none
TMG 2010: Outlook/Thunderbird can't get through

    Question

  • Dears,

    I'm using TMG 2010 ver 7.0.7734.100, single interface deployment.

    I have a problem with client applications like Outlook, Thunderbird, and Skype.

    All can't work through proxy.

    Skype configuration made manually, and didn't work.

    I can't configure both Outlook nor Thunderbird.

    Thanks,

    Khalid Rehan.

    System Administrator
    Tel          : +966 1 4920003 Ext. 312
    Fax         : +966 1 4910703
    Mobile    : +966-561923927
    Website : iman-group.com
    Email      : krehan@iman-group.com

    Monday, December 02, 2013 3:07 PM

Answers

  • Folks,

    Go back to the beginning post,...the very first line.

    This a single nic TMG.

    A single Nic TMG can only be used as an HTTP or HTTPS Proxy.

    It can not be used for POP3, SMTP, IMAP, or anything else.  So that eliminates Outlook and Thunderbird.  It may also eliminate Skype if Skype tries to use any communication that is not encapsulated within HTTP or HTTPS.

    A single nic TMG implies that there is some other firewall in place that is doing the "real" work.  It is that firewall that must be used for all these things,...not the TMG.

    Wednesday, December 04, 2013 2:39 PM

All replies

  • Hi,

    Do you mean that outlook, Skype and thunderbird are blocked by TMG?

    Firstly please check TMG live logging to see if there is any error information.

    And you must create access rules to allow the protocols used by these app.

    There are some articles for your reference:

    How to allow Skype in TMG:

    http://social.technet.microsoft.com/Forums/forefront/en-US/9724a5a3-2f5c-4051-aa44-c9ab1e3e8201/how-to-allow-skype-in-tmg-2010

    http://forums.isaserver.org/m_2002092620/mpage_1/key_/tm.htm#2002113317

    http://networking.bigresource.com/How-to-allow-Skype-through-TMG-2010-with-HTTPS-Inspection-enabled-23WS4WEPM.html

    http://www.petri.co.il/forums/showthread.php?t=61991

    Best Regards

    Quan Gu 

    Tuesday, December 03, 2013 5:54 AM
  • You are not able to end emails from outlook. if yes then workaround is to install and configure "Free Proxy Internet suite" this will open port for sending and receiving ports for outlook or thunder bird


    Akshay Pate

    Tuesday, December 03, 2013 6:33 AM
  • Dear Quan,

    Your reply is great, but still can't put my hand on the problem.

    Can you give me the key for these issues?

    Regards,
    Khalid Rehan.
    System Administrator
    Tel          : +966 1 4920003 Ext. 312
    Fax         : +966 1 4910703
    Mobile    : +966-561923927
    Website : iman-group.com
    Email      : krehan@iman-group.com

    Tuesday, December 03, 2013 9:48 AM
  • Hi,

    Okay.

    For example, let us assume that we need to allow client to access external website.

    At first, we need to know that HTTP protocol must be used by customers to access website.

    Secondly, HTTP is based on TCP port 80.

    After that, we need to create an access rule to allow HTTP traffic transport from internal to external.

    What I said above is to tell you that if you want to allow any application, you should firstly know which protocols need to be used by it and which port (TCP/UDP) need to be used by this protocol. And then, you can start to create an access for it and everything should be okay.

    Best Regards

    Quan Gu 

    Wednesday, December 04, 2013 6:30 AM
  • Folks,

    Go back to the beginning post,...the very first line.

    This a single nic TMG.

    A single Nic TMG can only be used as an HTTP or HTTPS Proxy.

    It can not be used for POP3, SMTP, IMAP, or anything else.  So that eliminates Outlook and Thunderbird.  It may also eliminate Skype if Skype tries to use any communication that is not encapsulated within HTTP or HTTPS.

    A single nic TMG implies that there is some other firewall in place that is doing the "real" work.  It is that firewall that must be used for all these things,...not the TMG.

    Wednesday, December 04, 2013 2:39 PM
  • Hi,

    Sorry for my careless. I aggree with Philip.Single Network scenario has many limitations. Please refer to the link to know more about that:

    http://technet.microsoft.com/en-us/library/cc995236.aspx

    Philip, thank you for your prompt.

    Best Regards

    Quan Gu


    Thursday, December 05, 2013 2:21 AM
  • No problem guys.

    Happy to help!

    Thursday, December 05, 2013 2:37 AM
  • Dear Philip,

    I changed to Edge Firewall Deployment, and still not working..

    Khalid

    Thursday, December 05, 2013 4:18 PM
  • You can't just "change to Edge", it is not a matter of just flipping a switch.  That requires a corresponding physical network topology change, such as creating a back to back DMZ, or physically replacing the previously existing Firewall with the TMG.

    With your current network design (as far as I can understand what you have) you must run all Non-HTTP and Non-HTTPS traffic directly through your previously existing Firewall without involving the TMG.

    Thursday, December 05, 2013 7:31 PM
  • Dear Phillip,

    TMG must be involved, I don't have any other choice..

    Is it a SSL issue?

    Even from the TMG localhost itself I can't telnet imap.googlemail.com !!

    C:\>telnet smtp.mail.yahoo.com 587
    Connecting To smtp.mail.yahoo.com...Could not open connection to the host, on port 587: Connect failed

    C:\>telnet imap.googlemail.com 993
    Connecting To imap.googlemail.com...Could not open connection to the host, on port 993: Connect failed

    Something I don't understand here :@

    Please, advise..

    Khalid Rehan. 

    Sunday, December 08, 2013 3:22 PM
  • Then replace the existing Firewall with the TMG (single firewall), or create a Back-to-Back DMZ (two firwalls positioned one behind the other).   Otherwise it is impossible for the TMG to be involved.
    Sunday, December 08, 2013 8:12 PM
  • Dear Phillip,

    TMG is already the only firewall I have.

    Regards,

    Khalid.

    Wednesday, December 11, 2013 10:21 AM
  • are not able to receive emails on outlook and thunderbird???

    Akshay Pate

    Wednesday, December 11, 2013 10:23 AM
  • You said at the beginning it was a single nic installation, that's makes it impossible for it to be the only firewall.  You said later that you gave it a second nic but did not elaborate on what topology changes you employed to make that possible, which make that impossible for me to respond to accuartely.

    Those applications mentioned can only operate as Firewall [winsock] Clients or as SecureNAT Clients.  Both of those require a multi-nic TMG installation within a topology designed to accomidate that.  At that point you then create access rules to accomidate them.

    Wednesday, December 11, 2013 3:44 PM