Creating an Additional DMZ or Perimeter Network with Threat Management Gateway TMG

Threat Management Gateway 2010 – Additional DMZ or Perimeter Network

1. Open up your Threat Management Gateway Management Console and click on Networking.


Microsoft Forefront Threat Management Gateway 2010
2. Right Click on Perimeter and select properties. Change the name to DMZ1 and give it a description. Click Ok. This is your existing DMZ.


Microsoft Forefront Threat Management Gateway 2010
3. On the right hand side click on Create a New Network. This will be for your second DMZ within your Threat Management Gateway. Enter in the name DMZ2 and click Next.


Microsoft Forefront Threat Management Gateway 2010
4. Select Perimeter Network and click Next.


Microsoft Forefront Threat Management Gateway 2010
5. Click Add Adapter.


Microsoft Forefront Threat Management Gateway 2010
6. Select your DMZ2 Interface and click Ok.


Microsoft Forefront Threat Management Gateway 2010
7. The IP address range is already populated. Click Next.


Microsoft Forefront Threat Management Gateway 2010
8. A summary is displayed of the new DMZ2 Threat Management Gateway network. Click Finish.


Microsoft Forefront Threat Management Gateway 2010
9. Click on the Network Rules tab. Right click on the existing Perimeter to External Relationship rule and select properties.


Microsoft Forefront Threat Management Gateway 2010
10. Change the name to DMZ1 Perimeter to External Relationship as this is the rule for the previous DMZ1. Click Ok.


Microsoft Forefront Threat Management Gateway 2010
11. On the right hand side click Create a Network Rule. Enter in the name DMZ2 Perimeter to External Relationship and click Next.


Microsoft Forefront Threat Management Gateway 2010
12. Select DMZ2 in the Add Network Entities Window and click Add.


Microsoft Forefront Threat Management Gateway 2010
13. DMZ2 is added to the Network Traffic Sources, click Next.


Microsoft Forefront Threat Management Gateway 2010
14. Select External in the Add Network Entities Windows and click Add.


Microsoft Forefront Threat Management Gateway 2010
15. External is added to the Network Traffic Destinations, click Next.


Microsoft Forefront Threat Management Gateway 2010
16. I will be selecting NAT here as my DMZ2 is using Private IP addressing. Click Next.


Microsoft Forefront Threat Management Gateway 2010
17. I will use the default IP address for the source. This will be the External IP address when going from DMZ2 to External for example using NAT. Click Next.


Microsoft Forefront Threat Management Gateway 2010
18. A summary is displayed of your settings. Click Finish. Follow steps 11-18 to create a Network rule from Internal to DMZ2 using the route method. You will then be ready to create your access rules for DMZ2 with your Threat Management Gateway.


Microsoft Forefront Threat Management Gateway 2010
Disclaimer:
All the tutorials included on this site are performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


*

This site uses Akismet to reduce spam. Learn how your comment data is processed.