Forefront TMG and Windows 7 DirectAccess

image Here’s a very interesting article about how to configure the TMG firewall to work with DirectAccess. A lot of people have been asking about this, given some System Policy Settings that appeared in the TMG console related to direct access.

However, keep in mind when you’re reading this article that TMG was not designed to make DirectAccess easier. In fact, I’d rather pull a bobcat’s tail in a phone booth than configure DirectAccess without the help of UAG 2010. However, some people like phone booths and bobcats, so they might like trying to make DirectAccess work with just a TMG firewall in front of the DirectAccess server.

Some things to consider when using only TMG instead of UAG:

  • UAG enables scalability for DA, TMG does not
  • UAG enables high availability for DA, TMG does not
  • TMG configuration is complex, thus adding, and removing DA configuration complexity
  • You can’t install the DA server on the firewall, and if you do, you’ll wish you hadn’t 🙂

Check out Ori Yosefi’s full coverage of this at:



Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

Prowess Consulting

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top