Forefront TMG 2010: Basic Rules Required for Internet Access

As the sixth installment in the Installing Exchange: 2010 series, the Forefront TMG Firewall needs a few rules to be installed before one can access the internet from any point inside the network. Let’s take a look:

There are four rules that are required for internet browsing and basic exchange connectivity those rules allow ICMP traffic, DNS queries and DNS zone transfers, LDAP access, file sharing capabilities. To add these rules, use the following procedure:

  1. Open Forefront TMG
  2. In the Forefront TMG window, right click on Firewall Policy in the right-hand pane
  3. From the context menu, select New>Access Rule…
  4. In the New Access Rule Wizard window, enter the name of the rule as Allow Ping and click Next
  5. In the Rule Action page, click Allow and click Next

  6. On the Protocols page, click Add…
  7. In the Add Protocols window, expand Common Protocols and double-click PING and click Close

  8. Click Next
  9. In the Access Rule Sources page click Add…
  10. Expand the Networks folder and double-click External, Internal, and Local Host
  11. Click Close and click Next
  12. In the Access Rule Destinations page, click Add…
  13. Expand the Networks folder and double-click External, Internal, and Local Host
  14. Click Close and click Next
  15. Click Next
  16. Click Finish
  17. Repeat steps 2-16 for DNS/DNSServer, and LDAP, CIFS.
    Note: For DNS, select DNS and DNS Server in the Infrastructure folder in step 7. For LDAP, add the three protocols in the Infrastructure page that begin with LDAP. Microsoft CIFS(UDP/TCP) can be found in All Protocols
  18. When finished creating the DNS, file sharing, and LDAP rules, in the right-hand pane of the Firewall Policy section, click Apply.
  19. In the Configuration Change Description click Apply
  20. Click OK

My blog is self-hosted on a VPS running Ubuntu nested in Digital Ocean’s VPS service. If you want to get a VPS from Digital Ocean, I’d like to ask you to graciously use this referral link: . You’ll get $10 in free credit and once you’ve spent $25 of your own money, I’ll receive $25 myself, meaning that you’ll be indirectly supporting my blog.

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.