none
Install forefront TMG in a non-domain environment

    Question

  • Hi all,

    I have one machine and few users (about 20 users), we do not intend to deploy a domain but we need to control internet access. can we deploy TMG on a workgroup server, configure rules on it and let users machines to connect to it for internet access? If yes how to do this step by step?

    Thank you!

    Sunday, February 10, 2013 9:23 AM

Answers

  • Yes, you can, no need for AD, but you will lose some features associated to the domain account users control.
    Sunday, February 10, 2013 12:16 PM

All replies

  • Hi,

    it is possible to deploay TMG in a worksgroup environment and to give Clients access to the TMG server via Secure NAT clients:
    http://technet.microsoft.com/en-us/library/bb794762.aspx
    http://technet.microsoft.com/en-us/library/ee658148.aspx


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Sunday, February 10, 2013 10:10 AM
  • I will not have a domain at all, no clients joined to the domain nor TMG server, does the links above apply to this situation?

    Sunday, February 10, 2013 11:11 AM
  • Yes, you can, no need for AD, but you will lose some features associated to the domain account users control.
    Sunday, February 10, 2013 12:16 PM
  • Hi, yes and if you want to have user authentication in Firewall Poliy rules you must create users local on the TMG Server and users must authenticate against the TMG server to get Internet access


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Sunday, February 10, 2013 2:57 PM
  • Hi, yes and if you want to have user authentication in Firewall Poliy rules you must create users local on the TMG Server and users must authenticate against the TMG server to get Internet access


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de


    Do we need to put TMG server IP as a proxy on teh IE of the clients or we just configure their gateway to TMG IP?
    Tuesday, February 12, 2013 7:06 AM
  • HI,

    if you only want to have control who uses TMG with IP addresses set the Gateway on the clients to the internal IP address of your TMG Server, so the clients will be Secure NAT clients. If you want to have user control for HTTP/HTTPS protocols, set the proxy on the clients to the IP address of the TMG Server


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Tuesday, February 12, 2013 7:38 AM
  • Thanks, but as I will have no domain controller, can I install DHCP on TMG to make IP researvations for clients?
    Tuesday, February 12, 2013 4:12 PM
  • Hi,

    yes, not a good idea. TMG should be a Firewall and no application Server but it is possible:
    http://technet.microsoft.com/en-us/library/cc302605.aspx (same for TMG)


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Tuesday, February 12, 2013 7:40 PM