ForeFront TMG in a single-leg DMZ configuration

Stupid mistake, but I’ve been struggling with getting ISA/ ForeFront to work after switching off our DMZ Domain Controller.

The easy fix is… configure your primary firewall to allow domain services (Kerberos etc) between the LAN and the DMZ. Then alter your DMZ’s NIC to use a LAN DC (as opposed to the DMZ’s DC) as it’s DNS lookup. Otherwise it has no idea where anything is.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s