Configure Forefront TMG as a Proxy Cache


A Proxy Server provides a number of useful functions in a company’s network infrastructure. Proxy Servers will go out and retrieve Web pages and content and return the Web pages to the internal network users. The fact that the proxy is retrieving the Web pages and not the actual clients adds an extra layer of protection to the clients because their internal IP addresses are hidden from the Internet. The proxy mechanism makes surfing external Web sites safer for internal clients.

If employees are constantly requesting pages from the same Web sites, the proxy server can store those requests locally on the server. When additional requests are made for content that has already been retrieved and stored locally, the proxy server will send the requesting client the copies of the pages from its stored cache. Utilizing this function, a proxy server will not have to go back out again and fetch the requested Web pages.

Forefront TMG 2010 can be configured to act as a proxy server in your environment to accelerate the performance of Internet access, as the name implies. In the following flow chart shows how TMG perform Proxy Cache.

image

Figure: Flow chart

Forefront TMG 2010 performs the following steps:

1. Forefront TMG 2010 checks whether the object is valid. If the object is valid, Forefront TMG 2010 retrieves the object from the cache and returns it to the user.

2. If the object is invalid, Forefront TMG 2010 checks the Web Chaining rules.
3. If a Web Chaining rule matches the request, Forefront TMG 2010 performs the action specified by the Web Chaining rule; for example, route the requested directly to a specified Web server, an upstream proxy, an alternate specified server.

4. If the Web Chaining rule is configured to route the request to a Web server, Forefront TMG 2010 determines whether the Web server is accessible.
5. If the Web server is not accessible, Forefront TMG 2010 determines whether the cache was configured to return expired objects. If the cache was configured to allow Forefront TMG 2010 to return an expired object as long as a specific maximum expiration time hasn’t passed, the object is returned from the cache to the end user.

6. If the Web server is available, Forefront TMG 2010 determines whether the object may be cached depending on whether the cache rule is set to cache the response. If it is, Forefront TMG 2010 caches the object and returns the object to the end user.

image  Figure: Simple Visio diagram of proxy cache

Cache Storage:  Forefront TMG 2010 can store objects on the local hard disk, and for faster access can store most of the frequently requested objects on both the disk and the RAM. Cached pages
can be stored immediately in memory (RAM) to be accessed by end users requesting the Web content. A lazy-writer or buffered-writer approach is used to write pages to the disk. By default, 10 percent of physical memory is allocated for RAM caching. The cache file can be stored as follows:

  1. Drive:\urcache\Dir1.cdat
  2. Must be NTFS non system partition (Local disk)
  3. Maximum cache size 64GB

Types of Cache:

Forward Caching: To cache all Internet traffic from external to internal.
That’s all Internet pages requested by internal users.

Reverse Caching: To cache all objects sent from internal to external. This
works with publishing to help offloading the published server.

Configuring Forefront TMG 2010 Web Proxy & Proxy Cache

1. open the Forefront TMG Management Console. Click Forefront TMG (Array Name) in the left pane.

2.In the left pan click on Web Access Policy

3.In the right pane under the Tasks tab, scroll down and click on Web Proxy. Check enable web proxy client connections for this network. Check Enable HTTP and type port 80 or if you want to use web proxy port 8080 then type port 8080.

4. Click on Authentication, Select integrated. Click ok.

5. Click on Advanced, select unlimited Click ok.

6. Now click on Apply and ok.

7. Click on Configure Web Caching , You’ll see the Cache Settings dialog box. Click the Cache Drives tab to access the Forefront TMG 2010 cache storage configuration.
3.Select the array member to enable the Configure button

3. Click Configure to define the cache size and location.

4.To define the cache location and size, select the non system partition where you want to store the cache file and enter the desired size of the cache file in the Maximum Cache Size (64000MB) text box. Click Set and then click OK to close the Cache Settings window.
6. click Apply to apply changes.

Add new cache Rule

1. Go back to Cache Settings mentioned above

2. Click on Cache Rules Tab, Click New button, you will be presented with Cache rule wizard

3. Type name of cache rule for example: Microsoft update Cache rule, click Next

4. You will see cache rule destination, Click Add>Click New>Click URL sets

5. Type Name of the URL sets (For Example Microsoft Update). Click on Add and type URL. Repeat it and the following urls.

