Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Controlling Internet Access: Introduction to TMG Access Rule - Part 3
Network Administration - In Part 3 of the series on TMG Access Rules, I will introduce you to the basics of Web Publishing Rules.
[#RelatedNews (8) #]
Web publishing is a term we use in reverse proxy websites so that external users can access websites located within the TMG firewall. Note that there are two ways you can allow external users to use websites: web publishing and server publishing. Web publishing allows the TMG firewall to act as a reverse proxy, while server publishing provides web servers through reverse NAT. In these two methods, Web publishing is the preferred method, with this method you can use the advantages of pre-authentication and many other features that are not available through reverse NAT.
To introduce you to the web publishing process, let's start by publishing a simple HTTP site located behind the TMG firewall. This basic site does not require SSL and does not require authentication. Later, we will look at some more complex examples in which you can use SSL and authentication.
To begin, click the Firewall Policy button in the left pane of the TMG firewall console, as shown in Figure 1 below.
Figure 1
In the right pane of the interface, click Tasks Tab . Then on Tasks Tab, the Publish Web Sites link size is shown in Figure 2 below.
Figure 2
This will bring up the Welcome to the New Web Publishing Rule Wizard page . On this page, shown in Figure 3, you need to name the rule. In the Web publishing rule name text box, for example, we enter the HTTP Web Server name and then click Next .
Figure 3
On the Select Rule Action page , as shown in Figure 4, you can configure the rule to Allow or Deny for the connection. In this example, we will select Allow . Deny option is used for special use cases; You can also create web publishing rules to allow connections to certain websites behind the TMG firewall.
Figure 4
On the Publishing Type page, as shown in Figure 5, you choose one of three scenarios that correspond to your web server environment. In this example, I want to publish a web server behind the TMG firewall, so we choose the Publishing a single Web site or load balancer option and click Next .
Figure 5
On the Server Connection Security page , shown in Figure 6, you must choose whether the TMG firewall needs to use SSL to connect to the web server. In this scenario, we do not require SSL between the TMG firewall and the web server, so choose the option Use non-secured connections to connect to the published Web server or server farm .
Remember that for the safest connection, you should use SSL.
Figure 6
On the Internal Publishing Details page, shown in Figure 7, you will be asked to define the server name in the intranet. In this example, we enter the Fully Qualified Domain Name (FQDN) of the server on the local network hosting the website, dc1.msfirewall.org . You also have the option to activate the checkbox Use a computer name or IP address to connect to the published server, then enter the name or other IP address of the server. This option allows the TMG firewall to find the server if it is using a different name than the one you entered in the Internal site name box. After entering this information, click Next .
Figure 7
On the Internal Publishing Details page, shown in Figure 8, you can enter the path to restrict users from accessing a certain file or folder on the web server. In this example, because we want to allow full site access, we don't enter any paths here. After making the choices here, click Next .
Figure 8
On the Public Name Details page, Figure 9, enter the name of the website that the user will access. This is the name the user uses to access the site. To do this, select this Domain name option (type below) from the Accept requests for drop-down list. After selecting that option, enter the name that the user will access the site in the Public name text box. In this example, the user will use the name www.msfirewall.org to access the site, so we'll enter that name into the text box. Next, we will have the option to enter the path, but we do not do that, click Next .
Figure 9
On the Select Web Listener page, Figure 10, select the web listener listener that will be used to accept connections from external users to access the website. In our example, no listener has been set up yet, so there is no option in the drop down box. To create a new HTTP web listener listener, click the New button.
Figure 10
This will bring up the Welcome to the New Web Listener Wizard page , shown in Figure 11. Here we enter the name for the web listener in the Web listener name text box (we will use the HTTP Listener name) and then Click Next .
Figure 11
On the Client Connection Security page, Figure 2, you must specify whether or not you want to use SSL to connect to the TMG firewall. In this example, we want to publish a simple HTTP site, so choose Do not require SSL secured connection with clients and click Next .
Figure 12
In the Web Listener IP Addresses page , Figure 13, select the network where you want the TMG firewall to accept connections to the website. In most cases, when publishing a website to external users, you should select the default External network to accept incoming connections. If you have multiple IP addresses bound to the external interface, you can click Select IP Addresses and then select the specific IP address to which you want to accept the connections; In most cases, you should do this instead of accepting connections on all IP addresses that can be configured on the external interface of the TMG firewall. In this example, we only have one IP address on the external interface, but we will choose a specific IP address in case we need to add more IP addresses to the external interface in the future.
Figure 13
On the Authentication Settings page, Figure 4, select the type of information that will be used to connect to the TMG firewall to access the site. This type of authentication is often called pre-authentication because the user authenticates with the TMG firewall before authenticating with the web server. In this example, we do not require authentication, so select the No Authentication option and click Next .
Figure 14
On the Single Sign On Settings page , Figure 15, you can configure the web listener to support single sign-on for all sites published through this listener. However, for a one-time login mechanism, users must log in. Since we do not require authentication in this example, the login mechanism is not necessary, so move on to the next section by clicking Next .
Figure 15
After clicking Next you will see the final list of the listener wizard, Figure 16. Here we will review the settings on the Completing the New Web Listener Wizard page and click Finish .
