If you would like to read the first part of this article series please go to Publishing Exchange Outlook Web App (OWA) with Microsoft Forefront Threat Management Gateway (TMG) 2010: Part 1 – Preparing the Client Access Server (CAS).
Introduction
Forefront Threat Management Gateway (TMG) 2010 includes support for publishing Microsoft Exchange Outlook Web App (OWA) for Exchange 2010, as well as Outlook Web Access for Exchange 2007, 2003, and 2000. In this second part of the article series we will walk through the steps required to publish Exchange OWA 2010 using TMG.
Importing the Certificate
Before we can publish OWA, we first need to import the SSL certificate for the site on the TMG firewall. To accomplish this, click Start / Run and then type mmc.exe. From the drop down menu choose File / Add/Remove Snap-in. Select Certificates, then click Add >.
Figure 1
Select the Computer Account option.
Figure 2
Select the option to manage the Local computer.
Figure 3
In the console tree, expand the Certificates node. Expand the Personal folder, then right-click the Certificates folder and choose Import…
Figure 4
Enter the location of the certificate file you exported previously.
Figure 5
Enter the password and optionally mark the private key exportable.
Figure 6
Accept the default option to Place all certificates in the following store.
Figure 7
Creating the OWA Publishing Rule
In the TMG management console, right-click the Firewall Policy node in the console tree and choose New, then Exchange Web Client Access Publishing Rule…
Figure 8
Give the publishing rule a descriptive name.
Figure 9
Select Exchange Server 2010 from the drop down list, and then select the option to publish Outlook Web Access.
Figure 10
For demonstration purposes we are publishing a single CAS server, so we’ll choose the option to Publish a single web site or load balancer.
Figure 11
Select the option to Use SSL to connect to the published web server or server farm.
Figure 12
Enter the name of the internal web site.
Figure 13
Select the option to accept requests for a specific domain, and then enter the public name of the web site.
Figure 14
Create a web listener for the site by selecting New…, and then enter a descriptive name for the listener.
Figure 15
Select the option to Require SSL secure connection with clients.
Figure 16
Select the network to listen for incoming web requests.
Figure 17
Choose Select Certificate… and select the certificate you imported previously.
Figure 18
Select the option to use HTML Form Authentication and Windows (Active Directory) to validate credentials.
Figure 19
If required, enable SSO.
Figure 20
The authentication method used by TMG must match the authentication method configured on the web site. Since we enabled basic authentication on the web site, we’ll choose Basic Authentication here.
Figure 21
If you wish to grant access to OWA only to specific users and/or groups, add them here. Otherwise accept the default All Authenticated Users group.
Figure 22
To confirm operation, click the Test Rule button.
Figure 23
TMG will test the rule and report the success or failure accordingly.
Figure 24
Summary
After preparing the Exchange Client Access Server (CAS) in part one of this series, in part two we configured Forefront Threat Management Gateway (TMG) to securely publish Exchange Outlook Web App 2010. We imported the SSL certificate and walked through the Exchange Web Client Access Publishing Rule wizard, and used the diagnostic features in TMG to make certain the publishing rule was configured correctly.
If you would like to read the first part of this article series please go to Publishing Exchange Outlook Web App (OWA) with Microsoft Forefront Threat Management Gateway (TMG) 2010: Part 1 – Preparing the Client Access Server (CAS).
