locked
LDT not recognized by FWC RRS feed

  • Question

  • We've deployed TMG in our corporate and a branch office.  Both sites have their own internet connection as well as a private WAN connection for internal traffic.  Our corporate office also has a DMZ as a third leg on the TMG array.  We're using split DNS so all clients connecting to the application servers in the DMZ should access them over the WAN, passing through the corporate TMG array as SecureNAT clients.  The firewall client has been deployed to all clients and is using AD markers in their respective sites for autodiscovery.  TMG is configured to support WPAD also.  On the Web Proxy configuration, we're bypassing the proxy server for all addresses and domains used in the DMZ.  Because the DMZ is not a local network (and therefore not in the Local Address Table), this should cause the traffic to fall back to the firewall client.  However, we've added the domains used in the DMZ to the list of domains that the FWC should allow to bypass TMG and send directly to the application server.  Using FWCTool.exe, I can see that the domains are showing up in the Local Domain Table for the clients but the traffic is still being sent to their local TMG server. 

    If I disable the firewall client service, the web proxy configuration alone seems to function properly and bypass the web proxy, sending the traffic directly to the application server. 

    If I enable the firewall client service and manually add a LocalLAT.txt file to the clients, this also seems to coax the client into bypassing the local TMG array and send the traffic directly to the server.

    Why is the firewall client requiring an entry in the LAT table rather than honoring the configuration in the LDT?  Is there any way to configure the FWC LAT globally rather than pushing LocalLAT files to all of the machines?

    Thursday, September 30, 2010 3:10 PM

Answers