Publishing a Single Server Pool or Load Balancer
After the web listener is
created, a web publishing rule can be created. The process for this rule
creation differs slightly depending on whether the pool consists of
only a single member, or whether the reverse proxy should publish the
load balancer. In either of these cases, use the following steps. If the
built-in load balancing features of Forefront Threat Management Gateway
are used for external load balancing to create the rule.
1. | Right-click Firewall Policy, select New, and select Web Publishing Rule.
|
2. | Name the rule descriptively and click Next.
|
3. | Select Allow and then press Next.
|
4. | Select Publish a single web site or load balancer and click Next.
|
5. | Select Use SSL to connect to the published Web server or server farm and click Next.
|
6. | Enter the internal site name and the fully qualified name of the internal pool and click Next.
Tip
Be sure the Threat
Management Gateway server can resolve the name in DNS. If not, enter the
IP address of the internal server or load balancer.
|
7. | In the Path field, enter a /* to publish all internal paths behind the previously entered site name. Be sure to select the Forward the original host header instead of the actual one specified in the Internal site name field on the previous page check box. Click Next.
Caution
Forwarding
the original host header was not important in OCS 2007, but is critical
when using simple URLs for dial-in conferencing and meetings. If the
original header is not forwarded, the Front End server can’t tell
whether the client requested meet.companyabc.com or lyncwebservices.companyabc.com. This can prevent external users from joining meetings.
|
8. | In the Accept requests for selection, leave This domain name selected and enter the public FQDN of the external web services defined in the Topology Builder. Leave the Path field with the /* string, as shown in Figure 2, and then click Next.
|
9. | In the Web Listener selection box, choose the web listener created in an earlier step, and then click Next.
|
10. | In the Authentication Delegation method, select No delegation, but client may authenticate directly, and then click Next.
|
11. | Leave the All Users set in the list and then click Next.
|
12. | Click Finish to complete the rule.
|
Publishing a Pool with Multiple Servers
If the load-balancing
capabilities of Threat Management Gateway are used to publish multiple
Front End Servers in a pool, use the following steps:
1. | Right-click the Firewall Policy, select New, and select Web Publishing Rule.
|
2. | Name the rule descriptively and click Next.
|
3. | Select Allow and click Next.
|
4. | Select Publish a server farm of load balanced Web servers and click Next.
|
5. | Select Use SSL to connect to the published Web server or server farm and click Next.
|
6. | Enter the internal site name and the fully qualified name of the internal pool and click Next.
|
7. | In the Path field, enter a /* to publish all internal paths behind the previously entered site name. Click Next.
|
8. | Click New to create a new web server farm.
|
9. | Name the web server farm and click Next.
|
10. | Click the Add button and enter the name of a Front End Server or IP address if Threat Management Gateway cannot resolve internal DNS. Click OK and repeat for any additional Front End Servers in the pool.
|
11. | Click Next after all servers are defined in the farm, as shown in Figure 3.
|
12. | In the method used to monitor server farm connectivity, select Establish a TCP connection and enter port 4443. Click Next.
|
13. | Click Finish to complete the web farm creation.
|
14. | Ensure Cookie-based Load Balancing is selected and then click Next.
|
15. | In the Accept requests for selection, leave This domain name selected and enter the public FQDN of the external web services defined in the Topology Builder. Leave the Path field with the /* string and then click Next.
|
16. | In the Web Listener selection box, choose the web listener created in an earlier step and click Next.
|
17. | In the Authentication Delegation method, select No delegation, but client may authenticate directly and click Next.
|
18. | Leave the All Users set in the list and click Next.
|
19. | Click Finish to complete the rule.
|
