Discussion: VPN Server behing a TMG Forefront firewall RRS feed

  • General discussion

  • I have a VPN Server that is behind a TMG Forefront firewall (a test environment).

    The VPN Server is allowing only the use of SSTP and is using port 443 for listening.

    What should I do on the TMG Forefront server to forward the SSTP traffic to this VPN server?

    Do I publish a non-Web Server protocol? Means I create a new protocol name SSTP (TCP, Inbound, 443-443 ports range).

    As SSTP is based on https. Do I to publish it as a Web Server?

    Sunday, July 10, 2011 11:47 AM

All replies

  • Are you using a separate IP address for this? If you need to forward (effectively tunnel) the SSL through I would use the non-web rule but would put it on its own public IP address so that it doesn't mess with any of your normal TMG published services such as OWA, Sharepoint, other etc.
    Keith Alabaster - MVP/Forum Moderator
    Sunday, July 10, 2011 1:11 PM
  • Thank you. That is perfectly logic and I was searching for that.

    Thank you Keith :)

    Sunday, July 10, 2011 2:23 PM