Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Configure Forefront TMG as the DirectAccess server
In this tutorial we will show you how to configure Forefront TMG as a DirectAccess server .
Note that this tutorial will only cover the steps needed to configure Forefront TMG as a DirectAccess Server. Configuring the DirectAccess server is completely outside the scope of the article.
One important issue you need to know is that Forefront TMG does not accept IPv6 traffic or allows it to go through, so we must first change this behavior before Forefront TMG is installed to allow saving. the following amount:
- Authenticated IPv6 traffic (using IPSec), including IPSec initialization traffic.
- Techniques for sending and sending IPv6 traffic (6to4, Teredo, IP-HTTPS and ISATAP)
- Original IPv6 from Forefront TMG machine.
In addition, Forefront TMG integrates with Windows DirectAccess's IPSec Denial of Service Protection (DoSP) component to ensure that only IPSec traffic is allowed.
Attention:
We need to install and configure Windows Server 2008 R2 DirectAccess before installing Forefront TMG.
First, install the Windows Server 2008 R2 DirectAccess management console as shown in the figure below.
Configure Forefront TMG as the DirectAccess server Picture 1
Figure 1: Installing the Windows Server 2008 R2 DirectAccess feature
After the management console has been installed, launch the DirectAccess management and configuration interface, then test all the functions before installing Forefront TMG.
Configure Forefront TMG as the DirectAccess server Picture 2
Figure 2: DirectAccess management interface
After verifying the successful DirectAccess installation and configuration, we must change the Registry with a new key before installing Forefront TMG. This key is to prevent Forefront TMG from disabling IPv6 protocol support during the Forefront TMG installation.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftRATStingrayDebugISACTRL]
"CTRL_SKIP_DISABLE_IPV6_PROTOCOLS" = dword: 00000001
Configure Forefront TMG as the DirectAccess server Picture 3
Figure 3: The script enabled the IPv6 protocol support for Forefront TMG
After the Registry has been successfully changed, install Forefront TMG the way you installed the regular Forefront TMG server. When installing Forefront TMG, we must change the Forefront TMG configuration with a script that allows IPv6 support. Copy the following code into a blank Notepad file and save it with the .VBS extension.
set o = createobject ("fpc.root")
setarr = o.Arrays.Item (1)
set policy = arr.ArrayPolicy
set IPV6Settings = policy.IPv6Settings
IPV6Settings.DirectAccessEnabled = vbTrue
arr.save
Configure Forefront TMG as the DirectAccess server Picture 4
Figure 4: Save the script under .VBS tail
Save the script with the .VBS extension and run it from the command line with the following command:
Cscript DA-Enable.VBS
Because the Forefront TMG configuration changes, you will have to wait a bit until the configuration is synchronized. You will see the configuration status in the Forefront TMG management console as shown in the figure below.
Configure Forefront TMG as the DirectAccess server Picture 5
Figure 5: Wait for the synchronization process to complete
The script will create four new system policy rules for DirectAccess to support IPv6 traffic.
Configure Forefront TMG as the DirectAccess server Picture 6
Figure 6: Some of Forefront TMG's new system policies
'Act as a Direct Access server' button
Forefront TMG Beta and RC have an IPv6 tab in the IP preferences section of the management interface to configure Forefront TMG as the DirectAccess Server (see the picture below).
Configure Forefront TMG as the DirectAccess server Picture 7
Figure 7: Act as a Direct Access Server button
However, after the RTM version is released, the IPv6 tab is removed from the Forefront TMG console.
Configure Forefront TMG as the DirectAccess server Picture 8
Figure 8: You will see the DirectAccess button in Forefront TMG Beta and RC versions
Hide IPv6 log entries
Forefront TMG has an option that allows you to hide IPv6 traffic from the Real-time monitoring tab. Since Forefront TMG does not support IPv6, this is an option to hide the entries for easier viewing within the TMG record.
Configure Forefront TMG as the DirectAccess server Picture 9
Figure 9: Hide IPv6 log entries
If you want more functionality and flexibility, you can use Forefront UAG for your DirectAccess scenario. Using Forefront UAG will have the following advantages:
- Easy to extend (allow 8 Forefront UAG Server to join an array)
- High availability (with Windows Server 2008 R2 NLB)
- Access to old servers in the company via IPv4
- Easy to configure, deploy and manage
- Forefront UAG installs Forefront TMG on each node during the installation process
- Other remote access solution for machines that are not joined to the domain.
Lesley MontoyaYou should read it
- Introduction to UAG DirectAccess - Part 1
- Introduction to UAG DirectAccess - Part 3: NAT64 / DNS64
- Troubleshooting Forefront TMG
- Introduction to UAG DirectAccess - Part 2: IPv6 transition technology and NRPT
- Use IIS to set up FTP Server on Windows
- Microsoft Forefront TMG - Webserver load balancing
- How to install DNS Server on Windows Server 2019
- Microsoft: Windows Server does not support ARM
- Steps to install Microsoft SQL Server on Windows 10
- Microsoft Forefront TMG - Forefront TMG SDK
- The difference between web server and app server
- Instructions for setting up and managing FTP Server on Windows 10
Maybe you are interested
What is Forefront AI? Is it better than ChatGPT?
Detect and prevent intrusion in Forefront TMG - Part 1: Behavior detection
Detecting and preventing intrusion in Forefront TMG - Part 2: NIS
Troubleshooting Forefront TMG
Optimize performance on Forefront TMG - Part 1
Microsoft Forefront TMG - Forefront TMG SDK
Server
Configure the Lightweight Directory Service service - Part 3- Configure the Lightweight Directory Service service - Part 4
- Instructions for creating a Home HTTP Server model
- Server Core - Install Roles and Features
- Server Core - Manage Account and Server
- IP, Subnet mask, installation and configuration for 1 server
Configure the Lightweight Directory Service service - Part 3
Configure the Lightweight Directory Service service - Part 4
Instructions for creating a Home HTTP Server model
Server Core - Install Roles and Features
Server Core - Manage Account and Server
IP, Subnet mask, installation and configuration for 1 server