6. Click Ok. Now you will see Microsoft Update URL set. Select Microsoft Update URL set. Click Add and Click close to close URL sets.

7. Click Next. Select “If a valid version of the object exist in the cache. If no valid version exists. Route the request to the server”. Click Next.

8. In the cache content window select “If source and request header indicate to the cache” You may also select dynamic contents. Click Next

9. In the Cache Advance Configuration Window, Check Do not cache object larger then 1GB or your preference but remember you have 64GB cache size. Check Cache SSL response. Click next.

10. In the HTTP caching window, keep default settings, Click next

11. In the FTP caching window, keep default or Modify, Click next

12. Click Finish. Apply Changes.

Relevant Articles:

Forefront TMG 2010: How to install and configure Forefront TMG 2010 —-Step by step

Forefront TMG 2010: how to install and configure Forefront TMG 2010—Step by step part II

Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010

Beer mugAdd to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

About these ads

About Raihan Al-Beruni

Raihan Al-Beruni has been working on Microsoft Technologies for more than 15 years. Microsoft Technologies are his passion and blogging on Microsoft product is his hobby. Raihan has published a book on Windows Server 2012 titled “Windows Server 2012 Step by Step” on December 2 2012. He has published hundreds of articles on wide variety of technology. Raihan Al-Beruni has a Master’s degree in Electronic Business from Edith Cowan University, Western Australia. He is Microsoft certified IT Professional in Lync Server 2010, Enterprise Messaging Administrator on Exchange Server 2010, Windows Server 2008. He is a Microsoft Certified Solutions Expert in Private Cloud and Server Infrastructure. He is a VMware Certified Professional on vSphere 5. He is ITILv3 Foundation certified. Other than working on various enterprise technologies and projects, he mostly spends times on playing with new technologies at home or spending time with family.
This entry was posted in Forefront Technologies and tagged , , , . Bookmark the permalink.

12 Responses to Configure Forefront TMG as a Proxy Cache

  1. Pingback: Forefront TMG 2010: Frequently Asked Questions (FAQ) | MicrosoftGURU

  2. Troy says:

    Hi,

    Great article, thanks.

    How does caching behave if a user clicks refresh on their local browser?

    • If a client refresh same page this page will be presented from Cache. If client request additional pages or information on same web site than proxy will send that request to internet or to the source of information. For example if you browse google.com and hit refresh it will come from cache however if you type google.com/adsense it will come from source of the info. Please read second paragraph of the article.

  3. Troy says:

    Hi Raihan,

    Yes, I read the second paragraph and understanding that delivering re-requested content from the cache is the general point of having a proxy cache :)

    Without understanding too much about http headers etc, what I wondered was if TMG is able to detect that the user has explicitly requested a refreshed version of the content and therefore bypasses its own cache to refetch from the remote site.

    If this is not possible, does this not leave the user unable to get a live version of the page if they want to?

    • I suppose this is common behaviour by TMG as proxy cache. But if you want live version of any content than you should not be using proxy cache. proxy cache got up to date content just not live. I hope I answered your question.

      • Troy says:

        Thanks for getting back.

        We are upgrading from ISA 2006, which we have used as a reverse proxy firewall.

        But I am really liking some of the extra goodies in TMG as we’re going through them switching them on, we thought it might be worth using the proxy capabilities too. Just looking around for any issues we should be aware of.

        Thanks again.

      • you should be ok when you upgrade ISA 2006 to TMG 2010. There is no inplace upgrade. So you have to backup and import config.

  4. Sam says:

    Hi,

    I have Juniper firewall and want to use the TMG as a proxy server only, can i do that?

    Thanks

  5. sam says:

    Hi,

    Do you have step by step guide than i can follow?

    Thank you

  6. muhammad sami says:

    hi thanks sir am happy i crate to tmg sir plz give me pdf files

    Forefront TMG 2010: How to install and configure Forefront TMG 2010 —-Step by step

    Forefront TMG 2010: how to install and configure Forefront TMG 2010—Step by step part II

    Forefront TMG 2010: Publish Outlook Web Access and Exchange Servers using Forefront TMG 2010

  7. You have contradicting web access policy in TMG. somewhere in your access policy you have allowed all User access internet instead use AD Group. Use signature block in HTTP/HTTPS access policy. that will fix the issue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s