Configuring network settings

The Network Setup Wizard section of the Getting Started Wizard helps you to configure your Microsoft Forefront Threat Management Gateway network topology. For information about running the Getting Started Wizard, see Configuring initial deployment settings.

Running the Network Setup Wizard

To run the Network Setup Wizard, do the following.

To run the Network Setup Wizard

1. In the Getting Started Wizard, click Configure network settings.

2. On the Network Template Selection page, select the following setting that most closely matches your Forefront TMG network topology:

   • Select Edge firewall if you have two network adapters connected to different networks and Forefront TMG is located at the network edge. Forefront TMG may be connected to the local area network (LAN) directly or through a router or another firewall.
   • Select 3-Leg perimeter if you have network adapters connected to three different networks: the Internet, the corporate LAN, and a perimeter network.
   • Select Back firewall if Forefront TMG is not located at the edge and has the following two network adapters connected to different networks: a LAN (connected either directly or through a router or another firewall) and a perimeter network or edge security device.
   • Select Single network adapter if Forefront TMG has one network adapter connected to the LAN or to a perimeter network. There are a number of feature limitations in this scenario. For more information, see About single network adapter limitations.

3. On the Local Area Network (LAN) Settings page, in Network adapter connected to the LAN, select the adapter connected to the main corporate network, and then specify an IP address.

   If you selected to apply the single network adapter template, you have the additional option of using a dynamic IP address allocated by DHCP.

   If you selected a setting other than the single network adapter template, only a static IP address is supported for this adapter. If the LAN contains subnets, in Specify additional static routes for this network adapter, add static routes.

4. On the Internet Settings page, select the adapter connected to the Internet. You should set a default gateway on only one of the Forefront TMG network adapters. This is usually the network adapter associated with the Internet. Configure only a single default gateway on a network adapter. 

   If your Internet service provider (ISP) allocates a dynamic IP address, select Obtain an IP address automatically.

   If your ISP allocates a static IP address, select Use the following IP address.

5. If you have a third network adapter, on the Perimeter Network Settings page, select the network adapter connected to the perimeter network.

   If you want to apply network address translation (NAT) to traffic between the perimeter network and the LAN, hiding internal IP addresses, in What type of IP addresses do servers in the perimeter networks use, select Public. Traffic between the perimeter network and the Internet is routed.

   If you want to apply NAT to traffic between the perimeter network and the Internet, hiding internal IP addresses, in What type of IP addresses do servers in the perimeter networks use, select Private. Traffic between the perimeter network and the LAN is routed, exposing internal addresses.