From #1 above it looks like you are sending your mail traffic to the firewall. Are you then doing port forwarding to the Barracuda? Unless you have a shortage of public IPs typically you'll create a NAT and send your mail to the public IP of the Barracuda. Have your MX point to the Barracuda and allow incoming mail to the Barracuda's public IP on the firewall. Then the Barracuda will send the mail to the mailbox server. If the cuda and mailbox server are on the same internal network behind the firewall most likely you will not need to open up an port between the cuda and mailbox. You'll just want to make sure you have the Barracuda's IP listed on your receive connector (if using Exchange).
I have a TMG 2010 server being used solely in the reverse proxy role (i.e. publishing DMZ web servers via Web Publishing rules such that their individual sites can be made externally accessible).
After a lot of research I'm now confident that I properly understand all of the configuration settings which are present in the rule's 'To' tab, except for one minor detail:
Under 'Proxy requests to published site', 'specify how the firewall proxies requests to the published server' there are two options, it's my understanding that they have the following effect:
If 'Requests appear to come from the the Forefront TMG computer', TMG will replace the 'Source Address' field in the request's IP packet header with it's own IP address.
Download gta vice city hd 2015. If 'Requests appear to come from the original client', TMG will leave the 'Source Address' field in the request's IP packet header as is (which depending on the web server's default gateway configuration may or may not cause routing or state-related problems).
My TMG server has multiple IP addresses bound to a single DMZ-facing NIC.
So my question is this - if I leave this setting on default (requests appear to come from TMG), how can I tell/configure which of the IP addresses bound to the TMG server's DMZ-facing NIC will be used in the IP packet header when it's forwarded to the web server?
I know I can look in the web server logs, but I'd like an approach which is more proactive, and ideally some information on how TMG actually decides which to use and if that decision can be influenced in any way, perhaps through TMG's own configuration interface, or even through more 'established' methods such as modifying interface route metrics manually.
The Ip Address Specified For Communication Between This Forefront Tmg Computer
Thanks
Tom TregennaTom Tregenna93111 gold badge1111 silver badges2222 bronze badges
1 Answer
I managed to find the answer to this question primarily with the help of this article.
There is a feature of TMG called 'Enhanced NAT' which can be used to specify which IP addresses are used for any given route.
In the end I created a new Networking Rule between 'All Networks (including Localhost)' to 'Internal', changed the relation from 'Route' to 'NAT' , and you can then use the 'NAT address Selection' tab to choose between one of the following options:
- Use the default IP address
- Use the specified IP address (dropdown)
- Use multiple IP addresses (selection button)
I have verified in my web server logs that this does in fact appear to work as expected.
Thanks to those who took the time to view this question, I hope it helps someone with a similar issue in the future.
Tom TregennaTom Tregenna93111 gold badge1111 silver badges2222 bronze badges
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Not the answer you're looking for? Browse other questions tagged networkingipreverse-proxyisa or ask your own question.
From #1 above it looks like you are sending your mail traffic to the firewall. Are you then doing port forwarding to the Barracuda? Unless you have a shortage of public IPs typically you'll create a NAT and send your mail to the public IP of the Barracuda. Have your MX point to the Barracuda and allow incoming mail to the Barracuda's public IP on the firewall. Then the Barracuda will send the mail to the mailbox server. If the cuda and mailbox server are on the same internal network behind the firewall most likely you will not need to open up an port between the cuda and mailbox. You'll just want to make sure you have the Barracuda's IP listed on your receive connector (if using Exchange).
Alert: The IntraArrayAddress defined on this server is not in the Local Address Table (LAT)
Management Pack Name: Forefront TMG Management Pack
Management Pack Version: 7.0.7695.100
Rule or Monitor: Rule
Rule or Monitor Name: The IntraArrayAddress defined on this server is not in the Local Address Table LAT
Rule or Monitor Notes: none
On August 24, 2017, President Trump signed an Executive Order (“Order”) imposing additional sanctions on Venezuela. The Order states that these sanctions, which primarily target the Government of Venezuela and the Venezuelan oil industry, are in response to the deepening political and humanitarian crisis in Venezuela. Us sanctions on venezuela. The Venezuela-related Sanctions program represents the implementation of multiple legal authorities. Some of these authorities are in the form of an executive order issued by the President. Other authorities are public laws (statutes) passed by The Congress.
Issue:
Alert description: The IP address specified for communication between this Forefront TMG computer (IP-address here) and other array members is not bound to a network adapter installed on this computer. The IP address specified for intra-array communication must be bound to a network adapter installed on the computer.
Resolution:
Steps to resolve:
![The ip address specified for communication between this forefront tmg group The ip address specified for communication between this forefront tmg group](/uploads/1/2/3/7/123708402/220549011.png)
1. Check the IP in Forefront TMG Management console (Firewall Policy Network Objects Computer Sets Array Servers) and replace if IP is wrong.
2. Check the IP in SQL Server Configuration Manager (SQL Server Network Configuration Protocols for MSFW/ISARS -> TCP/IP -> IP Addresses (TAB)) and replace if IP is wrong.
3. Search the registry for the “msFPCIntraArrayAddress” and change the IP address if you have found the wrong IP address there.
4. Rebooted the server.
2. Check the IP in SQL Server Configuration Manager (SQL Server Network Configuration Protocols for MSFW/ISARS -> TCP/IP -> IP Addresses (TAB)) and replace if IP is wrong.
3. Search the registry for the “msFPCIntraArrayAddress” and change the IP address if you have found the wrong IP address there.
4. Rebooted the server.