Reverse proxy not working TMG and Checkpoint RRS feed

  • Question

  • I have set up TMG as a forward/reverse proxy. Testing the internal clients it looks like forward proxy is working but can’t seem to get a test reverse proxy going.

    Internal ( -------TMG External ( ----------- Checkpoint------ISP

    Internal has an interface on the TMG with no gateway

    TMG has an external interface with as gateway

    Checkpoint has for the external and a range of class c  for the ISP

    2 rules on checkpoint allows HTTP and HTTPS and DNS lookups traffic from external to internet from and also NATS to one of our class c’s. This seems to work fine.

    Problem is publishing from internal LAN.

    If I have an IIS server say on the internal can I not just publish this. Internal name  inside.my.domain. Public test.my.domain. The test.my.domain will have one of my class c addresses.  If I alter my host file on a computer on the internet resolving the class c IP mapped to test.my.domain should I not get the web page? The web page works internally. The published policy rule when I do a Test Rule runs with no errors.

    1<sup>st</sup> rule in the Checkpoint is allow any http to the class c address of test.my.domain

    2<sup>nd</sup> rule in checkpoint is allow test.my.domain http to external interface on TMG

    Traffic seems to get to checkpoint but no further. I am more or less a newbie when dealing with TMG. Any ideas?

    • Changed type wherami Thursday, August 11, 2011 3:17 AM
    Thursday, August 11, 2011 3:17 AM


  • HI,

    you must create a Webserver Publishing rule on your TMG Server to publish the internal Webserver. TMG must listen (with a Listener) on one of the IP addresses associated to the external NIC from TMG and Checkpoint must forward HTTP/HTTPS traffic to this IP address on the TMG Server:

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Thursday, August 11, 2011 5:28 AM