locked
TMG 2010 SP1 - Seems to be NATing after install

    Question

  • I recently installed SP1, but began to experience problems immediately.  We have a number of IP-recognition services which fail with SP1 installed.  It appears to me that TMG is NATing our connections even though all the network rules are set to "Route."  Another related symptom is that all incoming traffic to our web servers appears to come from the TMG internal IP rather than their true IP.  Any suggestions would be greatly appreciated.
    Tuesday, September 07, 2010 11:34 PM

Answers

  • Marc, thanks very much for your helpful response.  I did discover that applying SP1 apparently enables the Web Proxy Filter, which we had intentionally disabled.  I was able to return to normal operation by disabling the Web Proxy Filter.
    Thursday, September 09, 2010 3:38 PM

All replies

  • Hi,

    are these services HTTP or HTTPS based? Even if you use a ROUTE relationship, every HTTP/HTTPS traffic flows through the Webproxyfilter in ISA/TMG and will be NATed. AFAIK this has not changed since ISA 200x days.

    for teh other problem please check if your publishing rules are configured so that the "Traffic appears from the original client"


    regards Marc Grote aka Jens Baier - www.nt-faq.de - www.it-training-grote.de - www.forefront-tmg.de
    Wednesday, September 08, 2010 6:26 AM
  • Marc, thanks very much for your helpful response.  I did discover that applying SP1 apparently enables the Web Proxy Filter, which we had intentionally disabled.  I was able to return to normal operation by disabling the Web Proxy Filter.
    Thursday, September 09, 2010 3:38 PM