You might not know it, but when you install the UAG DA server or SSL VPN gateway, you get a TMG firewall built right into the mix. The reason why TMG is included on the UAG server is to provide an “edge ready” solution so that you can put the UAG server on the edge of the network, and not put any kind of firewall in front of the UAG server. The TMG firewall is the ideal solution, since it’s designed to work with UAG and has proven time and again to be one of the most secure firewalls on the market today.
However, in general you don’t want to mess with the TMG firewall configuration on the UAG server computer. The reason for this is that when you configure UAG in the UAG management console, the UAG management components automatically update the TMG firewall policy to do what it needs to do to make the UAG configuration work. You should never have to go into the TMG firewall console when working with a UAG server.
Well, that might not always be the case. Jason Jones shows in his blog post on TMG firewall fundamentals on the UAG server over at http://blog.msedge.org.uk/2010/04/threat-management-gateway-tmg.html that there are a few things that you can do with the TMG firewall configuration to enhance UAG functionality. Jason spent a lot of time on this post and it would be worth you time to check it out.
HTH,
Deb
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
[email protected]