About publishing Web servers
Published: November 15, 2009
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
When publishing Web servers, Forefront TMG uses Web publishing rules to allow or deny access to internal Web applications, based on access policies. You can restrict access to specified users, computers, or networks, require user authentication, and inspect the traffic between clients and the publishing servers.
The following sections provide information to help you plan for Web server publishing:
Supported Web publishing scenarios
Forefront TMG supports the following Web publishing scenarios:
Publishing Web servers over HTTP—Publish a single Web site or load balancer, multiple Web sites, or a server farm over HTTP. For details, see Publishing Web Servers over HTTP.
Publishing Web servers over HTTPS—Publish a single Web site or load balancer, multiple Web sites, or a server farm over HTTPS. For details, see Publishing Web Servers over HTTPS.
Note: When publishing over HTTPS, a server certificate must first be installed on the Forefront TMG computer, to authenticate Forefront TMG to the client computer. For details, see Planning for server certificates.
Redirecting HTTP to HTTPS, and vice versa—You can publish Web servers so that the connection between client computers and the Forefront TMG server uses one protocol, while the connection between the Forefront TMG server and the published Web servers uses the other. For example, you can connect to client computers over HTTPS, and establish an HTTP connection between the Forefront TMG server and the published Web server or servers.
Outlook Web Access publishing—Outlook Web Access is the Exchange mail service that allows users to access their Exchange mailbox from a Web browser. There are two versions of Outlook Web Access:
Outlook Web Access Light—Supports accessibility features for users who are blind or have low vision, and runs on most Web browsers. It provides a simplified user interface and reduced feature set compared with Outlook Web Access Premium.
Outlook Web Access Premium—Requires Microsoft Internet Explorer 6 or later versions, and provides features that are currently not available in the Light version, such as Unified Messaging and the ability to check spelling.
- Outlook Web Access Light—Supports accessibility features for users who are blind or have low vision, and runs on most Web browsers. It provides a simplified user interface and reduced feature set compared with Outlook Web Access Premium.
Outlook Mobile Access publishing—Outlook Mobile Access is the Microsoft Exchange Server 2003 mobile browse solution (supported only for Outlook Web Access 2003). It generates HTML, xHTML, and cHTML markup for display on mobile devices that are on the approved device list. For publishing details, see Configuring Outlook Mobile Access Publishing.
ActiveSync publishing— Exchange ActiveSync is a Microsoft Exchange synchronization protocol that is optimized to work together with high-latency and low-bandwidth networks. The protocol, based on HTTP and XML, lets devices, such as browser-enabled cellular telephones or Microsoft Windows Mobile powered devices, access an organization's information on a server that is running Microsoft Exchange. Exchange ActiveSync enables mobile device users to access their e-mail, calendar, contacts, and tasks, and to continue to access this information while they are working offline. For publishing details, see Configuring ActiveSync Publishing.
SharePoint publishing— Microsoft SharePoint Products and Technologies provide a host of features and functionalities for Collaboration, Portal, Search, Enterprise Content Management, Forms Driven Business Process, and Business Intelligence. For publishing details, see Configuring SharePoint publishing.
Note: Forefront TMG is compatible with the Alternate Access Mappings feature of SharePoint Products and Technologies.
About Web listeners
Each Forefront TMG Web publishing rule is assigned a Web listener. The Web listener “listens” for incoming connections on the defined networks or IP addresses and ports. It also defines the number of concurrent client connections that are allowed on the connection, and the authentication method that is used if authentication is required.
|A Web listener can be used by more than one Web publishing rule.|