You can experience the problem described in this post if you’re running:
- Forefront Threat Management Gateway Medium Business Edition with Windows Essential Business Server 2008.
- Forefront Threat Management Gateway Medium Business Edition as a standalone installation.
Note: This problem doesn’t occur when you are running Forefront Threat Management Gateway 2010.
If you haven’t defined your Web access policy rules using the Web Access Policy Wizard (available from the Tasks pane –> Configure Web Access policy), you can set or modify the authentication methods for the Web Proxy, as follows:
1. Click the “Configure Web Proxy” task in the Tasks pane:
2. Click the “Authentication…” button under the “Web Proxy” tab to display the available authentication methods:
3. Enable the “Integrated” & “Basic” authentication methods (for purposes of this example) and click OK to apply the changes.
After the changes have been applied (the synchronization status appears as green under Monitoring -> Configuration), if you then open the “Authentication” settings dialog box again, you’ll see that the changes you made do not appear in the UI:
However, this is purely a UI issue, and your changes have actually been applied (that is, the outgoing web traffic will be authenticated accordingly).
You can double check that the authentication methods are properly set by running the Visual Basic script below. This script will display the authentication methods that are enabled for the internal network:
Set tmgArray= root.GetContainingArray()
Set internalNet = tmgArray.NetworkConfiguration.Networks("Internal")
Set webListener = internalNet.WebListenerProperties
If webListener.BasicAuthentication = True Then
Wscript.Echo "Basic authentication is enabled"
If webListener.IntegratedWindowsAuthentication = True Then
Wscript.Echo "Integrated Windows authentication is enabled"
If webListener.DigestAuthentication = True Then
Wscript.Echo "Digest authentication is enabled"
If webListener.SSLCertificateAuthentication = True Then
Wscript.Echo "SSL Certificate authentication is enabled"
Set authenticationSchemes = webListener.AuthenticationSchemes
For each authenticationScheme in authenticationSchemes
Wscript.Echo authenticationScheme.Name & " authentication is enabled"
To resolve this issue, do the following:
1. Define your Web access policy rules using the Web Access Policy Wizard, available from the Tasks pane:
The resulting Web Access Settings will look similar to this:
2. Configure the authentication methods according to your requirements, by clicking the highlighted link below:
As a result, any changes you made to the authentication settings will appear in the UI.
Eric Detoc, TMG Escalation Engineer, Forefront TMG
Doron Juster, Senior Development Engineer, Forefront TMG
Gabriel Koren, Forefront TMG Test Team