firewall policy

We're using UAG/TMG and it works fine. We have a very basic setup done by the book, File Access and Remote Desktop only.

I need to create a web publishing rule in TMG, I added another public IP address to the external network card, I insure the rule has the listener using the external address I just added.

I created a rule but don't see it hitting, nothing under sessions.

How do you recommend I fix this without hurting my UAG portal?

Resource Allocation failure:

The Web Proxy filter failed to bind its socket to 172.18.20.88 port 80. This
may have been caused by another service that is already using the same port or
by a network adapter that is not functional. To resolve this issue, restart the
Microsoft Firewall service. The error code specified in the data area of the
event properties indicates the cause of the failure.
The failure is due to
error: An attempt was made to access a socket in a way forbidden by its access
permissions.

and

WPP filter conflict detected:

Description: Forefront TMG detected Windows Filtering
Platform (WFP) filters that may cause policy conflicts.

I though using a different IP address would solve this?

HELP PLEASE!

 








  • Edited by jamicon Friday, January 03, 2014 10:49 PM
January 3rd, 2014 11:15pm

I was afraid of that but thanks!

One more question please?

If I build a new TMG (no UAG) server in the DMZ and create several web publishing rules does each site need its own external IP address? They would all be on ports 80 or 443.

Thanks again!!


  • Edited by jamicon 22 hours 43 minutes ago
Free Windows Admin Tool Kit Click here and download it now
January 4th, 2014 8:06am

Hi,

not it is possible to publish multiple websites with one external IP address:
http://technet.microsoft.com/en-us/library/cc995178.aspx
http://technet.microsoft.com/en-us/library/cc995182.aspx

January 4th, 2014 8:29am

Hi,

you must create the Web Publishing (UAG Trunk and portal applications) in the Forefront UAG MMC. Forefront UAG listens for all IP addresses (0.0.0.0) to port 443. It is not supported to create Web Publishing rules on the TMG Server if UAG is installed:
http://technet.microsoft.com/en-us/library/ee522953.aspx

You can ignore the WFP filter conflict message. This message is by design:
http://blogs.technet.com/b/yuridiogenes/archive/2010/02/16/wfp-filter-conflict-detected-alert-after-installing-forefront-tmg-2010.aspx

Free Windows Admin Tool Kit Click here and download it now
January 4th, 2014 10:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics