Export (0) Print
Expand All
1 out of 1 rated this helpful - Rate this topic

Forefront TMG or ISA Server 2006 deployed as a network gateway

Published: November 15, 2009

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

BranchCache traffic must be able to traverse any gateway deployed between the corporate network and the branch. This topic refers to cases where Forefront TMG or ISA Server 2006 is deployed as a gateway, and BranchCache Hosted Cache is deployed on a different server.

When Forefront TMG is deployed a gateway between the corporate network and the branch, no explicit policy is needed to allow BranchCache traversal between the Branch and the Corporate Network. By default, Forefront TMG blocks all traffic between the branch and the corporate network, so to allow access to Line Of Business (LOB) applications via HTTP or HTTPS, a Forefront TMG policy must be configured accordingly. BranchCache protocols are implemented on top of normal HTTP and HTTPS transport, and Forefront TMG recognizes that and allows BranchCache just like regular HTTP/HTTPS. Thus, BranchCache traffic traversal across Forefront TMG (as opposed to, from or to Forefront TMG) will be seamlessly allowed by the same HTTP/HTTPS policy that enables access to the LOB applications.

ISA Server 2006 does not recognize BranchCache traffic and therefore cannot validate it. As a result, by default, ISA Server 2006 blocks the BranchCache traffic to reduce the risk. To allow BranchCache traversal between the Branch and the Corporate Network, you must disable the ISA Server 2006 compression web filter.

TipTip:
Disabling the compression web filter will also allow any unrecognized Accept-Encoding content to pass-through. The newer version, namely Forefront TMG, recognizes BranchCache traffic (as well as other known encodings) and allows it to pass through, while blocking unrecognized traffic. On top of that, Forefront TMG anti-malware and network inspection (NIS) features scan the traffic for any malicious code and known attacks before passing the traffic through.

To disable the compression filter on ISA Server 2006:

  1. Select the system node.

  2. Click the Web-filters tab.

  3. Double click on the Compression Filter entry to open the filter properties.

  4. Clear the Enable This Filter check box.

  5. Click OK, and then click Apply to implement the change.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.