Configure Forefront TMG as the DirectAccess server
In this tutorial we will show you how to configure Forefront TMG as a DirectAccess server.
In this tutorial we will show you how to configure Forefront TMG as a DirectAccess server .
Note that this tutorial will only cover the steps needed to configure Forefront TMG as a DirectAccess Server. Configuring the DirectAccess server is completely outside the scope of the article.
One important issue you need to know is that Forefront TMG does not accept IPv6 traffic or allows it to go through, so we must first change this behavior before Forefront TMG is installed to allow saving. the following amount:
- Authenticated IPv6 traffic (using IPSec), including IPSec initialization traffic.
- Techniques for sending and sending IPv6 traffic (6to4, Teredo, IP-HTTPS and ISATAP)
- Original IPv6 from Forefront TMG machine.
In addition, Forefront TMG integrates with Windows DirectAccess's IPSec Denial of Service Protection (DoSP) component to ensure that only IPSec traffic is allowed.
Attention:
We need to install and configure Windows Server 2008 R2 DirectAccess before installing Forefront TMG.
First, install the Windows Server 2008 R2 DirectAccess management console as shown in the figure below.
Figure 1: Installing the Windows Server 2008 R2 DirectAccess feature
After the management console has been installed, launch the DirectAccess management and configuration interface, then test all the functions before installing Forefront TMG.
Figure 2: DirectAccess management interface
After verifying the successful DirectAccess installation and configuration, we must change the Registry with a new key before installing Forefront TMG. This key is to prevent Forefront TMG from disabling IPv6 protocol support during the Forefront TMG installation.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftRATStingrayDebugISACTRL]
"CTRL_SKIP_DISABLE_IPV6_PROTOCOLS" = dword: 00000001
Figure 3: The script enabled the IPv6 protocol support for Forefront TMG
After the Registry has been successfully changed, install Forefront TMG the way you installed the regular Forefront TMG server. When installing Forefront TMG, we must change the Forefront TMG configuration with a script that allows IPv6 support. Copy the following code into a blank Notepad file and save it with the .VBS extension.
set o = createobject ("fpc.root")
setarr = o.Arrays.Item (1)
set policy = arr.ArrayPolicy
set IPV6Settings = policy.IPv6Settings
IPV6Settings.DirectAccessEnabled = vbTrue
arr.save
Figure 4: Save the script under .VBS tail
Save the script with the .VBS extension and run it from the command line with the following command:
Cscript DA-Enable.VBS
Because the Forefront TMG configuration changes, you will have to wait a bit until the configuration is synchronized. You will see the configuration status in the Forefront TMG management console as shown in the figure below.
Figure 5: Wait for the synchronization process to complete
The script will create four new system policy rules for DirectAccess to support IPv6 traffic.
Figure 6: Some of Forefront TMG's new system policies
'Act as a Direct Access server' button
Forefront TMG Beta and RC have an IPv6 tab in the IP preferences section of the management interface to configure Forefront TMG as the DirectAccess Server (see the picture below).
Figure 7: Act as a Direct Access Server button
However, after the RTM version is released, the IPv6 tab is removed from the Forefront TMG console.
Figure 8: You will see the DirectAccess button in Forefront TMG Beta and RC versions
Hide IPv6 log entries
Forefront TMG has an option that allows you to hide IPv6 traffic from the Real-time monitoring tab. Since Forefront TMG does not support IPv6, this is an option to hide the entries for easier viewing within the TMG record.
Figure 9: Hide IPv6 log entries
If you want more functionality and flexibility, you can use Forefront UAG for your DirectAccess scenario. Using Forefront UAG will have the following advantages:
- Easy to extend (allow 8 Forefront UAG Server to join an array)
- High availability (with Windows Server 2008 R2 NLB)
- Access to old servers in the company via IPv4
- Easy to configure, deploy and manage
- Forefront UAG installs Forefront TMG on each node during the installation process
- Other remote access solution for machines that are not joined to the domain.
You should read it
- Introduction to UAG DirectAccess - Part 1
- Introduction to UAG DirectAccess - Part 3: NAT64 / DNS64
- Troubleshooting Forefront TMG
- Introduction to UAG DirectAccess - Part 2: IPv6 transition technology and NRPT
- Use IIS to set up FTP Server on Windows
- Microsoft Forefront TMG - Webserver load balancing
- How to install DNS Server on Windows Server 2019
- Microsoft: Windows Server does not support ARM
- Steps to install Microsoft SQL Server on Windows 10
- Microsoft Forefront TMG - Forefront TMG SDK
- The difference between web server and app server
- Instructions for setting up and managing FTP Server on Windows 10
Maybe you are interested
Why the foundation of the world's tallest tower Burj Khalifa must be powered 24/7 Equipment can replace smartphones, TVs The size of the main door 2 wings, 4 wings What's the price of 28 million worth of Google Glass Enterprise Edition 2? The most forgettable technology products in the last decade See only the battery status of the iPhone if you replace the original battery