61.4 Installing and Configuring 10g Webgate for Forefront TMG Server

You can set up the 10g Webgate and register plug-ins as Web filters.

Task overview: Configuring Webgateand Filters for TMG Server includes

  1. Installing 10g Webgate with TMG Server

  2. Changing /access Directory Permissions

  3. Registering Access Manager Plug-ins as TMG Server Web Filters

  4. Ordering the ISAPI Filters

  5. Verifying Form-based Authentication

61.4.1 Installing 10g Webgate with TMG Server

When you install Webgate with the Forefront TMG Server, the destination for the ISAPI Webgate installation (also known as the Webgate_install_dir) should be same as that of the Microsoft Forefront TMG.

For example, if Forefront TMG is installed in C:\Program Files\Microsoft Forefront Threat Management Gateway, the ISAPI Webgate should also be installed there.

Task overview: Installing the ISAPI Webgate for Forefront TMG Server

  1. Register a 10g ISAPI Webgate with Access Manager, as described in Registering and Managing 10g WebGates with Access Manager 11g.

    Note:

    During Webgate installation, select the TMG option.

  2. Install the ISAPI Webgate for TMG, as described in Locating and Installing the Latest 10g WebGate for Access Manager 11g.
  3. Proceed to the "Changing /access Directory Permissions" section.

61.4.2 Changing /access Directory Permissions

After finishing ISAPI Webgate installation and configuration for the Forefront TMG Server, you must change permissions to the \access subdirectory.

This subdirectory was created in the Forefront TMG Server (also Webgate) installation directory. You must add the user NETWORK SERVICE and grant full control to SYSTEM ADMINISTRATOR. This enables the Forefront TMG Server to establish a connection between the Webgate and Access Server. Certain configuration files should be readable by system administrators, which is why you grant SYSTEM ADMINISTRATOR full control.

Note:

Webgate in Simple Mode: add user NETWORK SERVICE and give Full Control for the password.xml file in TMG_install_dir\access\oblix\config\password.xml.

To change permissions for the \access subdirectory

  1. In the file system, right-click Webgate_install_dir\access, and select Properties.
  2. In the Properties window, click the Security tab.
  3. Add user "NETWORK SERVICE" and then select "Allow" to give "Full Control".
  4. For the "SYSTEM ADMINISTRATOR", select "Full Control".
  5. Proceed to the "Configuring the TMG 2010 Server for the ISAPI 10g Webgate" section.