor internet usage based on domain users
5. inbound VPN
I am pretty sure it does all the above but just thought i would get some feedback. I have already installed the system on a *cough* VMware host as a VM with 4 NICS that will only be used for the purpose of the firewall.
This is so that we can replace our expensive hard ware based FW and take advantage of our Gold Partnership position.
Drac
I have installed TMG and its working very well. Except NIS update i have tried to update manually but its not updated
plz see below image.