Dears,
We will install two TMG servers in the DMZ (not joined to domain, one array) to use it as a forward proxy.
The main features of the solution include:
Forward Web Proxy requests using HTTP and HTTPS.
HTTPS inspection
URL Filtering based on a predefined block lists
Web caching
Windows Load balancing to ensure high availability and load distribution of TMG services.
Kindly what are the ports required between internal network and TMG, between TMG and internal network, between DCs and TMG, between TMG and DCs and between TMG and internet?
Note: Since the TMG servers need to resolve IP addresses for both Internet and internal devices, an external DNS Server will be installed on each TMG server.
The external DNS servers listening interface will be the DMZ interface and will use Internet Root DNS servers to resolve Internet DNS names. The external DNS will be configured with forwarders to the Internal DNS Servers in order to resolve internal DNS zones.
Within the TMG array, each TMG server will have its own IP address as the primary DNS server and the other TMG server as the secondary DNS server.