Configuring Web proxy clients

Web proxy clients are applications that make HTTP, HTTPS, or FTP-over-HTTP download requests to the TCP port on which Microsoft Forefront Threat Management Gateway listens for outbound Web requests in the client network. A Web proxy client is any application that is:

  • CERN-compatible. That is, it understands the correct method for making a Web proxy request.
  • Provides a means for clients to specify a name (or IP address) and port to be used for Web proxy requests.

Web proxy clients display the following characteristics:

  • An application running on a client computer in an internal network can be a Web proxy client if it makes requests as described above. Typically, clients are Web browser applications that comply with HTTP 1.1. Either the browser specifies Forefront TMG as a proxy, or the browser uses automatic detection to receive proxy settings from another server.  
  • Clients use automatic detection to discover the Forefront TMG server to be used for Web proxy requests. For more information, see About preparing clients for automatic detection.
  • Protocols are limited to HTTP, HTTPS and FTP download requests only.
  • Clients can authenticate to Forefront TMG using Basic, Digest/WDigest, or Integrated authentication. For more information, see About Web access authentication.
  • Forefront TMG resolves requests on behalf of Web proxy clients.

Configuring Web proxy clients consists of the following steps:

  • Enable an internal or perimeter network to listen for requests from Web proxy clients. Forefront TMG listens for outbound Web requests from clients located in the default Internal network on port 8080. For more information, see Enabling a network to receive Web proxy requests.

Configure browser clients to use Forefront TMG as a Web proxy as follows:

  • Manually specify a static proxy in the browser settings.
  • Alternatively, use an automatic detection method so that clients use a configuration script or the WPAD protocol to discover which proxy server they should use. For more information, see About selecting an automatic discovery mechanism.

For clients with Firewall client software installed, you can configure client Web browser settings in Forefront TMG Management. These settings are pushed to clients following installation, on demand, or periodically. For more information, see About Firewall clients.

Web proxy clients can be configured to directly access resources located in their own network and to bypass the proxy for specific domain names and addresses. For more information, see Bypassing Forefront TMG for Web proxy client requests.