If I have a rule that is passing thru the request (external) to a backend server and the backend server is performing the login request; I am sure that TMG is doing nothing with this request but just passing the traffic thru, no https inspection etc.. but I want to make sure before opening my mouth.
We are implementing Ping Identy as a signle signon but these servers will reside on the inside of the network. I have not found anykind of information on the two applications working together.
You must set non-web server publishing rule. You must know communication specification to allow just needed protocols and ports! And yes, if you just pass traffic through TMG, TMG will not ask for authentication except you set such rule, looking for authentication.
you're talking inbound traffic. If you have a NAT relationship between networks (internal and external for example) you need to set up a publishing rule. When having a ROUTE relationship, it can be done using a simple accesss-rule.
Publishing rules allow for single-sign on, using sign-on delegation for example, too.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
To give a more though and accurate response, what you say is true if it is a Non-Web Server Publishing Rule, and it might be true if it is a Web Publishing Rule depending on how you setup the Authentication part of the Rule.
Well what I was wondering was "Why" should we put this thru TMG if all I am doing is allowing the 443 request to pass thru to the internal web server. If TMG is acutually inspecting the 443 traffic before it passes it thru to the internal server than that would be reason enough to have it go thru TMG.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
You have a lot more control over things with a Web Publishing Rule, particularly when multiple web site become involved. However, yes, that is more apparent with HTTP than HTTPS.
A Non-Web Server Publishing Rule is just a simple straight Reverse-NAT with pretty much no ability to tweek anything. It also does not have a Web Listener so you loose any capabilities the Listener gives you.
You'll just have to compare the two and see what you want to use,...but yes,..you can use either one.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Question on a passthrough traffice? 
Question on a passthrough traffice? - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread