Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Configure Forefront TMG as the DirectAccess server
In this tutorial we will show you how to configure Forefront TMG as a DirectAccess server .
Note that this tutorial will only cover the steps needed to configure Forefront TMG as a DirectAccess Server. Configuring the DirectAccess server is completely outside the scope of the article.
One important issue you need to know is that Forefront TMG does not accept IPv6 traffic or allows it to go through, so we must first change this behavior before Forefront TMG is installed to allow saving. the following amount:
- Authenticated IPv6 traffic (using IPSec), including IPSec initialization traffic.
- Techniques for sending and sending IPv6 traffic (6to4, Teredo, IP-HTTPS and ISATAP)
- Original IPv6 from Forefront TMG machine.
In addition, Forefront TMG integrates with Windows DirectAccess's IPSec Denial of Service Protection (DoSP) component to ensure that only IPSec traffic is allowed.
Attention:
We need to install and configure Windows Server 2008 R2 DirectAccess before installing Forefront TMG.
First, install the Windows Server 2008 R2 DirectAccess management console as shown in the figure below.
Figure 1: Installing the Windows Server 2008 R2 DirectAccess feature
After the management console has been installed, launch the DirectAccess management and configuration interface, then test all the functions before installing Forefront TMG.
Figure 2: DirectAccess management interface
After verifying the successful DirectAccess installation and configuration, we must change the Registry with a new key before installing Forefront TMG. This key is to prevent Forefront TMG from disabling IPv6 protocol support during the Forefront TMG installation.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftRATStingrayDebugISACTRL]
"CTRL_SKIP_DISABLE_IPV6_PROTOCOLS" = dword: 00000001
Figure 3: The script enabled the IPv6 protocol support for Forefront TMG
After the Registry has been successfully changed, install Forefront TMG the way you installed the regular Forefront TMG server. When installing Forefront TMG, we must change the Forefront TMG configuration with a script that allows IPv6 support. Copy the following code into a blank Notepad file and save it with the .VBS extension.
set o = createobject ("fpc.root")
setarr = o.Arrays.Item (1)
set policy = arr.ArrayPolicy
set IPV6Settings = policy.IPv6Settings
IPV6Settings.DirectAccessEnabled = vbTrue
arr.save
Figure 4: Save the script under .VBS tail
Save the script with the .VBS extension and run it from the command line with the following command:
Cscript DA-Enable.VBS
Because the Forefront TMG configuration changes, you will have to wait a bit until the configuration is synchronized. You will see the configuration status in the Forefront TMG management console as shown in the figure below.
Figure 5: Wait for the synchronization process to complete
The script will create four new system policy rules for DirectAccess to support IPv6 traffic.
Figure 6: Some of Forefront TMG's new system policies
'Act as a Direct Access server' button
Forefront TMG Beta and RC have an IPv6 tab in the IP preferences section of the management interface to configure Forefront TMG as the DirectAccess Server (see the picture below).
Figure 7: Act as a Direct Access Server button
However, after the RTM version is released, the IPv6 tab is removed from the Forefront TMG console.
Figure 8: You will see the DirectAccess button in Forefront TMG Beta and RC versions
Hide IPv6 log entries
Forefront TMG has an option that allows you to hide IPv6 traffic from the Real-time monitoring tab. Since Forefront TMG does not support IPv6, this is an option to hide the entries for easier viewing within the TMG record.
Figure 9: Hide IPv6 log entries
If you want more functionality and flexibility, you can use Forefront UAG for your DirectAccess scenario. Using Forefront UAG will have the following advantages:
- Easy to extend (allow 8 Forefront UAG Server to join an array)
- High availability (with Windows Server 2008 R2 NLB)
- Access to old servers in the company via IPv4
- Easy to configure, deploy and manage
- Forefront UAG installs Forefront TMG on each node during the installation process
- Other remote access solution for machines that are not joined to the domain.
Lesley MontoyaYou should read it
- Troubleshooting Forefront TMG
- Introduction to UAG DirectAccess - Part 2: IPv6 transition technology and NRPT
- Use IIS to set up FTP Server on Windows
- Microsoft Forefront TMG - Webserver load balancing
- How to install DNS Server on Windows Server 2019
- Microsoft: Windows Server does not support ARM
- Steps to install Microsoft SQL Server on Windows 10
- Microsoft Forefront TMG - Forefront TMG SDK
May be interested
- Configure the Lightweight Directory Service service - Part 3
in this article, i will show you the procedure for creating an appropriate ad lds instance and application directory partition. - Configure the Lightweight Directory Service service - Part 4in this article, i will continue the discussion by showing you how to create an ad lds instance copy.
- Instructions for creating a Home HTTP Server modelin the following article, we will cover the basic steps for setting up an http server system.
- Server Core - Install Roles and Featuresserver core is a version of windows server 2008 with a minimalistic graphical interface: the interface only includes notepad and task manager, no regular explorer processes.
- Server Core - Manage Account and Serverthe purpose of this article is to provide you with what you need to know to run server core, especially in the domain environment and server management commands.
- IP, Subnet mask, installation and configuration for 1 serverip address is a unique number assigned to a device in a network - these devices can be a computer, a router, a network printer (network printer with a network card), etc. etc. this type of address is called a software address - it is different from the address address hardware address - or we know as the mac address of the network card or hard-code in some network devices - please say a little about this address - every network card manufacturer in the world before production must apply for a batch of mac addresses from inte
Introduction to UAG DirectAccess - Part 1
Introduction to UAG DirectAccess - Part 3: NAT64 / DNS64
Troubleshooting Forefront TMG
Configure Web Proxy Chaining in Forefront TMG 2010 - Part 1
Introduction to UAG DirectAccess - Part 2: IPv6 transition technology and NRPT