Configure Forefront TMG as a NPS (Radius) Client for VPN and local clients

In this article, I will describe how to configure Forefront TMG as a RADIUS client. As a radius client FF TMG act as a messenger sending RADIUS request to NPS for authentication and authorization of VPN connection. The following Visio diagram shows placement of TMG as radius client.

image

To configure FF TMG as a RADIUS client

Log on to TMG server, open Forefront TMG Management console, click Remote Access Policy (VPN)>click Radius Server or Specify RADIUS Configuration.

35

You will see VPN property. On the RADIUS tab, click Use RADIUS for authentication>click RADIUS Servers.

34

click Add. Type Server name or IP address of the NPS server. create a new shared secret. This Shared Secret will be same as shared secret in NPS server when you add TMG as a client in NPS.

  4

3

Click OK>Click OK. Apply Changes and click ok.

Note: Above configuration apply for ONLY VPN clients.

To configure Forefront TMG to authenticate local client

33

Open Forefront TMG Management console, click the Firewall Policy node>Click Tasks pane> click Configure Client Access. Select Internal (Local Networks)>click Configure.

29

30

Click on Web Proxy tab>click Authentication> Under Method, clear any other selected methods, and then select RADIUS. Click RADIUS Servers>click Add.

31

32

Now add Server name or IP address of the RADIUS server, add New Shared secret as you did in previous steps. Apply changes you have made. 

To create Radius Firewall Policy using FF TMG 2010

Open Forefront TMG Management console, right click the Firewall Policy node>Click New>Click Access Policy. You will see new policy wizard. Type the name of the policy>Click next

9

10

Click Allow on Rule Action>Click Add on protocol property>add Radius and Radius Accounting protocol

11

12

On the access rule window, add VPN clients as source. If you are creating this policy for internal clients than add internal networks instead of VPN clients.

13

Specify destination that is NPS server location on the next screenshot. in this article NPS server is placed in internal networks so I added internal network.

14

On the next window, add Active Directory Group which this rule has been applied for.

15

16

Click Finish and apply changes.

17

8

Note: you have to create firewall policy for the clients. In this example, I have shown firewall policy for VPN client. If you want to create policy for internal client, you have to change source of clients. Protocol will be same as shown above screen shots.

To add Forefront TMG as a RADIUS client on NPS

Log on to Network Policy Server, Open NPS management console>right click RADIUS Clients>click New RADIUS Client.

18

On the New RADIUS Client dialog box>type a name>type a description of FF TMG>Type IP address of Forefront TMG. In the shared secret box, type a shared secret. This shared secret is the same shared secret you typed in FF TMG as mentioned at the beginning of this article.

19

21

Select the RADIUS client is NAP-capable check box, if you want to enforce VPN client’s health policy. click OK.

20

To enforce Health Policy for VPN clients:

On Network Policy Server or a different windows server 2008, open Server Manager>Click Role>Click Add Role>Select Health Registration Authority Role>Click Next and follow the screenshots.

22

Open NPS Management Console>Right Click on Health Policy>Click New

23

Type Policy Name>Select Client’s SHV Checks>Check Windows Security Health Validator

24

Select and Check appropriate firewall policy, windows update and antivirus update policy. Apply and Click Ok.

25

2627

Click Configure to add remediation server for health registration.

28

 

 

Blogging year 2010—-what stats says

Sharing stats of my blog https://araihan.wordpress.com with my visitors. I started this free wordpress before founding http://microsoftguru.com.au

Team WordPress.com + Stats Helper Monkeys
January 2nd, 2011, 03:35pm

Here’s a high level summary of my overall blog health:

Blog-Health-o-Meter
Wow

Blog-Health-o-Meter™

“We think you did great!” comments by WordPress

Crunchy numbers

Featured image

 

This blog (https://araihan.wordpress.com) was viewed about 200,000 times in 2010.

The most popular post that day was Forefront TMG 2010: How to install and configure Forefront TMG 2010 —-Step by step.

Where did they come from?

The top referring sites in 2010 were google.com, google.co.in, microsoftguru.com.au, experts-exchange.com, and en.wordpress.com.

Some visitors came searching, mostly for exchange 2010 edge, network policy server radius, exchange 2010 edge transport, installing tmg 2010, and exchange 2010 edge subscription.

Attractions in 2010

These are the posts and pages that got the most views in 2010. You can see all of the year’s most-viewed posts and pages in your Site Stats

Forefront TMG 2010: How to install and configure Forefront TMG 2010 —-Step by step March 2010
 

Windows Server 2008: how to configure Network Policy Server or Radius Server –Step by Step Guide November 2009
 

Install and configure WSUS 3.0 SP2 – Step-By-Step August 2009
 

Step by Step Guide on Exchange Server 2010 Edge Transport Role November 2009
 

Transitioning from Exchange Server 2003 to Exchange Server 2010—-Step by Step October 2009
 

Comments from WordPress: “Some of your most popular posts were written before 2010. Your writing has staying power! Consider writing about those topics again”.

See you in 2011!