1. You need Windows 2008 Sp1 R2 64 bit version then load the Forefront TMG from the Microsoft website - I have loaded it from MSDN
2. Login to the server using the user name which is in the same domain as your machine if the server already joined any domain.
3. Mount Forefront DVD iso then run installation wizard
4. Click Next until Define Internal Network click Add.. > Add Adepter.. > Select all then next
5. Wait…
6. Launch Forefront configuration wizard
7.Configure Network setting > select single network adepter > select LAN > fix ip address
8.Configure System setting Just next
9. Deployment option select No
10.Download isa_tpr.js
11. Run cmd as
admin
12. Modify HTTP and HTTPS port
range
C:\>cscript
isa_tpr.js
Microsoft
(R) Windows Script Host Version 5.8
Copyright
(C) Microsoft Corporation. All rights reserved.
This
is your current Tunnel Port Range list:
NNTP (single port): 563
SSL (port
range) : 443
C:\>cscript
isa_tpr.js /del SSL
C:\>cscript
isa_tpr.js /add HTTP 14000-15000
C:\>cscript
isa_tpr.js /add SSL 17000-18000
C:\>cscript
isa_tpr.js
Microsoft
(R) Windows Script Host Version 5.8
Copyright
(C) Microsoft Corporation. All rights reserved.
This
is your current Tunnel Port Range list:
HTTP (port
range) : 14000 --> 15000
NNTP (single port): 563
SSL (port
range) : 17000 --> 18000
13. Configure
firewall by select Firewall policy > tasks > create access rule >
enter name > allow > This rule applies
to all outbound traffic > add source and destination select both
external and internal > add user All authenticate and All user
14. Save
configure
15. Disable
HTTPS Inspection/Malware Inspection
16.
Save
configure and wait for 30-60 secs.
Result:
--
begin response --
HTTP/1.1
407 Proxy Authentication Required ( Forefront TMG requires authorization to
fulfill the request. Access to the Web Proxy filter is denied. )
Via:
1.1 FOREFRONT
Proxy-Authenticate:
Basic realm="FOREFRONT.rdc.reuters.com"
Connection:
close
Proxy-Connection:
close
Pragma:
no-cache
Cache-Control:
no-cache
Content-Type:
text/html
Content-Length:
721
Network Access Message: The page cannot be displayed |
-- end
response --
*** The
proxy requested a close (during authentication). Reconnecting. ***
CONNECT
192.168.27.33:14002 HTTP/1.1
User-Agent:
RFA/Java
Proxy-Connection:
Keep-Alive
Content-Length:
0
Host:
192.168.27.33:14002
Pragma:
no-cache
Proxy-Authorization:
BASIC QWRtaW5pc3RyYXRvcjpBcGlyZXV0ZXJzMQ==
--
begin response --
HTTP/1.1
200 Connection established
Via:
1.1 FOREFRONT
Connection:
Keep-Alive
Proxy-Connection:
Keep-Alive
-- end
response --
Connection established
to FOREFRONT:8080