Good day,
We are using Forefront TMG (MBE) as primary network firewall (EBS2008 Security Server) and need to add additional internal subnets behind a hardware router. The following is a basic illustration of the layout:
(Multiple-subnet network with Windows EBS)
Additional subnet(s) have been added to TMG Internal Network definition and the appropriate persistent static route(s) added. As these are well connected local subnet, they've been added to the existing AD site "Default-First-Site-Name":
The routed subnets make use of AD, DNS and DHCP in the primary subnet in which TMG resides; DHCP relay is configured on the router.
So far pings, tracert and queries seem to work fine, however when a domain joined Win7 client in one of the routed subnets attempts to access a network share in the primary network, e.g. //domain/netlogon, the user receivesaccess denied or network path not found errors. This is true whether using FQDN or IP.
Does TMG require any further configuration to support internal routed subnets? Any assistance will be appreciated.