Elsinore

User Forum

www.screenconnect.com
Welcome Guest Search | Active Topics | Log In | Register

Tag as favorite
ForeFront TMG Publishing Rule
Options
Previous Topic Next Topic
maacevedo
#1 Posted : Friday, November 18, 2011 4:11:13 PM
Rank: Newbie
Joined: 11/18/2011
Posts: 3
Location: Puerto Rico (USA)
I Publish my Screen Connect server using a publishing rule in Microsoft ForeFront TMG. Everythign works as expected if I connect the server directly to the public IP address. When I am behind the firewall, however, everything works except for Unattended Build.

When I input the description and click on "Download for Windows (.MSI)" nothing happens. The Mac OSX (.pkg) works fine. Only the Windows link is not working.

I am guessing that the ForeFront TMG server is blocking the client from downloading .msi files. I have tried turning off all http filters in the gateway but it does not work. I need to be able to user ForeFront because I do the port forwarding based on the incoming host name, and Forefront allows me to do this. THis way I can have multiple web servers behind the firewall.

Does anybody know the correct configuration for FF TMG?

Is there anyway to vhange the name of the .msi to .zip or something that will allow it to go through and I'll rename it back in the Guest machine?

Thank you,

Mario
Back to top
Report?
teejayuu
#2 Posted : Wednesday, February 29, 2012 10:21:11 AM
Rank: Member
Joined: 9/2/2011
Posts: 19
Location: Doncaster, UK
Hi Mario

I'm using TMG as an edge firewall. This is what I have and it works fine - I'm not an expert in either TMG or ScreenConnect, but this may be of some use. I have 2 rules setup, a Web Publishing one and a Non-Web Server Protocol rule. I'll assume you have the web publishing set up and give you the details of the Non-Web Server rule.

Rule Name: ScreenConnect Relay
Protocol: SC Relay (user-defined 8041-8041 TCP Inbound)
From: Anywhere
To: Internal IP address
External: External (IP Address of external website)

Note: We have 30 external IP addresses available and use a specific one for ScreenConnect. If you don't have a dedicated IP address for your SC site you will need to use 'listen on all ports'

Hope this helps

Tony
Quote:
In view of the fact that God limited the intelligence of man, it seems unfair that He did not also limit his stupidity.
Konrad Adenauer
Back to top
Report?
maacevedo
#3 Posted : Wednesday, February 29, 2012 12:52:57 PM
Rank: Newbie
Joined: 11/18/2011
Posts: 3
Location: Puerto Rico (USA)
Hello Teejayuu,

The reason I needed a publishing rule was so that TMG could use the websites name in order to route the request to the correct server. I have SC working on port 80 and 443 to avoid having issues with client firewalls not allowing connections. What I did was a generic publishing rule forwarding port 80 and 443 to the screenconnect server. I then put this rule AFTER other websites publishing rules. This way I was able to make it work. Maybe TMG doesn't like .MSI files going over port 80 or something. This was the only way I could make it work.

Thanks again.
Back to top
Report?
teejayuu
#4 Posted : Wednesday, February 29, 2012 2:39:51 PM
Rank: Member
Joined: 9/2/2011
Posts: 19
Location: Doncaster, UK
Hi Mario,

Have you tried posting on the isaserver.org TMG forums - they are a friendly and knowledgeable bunch and may be able to help. I've used them many times in the past. Post back and let me know

Cheers

Tony
Quote:
In view of the fact that God limited the intelligence of man, it seems unfair that He did not also limit his stupidity.
Konrad Adenauer
Back to top
Report?
Users browsing this topic
Guest
Tag as favorite
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

SoClean Theme By Jaben Cargman (Tiny Gecko)
Powered by YAF | YAF © 2003-2009, Yet Another Forum.NET