Transcript Implementing TMG Server Publishing

Implementing TMG Server
Publishing
6NPS – Session 10
Objectives
• Configuring Server Publishing
• Configuring TMG Authentication
Class configuration – Using
additional switches
Client1
Server1 – 192.168.17.5
TMG
Internet
DC1
IIS – Web & FTP
RRAS – VPN Connectivity
Server Publishing Configuration
Options
• Server publishing rules configuration:
Action
Traffic
Traffic source
Traffic destination
Networks
Schedule
How Server Publishing Works
Media Publishing Rule: Port 1755
mms://media.cohovineyard.com
CohoVineyard Media Site
CohoVineyard FTP Site
TMG
ftp://ftp.cohovineyard.com
FTP Publishing Rule: Port 21
How to Configure a Server
Publishing Rule
Server Publishing Rule Wizard configuration:
Select server
to publish
Select protocol
Select IP addresses
where clients
will connect
How to Publish Media Services
TMG includes protocol definitions and application
filters for:
Microsoft Media Streaming protocol (MMS)
 Uses either TCP port 80 or TCP and UDP port 1755
 Enables access for Windows Media Player client
Progressive Networks protocol (PNM)
 Also called RealNetworks Streaming Media protocol
 Uses TCP port 7070
 Enables access for RealPlayer 5.0 and earlier clients
Real Time Streaming Protocol (RTSP)
 Uses port 554 for fast access and port 80 for slower access
 Enables access to media created and read with
RealSystem G2 tools
How to Publish Microsoft
SharePoint Portal Server
• A portal can present different types of information
stored on different servers on the internal network
TMG can securely publish this information to the
Internet using:
Web publishing to publish the HTTP and HTTPS content
using path mapping and link translation to hide the
complexity of the internal network configuration
Flexible authentication to grant only the required level of
access
Server publishing to publish services running protocols
other than HTTP or HTTPS
SSL bridging and tunneling to secure network traffic
on the Internet
How to Troubleshoot Web and
Server Publishing
To troubleshoot Web and server publishing issues:
Check the resource availability
Check the DNS records
Check the error message
Check which ports the TMGis listening on
for connections
Check the publishing rule configuration
Check the SSL configuration and certificates
How Authentication and Web
Publishing Rules Work Together
TMG uses authentication to grant access to publishing
rules:
When the publishing rule specifies a user set other
than the All Users group
Based on the Web listener authentication methods
specified for a Web publishing or secure Web
publishing rule
By processing the firewall rules in order of priority.
When a firewall rule matches, but requires
authentication, TMG will prompt for
user credentials
TMG Web Publishing
Authentication Scenarios
Web Server
authentication
TMG
authentication
TMG
TMG and Web server authentication
Using RADIUS for Authentication
RADIUS Server
RADIUS Client
TMG
Domain
Controller
Using RADIUS for authentication means that TMG can authenticate
users based on their Active Directory credentials without requiring
that the computer running TMG be a member of an Active
Directory domain
How to Implement RADIUS Server
for TMG Authentication
To implement RADIUS authentication:
1
Install and configure IAS to use Active Directory
for authentication and configure the TMG as a
RADIUS client
2
Configure the Active Directory user accounts or
configure remote access policies to enable dial-in
access
3
Configure TMG to use the RADIUS server and
configure a Web listener to use RADIUS
authentication
Practice: Configuring Server
Publishing
• Configuring a New Server Publishing
Rule
• Testing the Server Publishing Rule
Web1
WWW
TMG
Internet
DC1