Configuring network rules

Network rules determine the relationship between two Forefront TMG networks. Networks can have either a route or network address translation (NAT) relationship.

Although network relationships are most commonly defined between networks, they can also be applied to other network objects, such as computer sets or IP address ranges. For more information about other types of network objects, see Network objects.

Where to start. To create new network rules and modify or delete existing rules, in the Forefront TMG Management console, click the Networking node.

  1. On the Network Rules tab, click Create a network rule on the Tasks tab.

  2. Complete the New Network Rule Wizard.


  • On the Network Traffic Sources page, specify the source network.
  • On the Network Traffic Destinations page, specify the destination network.
  • On the Network Relationship page, select either a route or NAT relationship. Route relationships are bidirectional, so that if a route relationship is defined from source network A to destination network B, an implicit route relationship also exists from network B to network A. Client requests are routed between networks with source and destination IP addresses unchanged. NAT relationships are unidirectional, and NAT is performed to hide IP addresses. For more information, see About connecting networks.

  1. On the Network Rules tab, right-click the required rule in the details pane, and then click Properties.

  2. On the General tab, select Enable to enable the network rule. Clear Enable to disable the rule.

  3. On the Source networks tab, you can add a source network, modify the properties of an existing network, or delete a network:

    • To add a source network, click Add in the Add Network Entities dialog box, click to expand Networks, and then select the network. Click Add, and then click Close.
    • To modify network properties, select a network, and then click Edit. You can only modify the properties of the default internal network or of custom internal or perimeter networks you have created.
    • To delete a network, select it, and then click Delete to remove the network from the rule.

  • On the Network Rules tab, right-click the required rule in the details pane, and then click Delete.

The predefined Local Host Access network rule cannot be deleted.