Configuring Web Publishing Rules
Web publishing rules are used by Forefront
TMG Server to securely publish internal resources over the Internet. In
addition to providing web service URLs for the various Lync Server
virtual IIS directories, it is also necessary to create publishing
rules for simple URLs and the LyncDiscover service. For each simple
URL, it is necessary to create an individual rule on the reverse proxy
that references that URL. The following procedures can be used to
create web publishing rules:
1. Log on to the Forefront TMG Server.
2. Click Start, All Programs, Microsoft Forefront TMG, and Forefront TMG Management.
3. In the left pane, expand the name of the TMG Server.
4. Right-click Firewall Policy, click New, and click Web Site Publishing Rule, as shown in Figure 1.
Figure 1. Creating a new website publishing rule.
5. On the Welcome to
the New Web Publishing Rule page, enter a name for the publishing rule
that will be easy to reference in the future. Click Next.
6. On the Select Rule Action page, choose Allow. Click Next.
7. On the Publishing Type page, select Publish a Single Web Site or Load Balancer and click Next.
8. On the Server Connection Security page, choose Use SSL to Connect to the Published Web Server or Server Farm. Click Next.
9. On the internal
Publishing Details page, enter the FQDN of the internal web farm where
meeting content and the Address Book are hosted in the Internal Site
name box.
Note
The TMG Server must be able to resolve the
FQDN entered in step 9. If the TMG Server will not be able to reach a
DNS server that can resolve the FQDN, select Use a Computer Name or IP
Address to Connect to the Published Server, and then enter the IP
address in the Computer Name or IP Address box, as shown in Figure 2.
Figure 2. Connecting to an IP address.
10. On the internal Publishing Details page, enter /* as the path of the published folder. Click Next.
11. On the Publish
Name Details page, verify that This Domain Name is selected under
Accept Requests For. Type the FQDN of the external web farm into the
Public Name box. Click Next.
12. On the Select Web Listener page, click New.
13. On the Welcome to
the New Web Listener Wizard page, enter a name for the new web listener
in the Web Listener Name box. Click Next.
14. On the Client Connection Security page, choose Require SSL Secured Connections with Clients. Click Next.
15. On the Web Listener IP address page, select External, and click Select IP Addresses.
16. On the external
Listener IP selection page, select Specified IP Address on the TMG
Server Computer in the Selected Network, select an IP address, and
click Add. Click Next.
17. On the Listener
SSL Certificates page, click Assign a Certificate for Each IP Address,
and select the IP address that was added in step 16. Click Select
Certificate.
18. On the Select Certificate page, select the certificate matching the public name selected in step 11, as shown in Figure 3, and click Select. Click Next.
Figure 3. Selecting the certificate.
19. On the Authentication Settings page, select No Authentication. Click Next.
20. On the Single Sign On Settings page, click Next.
21. On the Complete the New Web Listener Wizard page, click Finish.
22. Returning to the Select Web Listener page, select the listener that was just created and click Next.
23. On the Authentication Delegation page, select No Delegation but the Client May Authenticate Directly. Click Next.
24. On the User Sets page, click Next.
25. On the Completing the New Web Publishing Rule Wizard page, verify the rule settings and click Finish.
26. Click Apply to save the changes, as shown in Figure 4, and update the configuration.
Figure 4. Applying the firewall policy.
