About dial up connections for chaining

  • Article

[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

Web chaining and Firewall chaining rules can be configured to use a dial-up connection to route requests directly to the specified destination (usually the Internet) or to an upstream server. Note the following limitations for this type of dial-up connection:

  • You can only configure automatic dialing on one network.

  • Customized routes are not supported. For example, if Forefront TMG dials a remote network that is not the default gateway, this requires a custom route.

  • Forefront TMG uses the local domain table (LDT) to determine whether a request from Firewall clients is for an internal computer (in the LDT) or whether dialing out is required. There may be an issue with connections being constantly dialed if clients make a dial-up request for a URL that is not defined in the LDT. For ISA Server 2004, this issue is fixed in Service Pack 3. You should limit when Forefront TMG dials out as follows:

  • Configure the LDT so that it includes the names of all internal computers. Then Forefront TMG will not have to dial out to an external DNS server to determine that the requested computer is actually internal.

  • Allow dialing out only when accessing specific networks.

Closing dial-up connections

After Forefront TMG dials out to the Internet, the connection is maintained until one of the following occurs:

  • Forefront TMG dialed the connection, and the Microsoft Firewall service is subsequently stopped.

  • Forefront TMG dialed the connection, and while connected, you change the ISP used by Forefront TMG.

  • The dial-up entry reaches a predefined idle time and therefore terminates the connection.

Copyright © 2009 by Microsoft Corporation. All rights reserved.