Configure Publishing Rule For Lync Via Reverse Proxy TMG 2010




I have a video to share for publishing the Lync Web Services to publish externally.

Please Click Here or simply copy and paste the url link


See The Differences between Public OWA and Internal OWA?

please see at the bottom at the Public OWA. I used Forefront Threat Management Gateway 2010 to publish OWA. You need to have a cetificates installed at the personal certificate (using MMC) and enter the private key. the certificates can be obtained from your OWA exchange server at Client Access under Server Configuration.



The public webpage looks like below.

Organizing Array Levels in TMG 2010 / ISA SERVER 2006

Previously, I have assigned role of user to manage the ISA Server / TMG server.In ISA Server environment, one has to know the define role. In Array role, there are three roles of array administrators:

  • ISA Server Array Monitoring Auditor – Users and groups assigned this role will have authority to monitor the ISA Server and network connectivity but limited to configure the functionality.


  • ISA Server Array Auditor – Users and groups can perform all monitoring task, such alerts, log configuration, and all the monitoring functionality that are available.


  • ISA Server Administrator. – This can perform any ISA Server task, including rule configuration, network template and so on.


It is important to give least administrative rights to users with their skill. It’s better to set the good security especially the ISA Server became the edge or Tri-home template ISA Server.

  • ISA Server Array Auditor

Assign Roles in TMG 2010

Like ISA server 2006, even though you are an administrator of the domain, you still unable to manage the ISA server or TMG. What you need to do is to ask the delegation permission to open the ISA or TMG management console

How to do it?

open TMG properties -> select Assign Roles Tab

and Then Browse the user. For example, Jane

Then choose what role you assign. For example “Forefront TMG Array Administrator”

Then click OK & Apply->Ok.

Click Save Changes.

Web Access Policy in TMG 2010


This is new to me… when I jump from ISA server 2006 to Forefront Threat Managemtn Gateway, I saw a lot of different feature. Then, since I use the TMG as a proxy, this Web Access Policy made me easy to filter unnecassary website that should be blocked in organization.

How to start?

On left pane, you should see web access policy and right click. Then Choose Configure

A web access policy wizard comes out…


Click Next button.

Choose Yes, Create a rule blocking the minimum recommended URL. Then, Click Next.

On Block Web Destination, keep the default.

Then Click Next Button.

For Malware option below I prefer to choose Yes so that it inspects the web content for malware.

At the Https Inspection wizard below:

Click Next.

we need to export a certificate in the TMG server. click Browse on the image below:

type the filename. in example, webaccess.cer.Then click Save. after that, click Next button at the Certificate Deployment.

On the web cache, I enable the web cache like figure above and set the cache to 500MB.

and Click Finish button for completing the wizard.

Configure Your Network in Threat Management Gateway 2010

Configure your network is simpler as ISA Server 2006. You need to identify of how your network designed. Let say, you will remember edge firewall, 3-Leg Perimter and so on in ISA Server 2004 and 2006 environment.

When you first installing TMG 2010 in your 64 bit processor and operating system, you will be asked to configure your network. In my example, since I only have 1 network card attached and configured as web proxy.

Step 1:

Just click next on the network setup wizard.

Step 2:

I choose Single network adapter. Click Next

step 3:

configure your IP address and so on. Click Next

and completing the network setup by clicking finish button.