Configuring settings for Forefront TMG Client to resolve local requests
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
You can define addresses or domain names which enable Forefront TMG Client to locally resolve a network request without sending to Forefront TMG.
The following section describes how to configure addresses and domains which enable computers that have Forefront TMG Client, resolve network requests without sending the request to Forefront TMG.
Configuring settings for resolving local requests on the Forefront TMG Client
By default, Forefront TMG Client considers the following addresses as local:
All domain suffixes specified on the Domains tab in the properties of the network properties. This list comprises a local domain table (LDT).
All addresses on the client network. Forefront TMG supplies network address ranges to all computers that have Forefront TMG Client in the network, according to the addresses defined on the Addresses tab of the network properties. These IP address ranges are stored in memory by the Forefront TMG Client.
All addresses specified in the local routing table on the Forefront TMG Client computer.
All IP addresses contained in the local address table (LAT) file, LocalLAT.txt, created on the Forefront TMG Client computer.
The LDT and other Forefront TMG Client settings configured on Forefront TMG are pushed to clients during Forefront TMG Client installation, whenever a manual refresh is specified on the client, or every six hours.
The following sections describe how to create a local domain table, and a LocalLAT.txt file.
Creating a local domain table
The Forefront TMG Client looks at the local domain table (LDT) to determine which domains are local of which can be bypassed. Domain suffixes may be specified on the Domains tab in the properties of the client network. This list comprises a local domain table (LDT).
To create an LDT
In the Forefront TMG Management console, click Networking.
On the details pane, click the Networks tab.
Right-click the required network, and then click Properties.
On the Domains tab, do one or more of the following:
To specify a domain that Forefront TMG Clients on the network should access directly, click Add. On the Domain Properties dialog box, type in the fully qualified domain name (FQDN) for the domain, and then click OK.
To remove a domain from direct access, in the Domain names list, click the domain, and then click Remove.
To edit an existing domain name, in the Domain names list, click the domain, and then click Edit.
Creating a LocalLAT.txt file
You can add local addresses to a Locallat.txt file that you create. This file helps you maintain a separate list of IP addresses that the client should access directly. The Locallat.txt file should contain IP addresses in pairs. Each address pair defines either a range of IP addresses or a single IP address
To create a LocalLAT.txt file
On the Forefront TMG Client computer, navigate to one of the following folders, and then create a new text file named LocalLAT.txt:
If you are running Windows XP:
\Documents and Settings\All Users\Application Data\Microsoft\Firewall Client 2004
If you are running Windows Vista:
\ProgramData\Microsoft\Firewall Client 2004
In the file, enter the IP address range pairs for instant access to the required source. Each address pair defines either a range of IP addresses or a single IP address. The following example shows a Locallat.txt file that has two entries;the first is an IP address range, and the second is a single IP address.
10.51.0.0 - 10.51.255.255
10.52.144.103 - 10.52.144.103
Save and close the file.
If you are running Windows Vista, do the following:
Click Start, right-click Computer, and then click Management.
Double-click Services and Applications, and then click Services.
Right-click the Forefront TMG Client Agent service, and then click Restart.
You can use any software deployment method, such as group policy, to deliver LocalLAT.txt to Forefront TMG Clients.