Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Microsoft Forefront TMG - Use Network Template
In this tutorial we will show you how to use Network Template, how to create additional networks and how to customize Forefront TMG network settings.
Begin
Forefront TMG uses a ' multi networking ' concept. To define your network topology, we first need to create networks in Forefront TMG. After having all the necessary networks; We need to create relationships for these networks together as network rules. Forefront TMG supports two types of network rules:
Route - This is the type that will establish a two-way network connection between the two networks, which will route the original IP addresses between the two networks.
NAT - This is the only one way to establish a network connection between two networks, which will hide IP addresses in network segments with the IP address of the corresponding network adapter.
After creating networks and rules for the network, you must create firewall rules to allow or deny traffic between the connected networks.
Network template
To make it easier to configure Forefront TMG, TMG provides pre-designed templates (network templates) to enable the creation of typical Firewall scripts. You can completely change the network design after the initial installation. Here all you need to do is launch the Getting Started Wizard in the TMG Management management interface. The following figure shows the Launch Getting Started Wizard location.
Microsoft Forefront TMG - Use Network Template Picture 1 Figure 1: Forefront TMG's Getting Started Wizard
Configure network settings
The Launch Getting Started Wizard allows you to select the required network template. Forefront TMG gives you up to 4 network templates:
- Edge Firewall
- 3-Leg perimeter
- Back firewall
- Single network Adapter
Edge Firewall
Edge Firewall template is an old network template and connects the internal network to the Internet, protected by Forefront TMG. A typical Edge Firewall template requires at least two network adapters on Forefront TMG Server.
3-Leg Perimeter
3-Leg Perimeter Firewall is a Forefront TMG Server with three or more network adapters. A network adapter connects an internal network, a network adapter connects to an external network and a network adapter connects to DMZ (Demilitarized Zone), also called Perimeter Network. The Perimeter Network includes services, so it should be accessible from the Internet but also protected by Forefront TMG. Typical services in a DMZ are Web Server, DNS Server or WLAN network. A 3-Leg Perimeter Firewall is also often called 'Poor Man's Firewall', it is not a 'true' DMZ. A true DMZ is the area between two different Firewalls.
Backfirewall
Back Firewall template can be used by Forefront TMG Administrator, when Forefront TMG is located behind Front Firewall. The Back firewall will protect the internal network for access from the DMZ and the external network, it can control the traffic allowed from the computers in the DMZ and from Front Firewall.
Note : Forefront TMG does not have the associated Front Firewall network template
Single Network Adapter
Single Network Adapter template has some limitations because a Forefront TMG server with only one network interface cannot be used as a real Firewall, so many services follow that without. It only has the following features:
- Forward Web Proxy requests using HTTP, Secure HTTP (HTTPS), or File Transfer Protocol (FTP) for downloads.
- Store web content for clients on the corporate network.
- Web publishing to protect FTP servers and publish Web
- Microsoft Outlook Web Access, ActiveSync and RPC over HTTP (also called Outlook Anywhere in Exchange Server 2007).
Microsoft Forefront TMG - Use Network Template Picture 2 Figure 2: Network Template section
Next step, select the network adapter that will be used for this network template. In this example, we used the Edge Firewall template so that you have to choose which network adapter connects to the LAN and which network adapter connects to the external network (untrusted network).
Microsoft Forefront TMG - Use Network Template Picture 3 Figure 3: Select the network adapter
In Forefront TMG, you can now specify additional network routes with the UI without using the Route add command from the command line. The following figure shows the default networks created by Microsoft Forefront TMG installation. Only internal networks have the option to configure the IP address range.
Microsoft Forefront TMG - Use Network Template Picture 4 Figure 4: Forefront TMG networks
Forefront TMG has several associated network rules, which define relationships between networks.
Microsoft Forefront TMG - Use Network Template Picture 5 Figure 5: Network rules
Another new problem in Microsoft Forefront TMG is the ability to define some basic network adapter settings such as IP address, Default Gateway and, etc.
Microsoft Forefront TMG - Use Network Template Picture 6 Figure 6: Forefront TMG Network Adapter
The figure below shows the configuration options for the network adapter.
Microsoft Forefront TMG - Use Network Template Picture 7 Figure 7: IP address property page
With Forefront TMG, you can create new network routes through the TMG Management interface.
Microsoft Forefront TMG - Use Network Template Picture 8 Figure 8: Network routes
The figure below shows an example of creating a route for a new network.
Microsoft Forefront TMG - Use Network Template Picture 9 Figure 9: Create a new route
New networks in TMG
It is possible to create additional networks in Forefront TMG. Forefront TMG has a wizard for creating new networks.
Microsoft Forefront TMG - Use Network Template Picture 10 Figure 10: Forefront TMG - Create a new network
New networks can be created for different regions. For example, it is possible to create a new network for an additional DMZ on Microsoft Forefront TMG.
Microsoft Forefront TMG - Use Network Template Picture 11 Figure 11: Forefront TMG - Specify the network type
Specify the range of IP addresses for new networks.
Microsoft Forefront TMG - Use Network Template Picture 12 Figure 12: Forefront TMG - IP address range
After creating a new network, you must either link the new network to an existing network rule or you can create a new one from Route or NAT.
Export and import network definitions
It is possible to export Forefront TMG networks or network settings to some XML file with the Forefront TMG import and export feature.
Microsoft Forefront TMG - Use Network Template Picture 13 Figure 13: Forefront TMG - Export and import network definitions
Conclude
In this article, I have introduced you to an overview of how to use networks, network templates, and rules in Forefront TMG to give you a network topology. As you can see from the article, it is possible to easily create a network topology with the help of network templates. Forefront TMG has some pretty useful improvements related to network configuration. It is a great feature and allows TMG administrators to create network routes through the TMG Management console and can configure some basic IP address settings with the TMG console. Most other settings remain unchanged compared to Microsoft ISA Server 2006.
Kareem WintersYou should read it
- Troubleshooting Forefront TMG
- Microsoft Forefront TMG - Forefront TMG SDK
- How to fix the error of not seeing network adapter on Windows 10
- Optimize performance on Forefront TMG - Part 1
- How to view Network Adapter details in Windows 10
- Instructions to enable / disable Windows Firewall with Command Prompt
- Top 5 Powerline Adapter for the best home network 2018
- How to set up a firewall in Linux
- What is Network TAP? How does it help secure the system?
- Windows Vista: Supporting users using Remote Assistance (Part 2)
- Detect and prevent intrusion in Forefront TMG - Part 1: Behavior detection
- What is a firewall? General knowledge about Firewall
Maybe you are interested
Bluetooth 6.0 brings new technology that helps Apple improve Find My network
5 ways social networks positively impact life
5 ways Generative AI is ruining social networks
How to fix wifi error of not being able to access the network and the causes
4 features turn Spotify into a new social networking platform
Meta dismantled a huge extortion network of 63,000 accounts on Instagram
Microsoft Forefront TMG - Best Practice Analyzer
Block web browser with IPSec
Access Apple Mac OS X remotely via Windows
Working with Windows: Screen sharing
Working with Windows: Sharing files
Working with Windows: shared drives