[isapros] Re: Publishing proxy listener on TMG
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>, "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 15 Dec 2009 10:52:41 -0800
Well, "typical" in that it's just another published service... there's really
no difference (to me) in publishing that or RDP or whatever as long as you take
the "proper" precautions...
Regardless, that was exactly it... I could have sworn that I tried that last
night, but I obviously didn't. So, right now it's a server pub rule with 8080
as a custom inbound protocol and is currently all users. Should I do the same
thing with Web publishing rule instead so I can set NTLM auth on the listener?
t
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: Tuesday, December 15, 2009 10:27 AM
To: isapros@xxxxxxxxxxxxx; isalist@xxxxxxxxxxxxx
Subject: [isapros] Re: Publishing proxy listener on TMG
I wouldn't call this "typical" by any means, but neither is this a unique
request.
I't s possible, but not exactly advisable for Joe Admin. No doubt you're using
port pbfuscation and auth to keep the script kiddies at bay...
Make sure the rule is set to "requests from from the TMG computer" or TMG will
try to respond via the routing table instead of the "internal-internal" socket
map, causing the "non-SYN" log entry.
Jim
________________________________
From: isapros-bounce@xxxxxxxxxxxxx [isapros-bounce@xxxxxxxxxxxxx] on behalf of
Thor (Hammer of God) [thor@xxxxxxxxxxxxxxx]
Sent: Tuesday, December 15, 2009 10:07 AM
To: isalist@xxxxxxxxxxxxx; isapros@xxxxxxxxxxxxx
Subject: [isapros] Publishing proxy listener on TMG
Has anyone successfully published the internal network proxy listener to the
external network on TMG? This is trivial to do with ISA/TMG in hork mode
(single nic) and though I *thought* I did it in ISA with the typical
external/internal nic config, I can't get it working in TMG. I'm either
missing something simple, or it just no workie.
Basically, I want to be able to connect to my TMG proxy from the outside world.
Typical stuff. In hork mode I was doing it just fine and using NTLM auth over
HTTP with a strong password which is just fine.
I've tried web publishing on an alternate port listener to 8080 on the internal
interface, but get "non-SYN" errors, even after creating a rule to allow
External->Local for the proxy traffic, and I get "bad gateway" when I just
server publish either 8080 to the internal or even a custom protocol.
Something's just not right. Anyone? Beuller? Anyone?
t
--------------------
"Tom Shinder has custom condoms made out of Chuck Norris' junk."
Timothy "Raging Haggis" Mullen
thor@xxxxxxxxxxxxxxx<mailto:thor@xxxxxxxxxxxxxxx>
www.hammerofgod.com<http://www.hammerofgod.com>
Other related posts:
