Planning for requests to published servers

  • Article

Microsoft Forefront Threat Management Gateway provides publishing rules to allow access to internal Web servers and non-Web servers from clients located in other networks. Forefront TMG uses the following:

  • Web publishing rules allow access to internal Web servers.
  • Server publishing rules allow access to non-Web servers.
  • For more information, see Overview of firewall policy.

When Forefront TMG receives a request for a published server, it determines whether the request is allowed and then routes the request to the published server.

  • For Web servers, by default, Forefront TMG does not pass the IP address of the original requesting client to the published server. Instead, Forefront TMG substitutes its own IP address for the original IP address that is specified in the packet. As a result, all requests that are routed to the published server appear to have originated from the same IP address, that of the Forefront TMG computer. For more information, see Overview of Web publishing concepts.
  • For server publishing rules, Forefront TMG passes the IP address of the original requesting client to the published server. For more information, see Overview of non-HTTP server publishing.

Some applications require actual identification by the actual requesting client. When you publish these applications, you can configure Forefront TMG to forward requests with the IP address of the requesting (source) client.