About publishing non-Web servers
Updated: February 1, 2011
Applies To: Forefront Threat Management Gateway (TMG)
When publishing non-Web servers, Forefront TMG uses server publishing rules to map requests to servers in a Forefront TMG network from clients located in other networks. Clients can be external clients located on the Internet or internal clients located on a different internal network.
In some circumstances, you might consider using server publishing rules instead of access rules for Web access; for example, to allow internal clients to access a non-Web server located in a perimeter network.
When you plan non-Web server publishing, consider the following:
Server publishing can be used to publish most TCP and UDP protocols.
The published server should be configured as a SecureNAT client with a default gateway pointing to Forefront TMG.
You cannot authenticate user requests for non-Web servers.
You can use IP address control to specify who can access published resources.
Each server publishing rule publishes a single server and protocol.
Server publishing configures Forefront TMG to listen on a specific port, and to forward requests to the published server. You can configure the following port properties:
Publish on a port other than the default port. For example, publish FTP services through port 22 on Forefront TMG; Forefront TMG then redirects requests to the default port 21 on the published server.
Specify the port on the published server to which requests should be sent. This can be the default port or an alternative port.
Limit the source ports from which client requests can be received.