Here’s a very interesting article about how to configure the TMG firewall to work with DirectAccess. A lot of people have been asking about this, given some System Policy Settings that appeared in the TMG console related to direct access.
However, keep in mind when you’re reading this article that TMG was not designed to make DirectAccess easier. In fact, I’d rather pull a bobcat’s tail in a phone booth than configure DirectAccess without the help of UAG 2010. However, some people like phone booths and bobcats, so they might like trying to make DirectAccess work with just a TMG firewall in front of the DirectAccess server.
Some things to consider when using only TMG instead of UAG:
- UAG enables scalability for DA, TMG does not
- UAG enables high availability for DA, TMG does not
- TMG configuration is complex, thus adding, and removing DA configuration complexity
- You can’t install the DA server on the firewall, and if you do, you’ll wish you hadn’t 🙂
Check out Ori Yosefi’s full coverage of this at:
https://blogs.technet.com/isablog/archive/2009/09/23/forefront-tmg-and-windows-7-directaccess.aspx
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)