Forefront TMG initial setup

Before you begin

Applies to:
  • Forcepoint URL Filtering, v8.5.x

Steps

  • If you installed Log Server, see Enabling communication with the Log Database when integrated with Forefront TMG.
  • Forcepoint URL Filtering manages HTTP, HTTPS, and FTP requests sent to TMG, but cannot manage traffic tunneled over a SOCKS or WinSOCK proxy server. To use Forcepoint URL Filtering in a network that uses a SOCKS or WinSOCK proxy server, you can either:
    • Disable the WinSOCK or SOCKS service.
    • Use the WinSOCK or SOCKS proxy client to disable the specific protocols that you want your web protection software to handle (HTTP, HTTPS, and FTP), then configure browsers on client computers to point to TMG for each of these protocols.

    For information about disabling a protocol, see the TMG Help from Microsoft.

  • Additional configuration of the ISAPI Filter is required if you are using non-web proxy clients with TMG. These TMG clients include the Firewall/Forefront TMG Client with proxy server disabled, and SecureNAT clients.
    See Configuring for TMG using non-web-proxy clients for instructions.
  • To configure your web protection software to ignore certain traffic based on the user name, host name, or URL, see Configuring the ISAPI Filter plug-in to ignore specific traffic for instructions.
  • If Network Agent was installed, configure Network Agent with the IP addresses of all proxy servers through which computers route their Internet requests. See Configure Network Agent for instructions.
  • If you installed Remote Filtering Server, configure TMG to ignore the machine on which Remote Filtering Server is installed. If TMG monitors this machine, it could interfere with policy enforcement for remote users. See your TMG documentation for instructions.