About publishing non-Web servers

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

When publishing non-Web servers, Forefront TMG uses server publishing rules to map requests to servers in a Forefront TMG network from clients located in other networks. Clients can be external clients located on the Internet or internal clients located on a different internal network.


In some circumstances, you might consider using server publishing rules instead of access rules for Web access; for example, to allow internal clients to access a non-Web server located in a perimeter network.

When you plan non-Web server publishing, consider the following:

  • Server publishing can be used to publish most TCP and UDP protocols.

  • The published server should be configured as a SecureNAT client with a default gateway pointing to Forefront TMG.

  • You cannot authenticate user requests for non-Web servers.

  • You can use IP address control to specify who can access published resources.

  • Each server publishing rule publishes a single server and protocol.

  • Server publishing configures Forefront TMG to listen on a specific port, and to forward requests to the published server. You can configure the following port properties:

    • Publish on a port other than the default port. For example, publish FTP services through port 22 on Forefront TMG; Forefront TMG then redirects requests to the default port 21 on the published server.

    • Specify the port on the published server to which requests should be sent. This can be the default port or an alternative port.

    • Limit the source ports from which client requests can be received.


Configuring publishing of other protocols
Planning for publishing