We’ll begin by logging on to our TMG console, and browsing down to the firewall policy.
- Right-click Firewall Policy, scroll down to New, and over to Access Rule.
- As with most things Microsoft, this will launch a wizard. Our first step is to name our access rule. I like short, descriptive names, and I prefer CamelCase to make things readable and easier to script later, so I will call this AllowAllOutbound and then click Next.
- The default action is to deny. As we’re looking to permit all, we need to click Allow, and then click next.
- The next screen is where we need to define the traffic for this rule. Again, our choice is pretty easy based on our goal, “All outbound traffic” and then we click Next.
- The next step has us decide whether or not to enable malware inspection for this rule. This may be a bit confusing, as we’re dealing with an outgoing rule, but the help file defines this as “Outbound inspection refers to HTTP requests that originate from clients on networks protected by Forefront TMG.” This is not going to inspect the replies. So if you want to be a good citizen of the tubes, and you acknowledge that your client might have picked up the e-flu somewhere along the way, enabling this could protect the rest of the world from an infected client. We’ll tick the Enable option and then click Next.
- Now we need to define the source of this outgoing traffic we’re allowing. Assuming you want to cover all your users, click Add, expand Network Sets, and choose All Protected Networks, which will include your TMG server(s), your internal clients, and your VPN clients. Click to add them, then click Close, then click Next.
- In this step, we’re defining just where we want to permit this outgoing traffic. Since we’re trying to implement ip any, click Add, expand Network Sets, and choose All Networks (and Local Host.) Add them, click Close, and then click Next.
- Since we want this to apply to all users, click Next.
0 comments:
Post a Comment