Defining network rules
Published: November 15, 2009
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
Network rules determine the relationship between two Forefront TMG networks. Networks can have either a route or network address translation (NAT) relationship.
Although network relationships are most commonly defined between networks, they can also be applied to other network objects, such as computer sets or IP address ranges.
You can create new network rules and modify or delete existing rules, in the Forefront TMG Management console, in the Networking node.
To create or edit a network rule
On the Network Rules tab, on the Tasks tab, click Create a network rule.
Complete the New Network Rule Wizard. Do the following on the specified pages:
On the Network Traffic Sources page, specify the source network.
On the Network Traffic Destinations page, specify the destination network.
On the Network Relationship page, select either Network Address Translation (NAT) or Route.
On the NAT Address Selection page, select the option used by Forefront TMG to determine the NAT address used to hide computers in the traffic sources.
Note: Route relationships are bidirectional, so that if a route relationship is defined from source network A to destination network B, an implicit route relationship also exists from network B to network A. Client requests are routed between networks with source and destination IP addresses unchanged. NAT relationships are unidirectional, and NAT is performed to hide IP addresses. For more information, see Network relationships.
- On the Network Traffic Sources page, specify the source network.
|The predefined Local Host Access network rule cannot be deleted.|