Handy Guidelines for Determining Whether to Use Access or Publishing Rules

When deciding whether to use a server publishing rule or access rule, consider the following:

  • Access rules allow or deny traffic. Server publishing rules only allow traffic.
  • Access rules allow traffic to multiple hosts. Server publishing rules only provide access to a single server.
  • An access rule can allow or deny multiple protocols. A server publishing rule can only publish a single protocol.
  • An access rule can only use outgoing protocols.
  • Port translation can be performed with server publishing, so that the rule publishes services on a different port than the actual service port.
  • Server publishing rules allow address translation in both directions, so that Forefront TMG hides both the address of the client from the server, and vice versa.
  • Some built-in application filters, such as the SMTP filter, are designed to work with server publishing rules, and not with access rules.
  • When you configure access rules or server publishing rules, the network relationship configured between source and destination networks specified in the rules affects how traffic is handled, and should be taken into account.

From http://technet.microsoft.com/en-us/library/cc441631.aspx

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top