A couple more to add:
Access to file shares/servers can’t be restricted by user group. CIFS traffic will not work with any rule that tries to authenticate the user. Further details here: http://support.microsoft.com/kb/913782 but Microsoft’s summation is:
The Firewall Client program can only process Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) traffic that is passed through the Windows Sockets API (Winsock). CIFS connections do not use Winsock calls. Therefore, the Firewall Client program cannot authenticate CIFS connections to the server. If you configure a rule that requires CIFS authentication, the connection will be denied.
This came about configuring TMG array for internal network segmentation, and this is a bit of a pity, as though authenticating the rules themselves isn't a showstopper (NTFS permissions will handle the security) logging of file server access would have been good.
Also,
When moving TMG servers from a standalone array to an Enterprise Managed array, make sure you configure the correct routes (under the Networking node) on the Enterprise Array before you join the TMG servers, this may save you a bit of time
No comments:
Post a Comment