Figure 16
Now let's go back to the original wizard. The new web listener will now appear in the Select Web Listener page as shown in Figure 17, here you can see some details about the Web Listener. There are several additional options you can configure on the web listener. Alternatively, you can access them by clicking the Edit button. We will talk about this in the next section. For now, let's continue by clicking Next .
Figure 17
On the Authentication Delegation page, Figure 18, you configure how the TMG firewall delegates credentials to the published website. This means users will only need to authenticate once with the TMG firewall. In this example, we do not require authentication, so there is no reason to delegate standards, we will select the option No delegation, and client cannot authenticate directly and click Next .
Figure 18
On the User Sets page, Figure 19, select the user or group of users who are allowed to access the published website. To enable this option, you must ask users to be authenticated so that they will be identified. Since we do not require authentication in this example, we will use the default group, which is All Users . In the context of the TMG firewall, 'all users' does not mean that all users have been authenticated; it means an anonymous user - so when allowing 'all users' access, you are allowing non-authenticated users to access the site.
Figure 19
We will re-evaluate the settings in the Completing the New Web Publishing Rule Wizard page as shown in Figure 20, then click the Test Rule button.
Figure 20
The Test Rule button allows you to see whether the website is accessible from the TMG firewall. As you can see in Figure 21 below, when you click the Test Rule button, TMG will try to connect to the web server using an HTTP connection and it will perform the path pinging (PathPing) to the web server. As in the picture, the TMG firewall was able to connect to the web server and PathPing was successful.
Figure 21
Now you can see the new rule in the list of firewall rules. To enable the rule, you must click the Apply button, as shown in Figure 22 below.
Figure 22
The Configuration Change Description dialog box, as shown in Figure 23, you can enter a comment about the change you made in the firewall policy. The TMG firewall will store this information so you can use it as part of the change management system, which is intended to assist in troubleshooting later. Using this dialog box, you can also export the firewall configuration to be able to restore the configuration to the point before making changes. Click Apply to save the changes.
Figure 23
The configuration will now be saved and you can see the results in the Saving Configuration Changes dialog box, Figure 24. Note that existing client connections will be re-evaluated according to the new policy. This is new to the TMG firewall - with the ISA firewall, the firewall policy is only applied to new connections.
Figure 24
Conclude
In this section, we have introduced you to some of the basics of web publishing with TMG. In the section, we created a web publishing rule, a simple web listener HTTP listener. At the end of the rule creation section, we used the test button to determine if the website is reachable. In the next part of this series, we will create an SSL web site that requires authentication. In that section, you'll know some advanced options when creating web publishing rules.
Isabella HumphreyYou should read it
- Controlling Internet access - Part 4: TMG Network and Network Rule
- 2/3 access on the Internet ... not human
- How to Control WiFi Access for Specific Devices
- Limit remote control to Teamviewer
- How to restrict access to Settings and Control Panel Windows 10
- How to access Control Panel on Windows 10, how to access Control Panel on Windows 10
- Ways to access and control your computer remotely
- How to control the Macbook remotely
May be interested
- Access Exchange 2007 from Apple Macintosh (Part 2)
in the last part of this two-part article, i will show you how to configure entourage 2004 for exchange access and then discuss some of the pros and cons of each solution. we will access each client based on the criteria below. - Facebook launches an application that supports free Internet accessfacebook on july 31 launched the internet.org application running on android smartphones and popular phones, capable of helping users access some services on the internet at no charge.
- Explain the rule 30-30-30 when resetting the routertechnology enthusiasts have developed a so-called 30-30-30 rule when the hard reset router helps bring any router back to its original default settings.
- 40/30/20/10 Rule: The most scientific time management methodin addition to the 80/20 rule - one of the gold standards applied in all areas of life, the 40-30-20-10 rule is also a rule adopted by many people to manage the most scientific time.
- Learn about IRC and how to use mIRCi think many of us use yahoo messenger primarily without the notion of existence of messaging protocols, or something complicated, ... with a lot of people 's lazy to learn ( the truth).
- Introduction to Network Access Protection (Part 1)one aspect of network security that annoys many administrators is the inability to control the configuration of remote computers. although a company's network may be working safely, there is nothing to prevent remote users from accessing the network through a computer that has been infected or not.
- PKI Tutorial - Part 2: Designin the first part of this pki tutorial series, we have an overview of how to prepare and plan your pki. in this second part, we will continue the introduction with a little more technique. ch & uac
- Internet access quality measuring system, a tool to measure Internet access quality online that all Internet users in Vietnam must knowrecently, the vietnam internet network information center (vnnic, under the ministry of information and communications) has announced the internet access quality measurement system (speedtest), the first internet access quality testing tool built and broadcasted. developed exclusively for internet users in vietnam.
- Overview of Windows Server 2008 Firewall with advanced security features - Part 2in the first part of this three-part series, we introduced some global configuration settings for using a firewall. in this section, we will introduce the inbound / outbound rules so you can control incoming and outgoing connections
- This woman found a way to control sperm by the brain, creating works of artani liu used an eeg electroencephalogram, an interface for the brain and computer to measure the changes of electricity generated by human thinking, to control sperms on a graph. has 2 xy axes.
Configure and use the print server
Perfect wireless network management with ZyXel
Solution to store over the network from the router
Network analysis with Colasoft Capsa
Set up the LAN by dividing the subnet
Cisco Linksys WRT160NL - 'toy' specifically for open source people