Create Trunk Wizard Help

Published: January 11, 2010

Updated: July 31, 2012

Applies To: Unified Access Gateway

Use the Forefront Unified Access Gateway (UAG) Create Trunk Wizard to create a Web portal for publishing multiple applications and resources. You can create an HTTP or HTTPS trunk, thus specifying whether a remote endpoint should access the portal over an HTTPS or HTTP.

This topic provides a summary of the settings you can configure in the wizard:

Select Trunk Type page

Select trunk settings.

Portal trunk
Select this option to publish multiple applications and resources via a single portal site. You must also select this option when you are using Active Directory Federation Services (AD FS) 2.0 for trunk authentication.

Publish Exchange applications via the portal
Select this option to publish Exchange in the portal.

Active Directory Federation Services (AD FS) 1.x trunk
Select this option when you are using AD FS 1.x trunk authentication.

Setting the Trunk page

Configure basic trunk settings.

Trunk name
Specify the name of the trunk. This name is assigned to the Web site that is created in IIS running on the Forefront UAG server. Within the set of HTTP connections and HTTPS connections, each trunk name must be unique. The trunk name cannot contain the public host name.

Public host name
Specify the host name used by client endpoints to reach the Web site. The host name must contain at least two periods.

IP address
Specify the external IP address used to reach the published Web application or portal.

Array Member
If the Forefront UAG server is part of an array, click the server entry in the IP address column, and select the external IP address of this array member.

HTTP port; HTTPS port
Specify the port for the external Web site.

Authentication page

On the Authentication page, select authentication servers that are used to validate user credentials for Web sessions. You can specify multiple authentication servers. If you create a portal with multiple authentication servers, you can configure portal properties to allow users to select an authentication server from a server list.

Session authentication servers
  • Add─Click to select the authentication server against which clients should authenticate to establish a portal session. In the Authentication and Authorization Servers dialog box, select a server and click Select. To add a new server to the list, click Add.

    • Click User selects from a server list to specify that users will be prompted to select an authentication server during portal login. If you configure one authentication server, users will authenticate to that server only.

    • Select the Show server names check box to allow users to select an authentication server from a drop-down list. Otherwise, users must type in the server name.

    • Click User provides credentials for each selected server to prompt users to authenticate to all the specified authentication servers during session login.

    • Select the Use the same user name check box to specify that users must enter a single user name that will be used to authenticate to all specified authentication servers.

  • Remove—Select an authentication server from the list and then click Remove to specify that the server should no longer be used to authenticate clients requesting access to a portal session.

Certificate page (HTTPS trunks only)

On the Certificate page, select the server certificate that will be used to authenticate the Forefront UAG server to the endpoint.

Server certificate
In the Server certificate drop-down list, select the server certificate that will be used to authenticate the Forefront UAG server.

Forefront UAG supports wildcard certificates at the domain level and subdomain level. Wildcard certificates in the form * are supported. In addition the SAN certificate can specify the required host names. Forefront UAG will issue an alert if wildcard certificates are in the form * or *.*

Launch Certificate Manager
Click to open the Certificate Manager Microsoft Management Console (MMC). Using Certificate Manager, you can import a certificate into the IIS Certificate store, as follows:

  • On the Action menu of Certificate Manager, click All Tasks, and then click Import.

  • Follow the instructions in the Certificate Import Wizard.

Endpoint Security page

On the Endpoint Security page of the Create Trunk Wizard, control access to portal, by selecting policies that allow or deny access based on the health of client endpoints.

Use Forefront UAG access policies
Select to determine the health of client endpoints using in-built Forefront UAG access policies.

Use Network Access Protection (NAP) policies
Select to determine the health of client endpoints using Network Access Protection (NAP) policies downloaded from a Network Policy Server (NPS) server.