Grettings.

Im getting an error trying to redirect an http post from a web fax server to a computer on my internal network.

I created a Non-Web server publish rule thats Allow, 80 TCP inbound, From Voxbone subnet (which is public x.x.x.0 /20), to the target computer in my internal network, and External network as Listener. This is what im getting

Initiated connection

Log type: Firewall service

Status: The operation completed successfully.

Source: External (x.x.x.x:46960)

Destination: Local Host (x.x.x.x:80)

Protocol: HTTP Then i get this Denied Connection

Log type: Web Proxy (Reverse)

Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).

Rule: Default rule

Source: External (x.x.x.x:46110)

Destination: Local Host (x.x.x.x:80)

Request: POST http://x.x.x.x/?did=34911829489

Filter information: Req ID: 0665328a; Compression: client=No, server=No, compress rate=0% decompress rate=0%

Protocol: http

User: anonymous and just  second later Log type: Firewall service Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. Source: External (x.x.x.x:46960) Destination: Local Host (x.x.x.x:80) Protocol: HTTP

• Edited by Javier Fernandez Wednesday, May 30, 2012 2:58 PM

Scrap the Non-Web Server publishing rule and create a Web Publishing rule as described in the following document:

Publishing a single Web site or load balancer over HTTP: ttp://technet.microsoft.com/en-us/library/cc984433.aspx

Im not trying to publish a web site, that traffic comes from an external web from another company, im trying to redirect the traffic that comes from them to one of my internal computers,which its not going to be published as a web, just need to get that Post traffic.

You would still use a web publishing rule, on the from tab of the publishing rule you would remove "Anywhere" and add a computer set that contains the IPs of the external company.

Done, from Voxbone range to the Internal Computer fqdn, traffic HTTP, listener to the external no authentication, but still dont do anything with that traffic, running a wireshark on TMG, posts from that range reach the external IP but nothing goes to the internal Computer IP. 

I also try doing a Network Route rule at networking rules tab, Voxbone range as source Network, and the internal computer IP as destinantion network, Network relationship as route but nothing.

You should delete the network route rule that you created. by default you should have a internal to external NAT rule that is all that you will need for this purpose.

Here is a walkthough example of what your web publishing rule should look like.

Here is the web listener:

Here is the web publishing rule:

You can also use the Traffic Simulator with Diagnostic Logging found under Troubleshooting.

Grettings

Thanks for your Reply Nathan, i had the same configuration on the web rule, seems the problem was in the Internal Computer configuration, the program used by them was listening on 8080 port, after talking with him i redirect requests to 8080 port and the problem seems solved, now he is getting that traffic but seems the automated 200 ok reply dont reach the external network, we are trying to know why.

• Edited by Javier Fernandez Friday, June 01, 2012 12:11 PM

Hello,

Please review;

Configuring HTTP filtering: http://technet.microsoft.com/en-us/library/cc995081.aspx

This link solved my problem.  Thank you!