Publishing multiple Web sites over HTTPS
- In the Forefront TMG Management console tree, click Firewall Policy.
- In the task pane, click the Toolbox tab.
- On the Toolbox tab, click Network Objects, click New, and then select Web Listener to open the New Web Listener Wizard.
- Complete the New Web Listener Wizard as outlined in the following table.
Page Field or property Setting or actionWelcome to the New Web Listener WizardWeb listener nameType a name for the Web listener. For example, type:HTTPS Web Site ListenerClient Connection SecuritySelect Require SSL secured connections with clients.Web Listener IP AddressesListen for incoming Web requests on these networksSelect the External network. Click Select IP Addresses, and then select Specified IP Addresses on the Forefront TMG computer in the selected network. In theAvailable IP Addresses list, select the appropriate IP address, click Add, and then click OK.Authentication SettingsSelect how clients will provide credentials to Forefront TMGFor HTTP authentication (the default option), select one or more of the check boxes. In a workgroup deployment, you can select only Basic.If you want to require clients to provide a certificate, in the drop-down list, select SSL Client Certificate Authentication.For form-based authentication, in the drop-down list, select HTML Form Authentication.Collect additional delegation credentials in the formThis check box appears only when HTML Form Authentication is selected.Select this check box only if you intend to select RADIUS OTP or SecurID.Select how Forefront TMG will validate client credentialsFor HTTP authentication, if you select Basic authentication in a workgroup, you can select LDAP (Active Directory) or RADIUS.For forms-based authentication, select one of the available options.Single Sign On SettingsEnable SSO for Web sites published with this listenerSingle sign on (SSO) is available only when forms-based authentication is used.Do not select.Completing the New Web Listener WizardReview the settings, and then click Finish.
- In the task pane, click the Tasks tab.
- On the Tasks tab, click Publish Web Sites to open the New Web Publishing Rule Wizard.
- Complete the New Web Publishing Rule Wizard as outlined in the following table.
Page Field or property Setting or actionWelcome to the New Web Publishing Rule WizardWeb publishing rule nameType a name for the Web publishing rule. For example, type:Multiple Web Sites (HTTPS)Select Rule ActionActionSelect Allow.Publishing TypeSelect Publish multiple Web sites.Specify Web Sites to PublishPublished sitesFor each Web site that you want to publish, click Add, and in Internal site name, type the host name that Forefront TMG will use in HTTP request messages sent to the published server, and then select Forefront TMG will use SSL to connect to the Web site.Published Web Sites Public NamesPublic name suffixType the suffix that will be appended to the internal site names specified on the Specify Web Sites to Publish page to create the public names that users will use to access the published Web sites.Select Web ListenerWeb ListenerIn the drop-down list, select the Web listener that you created in step 4. You can then click Edit to modify properties of the Web listener that is selected.Authentication DelegationSelect the method used by Forefront TMG to authenticate to the published Web serverSelect No delegation, and client cannot authenticate directly.User SetsThis rule applies to requests from the following user setsDo not change the default option, All Authenticated Users.Completing the New Web Publishing Rule WizardReview the settings, and then click Finish.
- In the details pane, click Apply, and then click OK.
- For more information about Web listeners, see Web listener overview.
- When publishing over SSL, an SSL server certificate that was issued to the public host name of each published Web site must be installed in the Personal store for the local computer on the Forefront TMG computer. If the Web publishing rule requires an SSL connection between the Forefront TMG computer and the published server, an SSL server certificate that was issued to the host name specified as the applicable internal site name must be installed on each published server. For more information about obtaining and installing SSL server certificates, see Configuring server certificates for secure Web publishing.
- This procedure creates a separate Web publishing rule for each published site specified.
- When you publish multiple Web sites according to this procedure, the public name suffix is appended to each of the internal site names that you specify. For example, if you want to publish the sites news.fabrikam.com, sports.fabrikam.com, and weather.fabrikam.com, specify the internal site names news, sports, and weather, and then provide the public name suffix fabrikam.com. The wizard will create three Web publishing rules, one for each of the sites, each using the same Web listener.
- You can configure the way in which credentials are passed to the published server in a Web publishing rule. For more information, see About delegation of credentials.
- Web publishing rules match incoming client requests to the appropriate Web site on the Web server.
- You can create Web publishing rules that deny traffic, to block incoming traffic that matches the rule conditions.
- Forefront TMG does not treat paths as case-sensitive. If your Web server includes both foldera and folderA, and you publish a path to one of the folders, both folders will be published.
- For more information about other settings in Web publishing rules, see Overview of Web publishing concepts.