Defining network rules

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Network rules determine the relationship between two Forefront TMG networks. Networks can have either a route or network address translation (NAT) relationship.

Although network relationships are most commonly defined between networks, they can also be applied to other network objects, such as computer sets or IP address ranges.

Configuring network rules

You can create new network rules and modify or delete existing rules, in the Forefront TMG Management console, in the Networking node.

To create or edit a network rule

1. On the Network Rules tab, on the Tasks tab, click Create a network rule.

2. Complete the New Network Rule Wizard. Do the following on the specified pages:

   • On the Network Traffic Sources page, specify the source network.

   • On the Network Traffic Destinations page, specify the destination network.

   • On the Network Relationship page, select either Network Address Translation (NAT) or Route.

   • On the NAT Address Selection page, select the option used by Forefront TMG to determine the NAT address used to hide computers in the traffic sources.

     Note

     Route relationships are bidirectional, so that if a route relationship is defined from source network A to destination network B, an implicit route relationship also exists from network B to network A. Client requests are routed between networks with source and destination IP addresses unchanged. NAT relationships are unidirectional, and NAT is performed to hide IP addresses. For more information, see Network relationships.