• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

web publishing

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> web publishing Page: [1]
Login
Message << Older Topic   Newer Topic >>
web publishing - 2.Feb.2012 6:31:52 AM   
rohangaur

 

Posts: 31
Joined: 4.Aug.2010
Status: offline
Hello all

I want to publish a website on tmg 2010 I have two NIC configured internal and external and it is a simple Edge confguration. how can I publish a website in this configuration

If I have a firwall (just one)with 3 NIC internal and external Perimeter. do I need to configure SPLIT DNS  what would be its configration(ip address) or do I need to configure a public dns server as well.
kindly help

_____________________________

Rohan Gaur
System Administrator.
Post #: 1
RE: web publishing - 2.Feb.2012 12:05:05 PM   
Rievax

 

Posts: 50
Joined: 13.Oct.2004
Status: offline
Hello Rohangaur,

quote:


I want to publish a website on tmg 2010 I have two NIC configured internal and external and it is a simple Edge confguration. how can I publish a website in this configuration


Well, this is one of the most basic things you can do in TMG. First, you have to be sure your external and internal NIC are correctly configured. Second, in order to publish a web site, you will have to know what public IP address(es) your service provider assigned you - and add it (them) to your external NIC. Third, in TMG, right click on Firewall Policy and select New --> Web Site Publishing Rule... and follow the wizard. Remember to first configure your host header on your internal web server if the web site you want to publish is not the default one. Fourth, edit your public DNS and create a host or alias entry to reflect your new public web site information. Fith, from an external connection (not from your LAN, but from home for example - or ask someone outside from your compagny - or use an online anonymizer site), try to browse your new published web site.

TMG's documentation explains in details most of those steps.


quote:


If I have a firwall (just one)with 3 NIC internal and external Perimeter. do I need to configure SPLIT DNS  what would be its configration(ip address) or do I need to configure a public dns server as well.
kindly help

A split DNS is used in case your LAN users want to use published ressources (internal or perimeter) using the exact same DNS names as an external users. Draw yourself a diagram with internet users, internal users and your firewall in between with a perimeter, then ask yourself how the external users are resolving the published ressource name. Then do the same exercise with the internal users. You will then understand why / if a split DNS is needed in your case. And yes, a public DNS will have to be configured in that case to serve external users. You can either use a professional service on the Internet (your domain name registrar may give it to you for free) or maintain a public DNS yourselft in your perimeter zone. This public DNS will only answer public request coming from the Internet. Finding information on a split DNS on IsaServer.Org is very easy. Please read the numerous articles and tutorials first, then ask a more specific question in the forum.

Hope this helps.

X.

(in reply to rohangaur)
Post #: 2
RE: web publishing - 3.Feb.2012 4:00:54 AM   
rohangaur

 

Posts: 31
Joined: 4.Aug.2010
Status: offline
Hello Rievax

Thanks for reply. In the first scenario with 2 NIC the fourth step "edit your public DNS and create a host or alias entry to reflect your new public web site information." is this web server our ISP 's pubilc DNS or the one that I have internally if it is ISP's public dns do I need to call them to make entry there for our website.

2) The external NIC ip address is 1.1.1.1 {for example} do I need to get my domain name registered against this public ip address.(though we have a block of public ip address and where can we use those unused ip address.

_____________________________

Rohan Gaur
System Administrator.

(in reply to Rievax)
Post #: 3
RE: web publishing - 3.Feb.2012 7:44:50 AM   
Rievax

 

Posts: 50
Joined: 13.Oct.2004
Status: offline
Rohangaur,

1) By "public web site" I mean the web site you are trying to publish. By "public DNS" I mean the DNS service you are going to use in order to resolve the name of your "public web site" for Internet users - weather it is your ISP's one or another one you selected. And yes, we are talking about a public facing DNS. Calling or not your ISP all depends on if your public domain name is registered and pointing to their servers. Go back to my second answer about your question regarding split DNS: draw yourself a diagram and try to understand first how people (External and Internal) are trying to access your web site (the "public web site" you are trying to publish). This brings us to the second point too:

2) Your ISP probably gave you a block of public IPs along with your Internet connectivity. First, verify that this block has been statically assigned to you (i.e. it will never changer as long as you are with this ISP). If this is the case, ANY requests sent to this IP address block will be forwarded to the router the ISP gave you when you installed the Internet connection. You probably assigned one of this IP address on your TMG server already. The other ones can also be assigned to your public facing NIC as secondary IPs but since you can publish multiple web sites behind the IP you already assigned to your TMG server, don't bother for now.
When you register a public domain name, you also have to specify Name Servers (i.e. the DNS servers that will be used to host your domain DNS entries). Let's take an example: you registered the domain name "mydom.com" and your ISP offers you free DNS hosting along with your connection. Edit your domain name Name Servers' entries and point them to your ISP's DNS servers. Edit you ISP's DNS entries to reflect the group of IPs you have. If one of your external IP is 1.1.1.1 (the one you already assigned to your TMG server's external NIC) then add the following to your external DNS: www.mydom.com [HOST (A entry)] = 1.1.1.1. Even if you have multiple sites, you can publish them under the same public IP address since the TMG server can "route" the traffic based on the host header. For example, you can have another host entry pointing to the same IP: www2.mydom.com [HOST] 1.1.1.1.

Hope this helps more than confusing it :-) Be patient, draw yourself a diagram, and I'm sure your will figure this out by taking a step back. Have fun too.

Regards,

X.

(in reply to rohangaur)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> web publishing Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts