• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

proxy non-http traffic?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> proxy non-http traffic? Page: [1]
Message << Older Topic   Newer Topic >>
proxy non-http traffic? - 14.Jan.2010 11:39:03 AM   


Posts: 15
Joined: 21.Jan.2009
Status: offline
Hi, sounds a silly question but I am trying to understand if it is possible to proxy non-http traffic? I am using TMG 2010 enterprise in a standalone config. I know default functionality is there for http/s but I was unsure how things worked when other traffic is involved? In this scenario I am talking about an application on a workstation needing to communicate externally.
Q. Do you simply use FW rules to allow/deny the traffic accordingly? if so would this simply not route the traffic rather than the proxy server retrieving it on behalf of the application?
Q. Does this only work with a FW client installed?
Apologies for this moment of dimness I am experiencing...
Post #: 1
RE: proxy non-http traffic? - 14.Jan.2010 3:04:33 PM   


Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Hi Andy,

Absolutely. You'll need to install the TMG firewall client in order to provide this functionality. The TMG firewall client is a layer service provider and will transparently intercept calls from winsock applications and forward them to the proxy server. You'll need to create access rules for the communication you wish to allow, of course.


Richard Hicks - Forefront MVP

(in reply to andymoss)
Post #: 2
RE: proxy non-http traffic? - 14.Jan.2010 5:37:03 PM   


Posts: 15
Joined: 21.Jan.2009
Status: offline
Thanks Rich. I wondered if that was the case. So...I have the following scenario:
- 2 AD Forests with Forest Kerberos trust between them.
- Backend servers in both forests sit on vlans with direct comms to the other forest.
- Workstations sit on different vlan and can only access the servers in their own forest for security.
- Clients access local TMG which can see local and remote forest server vlans. Proxy is running in a single NIC config and set to route web traffic.
We have a requirement for client winsock apps in one domain to be proxied across to the other domain to access network services as they cannot access directly.
A reverse proxy should not be requried as backed servers can talk to one another so will just the FW client be required to fulfil this scenario to allow forward proxy for the application? should the TMG server be in a NAT mode and would this require a multiple NIC config instead?
many thanks

(in reply to richardhicks)
Post #: 3
RE: proxy non-http traffic? - 15.Jan.2010 8:14:43 AM   


Posts: 15
Joined: 21.Jan.2009
Status: offline
to re-phrase my previous post, our clients use the TMG server for their default gateway so all traffic (browser & application) not resolved on the LAN with go to TMG.
In this scenario will the client FW still be required or do I just need to configure TMG with the necessary access rules only?

(in reply to andymoss)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> proxy non-http traffic? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts