TMG’s moving out, I need a Reverse Proxy, what do I do?

Why do we need a Reverse Proxy for Lync? TechNet ( specifically mentions that the following features require external access through a reverse proxy:

  • Enabling external users to download meeting content for your meetings.
  • Enabling external users to expand distribution groups.
  • Enabling remote users to download files from the Address Book service.
  • Accessing the Lync Web App client.
  • Accessing the Dial-in Conferencing Settings webpage.
  • Accessing the Location Information service.
  • Enabling external devices to connect to Device Update web service and obtain updates.
  • Enabling mobile applications to automatically discover and use the mobility (Mcx) URLs from the Internet.
  • Enabling the Lync 2013 client, Lync Windows Store app and Lync 2013 Mobile client to locate the Lync Discover (autodiscover) URLs and use Unified Communications Web API (UCWA).


On Sept. 12, 2012, Microsoft announced changes to the roadmaps of several Forefront products, including the discontinuation of Forefront Threat Management Gateway (TMG) 2010.  Microsoft will continue to provide maintenance and support for Forefront Threat Management Gateway (TMG) 2010 through Dec.31, 2015. This announcement of course, has spanned off 3rd parties to step in, even Microsoft with a plain Windows 2008 R2 SP1 box to address the gap.

With this announcement, there are several changes that have been taken into consideration:

  • A “Reverse Proxy” section in the Infrastructure qualified for Microsoft Lync has been included. The following solutions are listed:
    • Internet Information Services Application Request Routing  (IIS ARR), more info here.
    • Even though becoming a dead end, Forefront Threat Management Gateway (TMG) 2010, more info here.
  • F5 has posted a solution, more info here.
  • Kemp has a solution, great article here.