I have TMG SP2 with 2 last hotfixes as Back-Firewall topology with Internal Network, Perimeter and Inter-Array Communication NICs. NLB is configured on Internal and Perimeter NICs. In Perimeter the DGW is of the Edge hardware firewall.There are no host in Perimeter Network. I want to publish non-web protocol ex DNS . I have created a new Network as Perimeter. Also created Network Rules as
Perimeter- Internal = Route
Internal- Perimeter = Route
Internet Access - External = NAT
I'm facing issue with published rule. What should be From and To and Networks. I have tried From"Anyware" To "DNS Servers IP" "Request appears to come from the original client" and Networks " External" . With this publishing rule TMG does not allow DNS traffic
"The policy rules do not allow the user request". In logs it shows as protocol DNS instead of DNS Server.
In publishing rule should it be Perimeter in Networks be chosen with what options ALL, NLB or Specific? We have public IP with Static NAT in Edge firewall. Should this IP added as additional VIP in Perimeter network?
Could anyone point to right configuration and resolution steps