Set up TMG for SharePoint on-prem

These are the step you should use to set up your SharePoint site in your Threat Management Gateway (TMG)


  1. Set up alternate access mappings for this URL in the SharePoint Central Admin
  2. Create internal and external DNS for the SharePoint URL
    1. Internal DNS points to the IP of the SharePoint Server
    2. External DNS points to the IP of the TMG
  3. Create the SSL certificate (if not created), and export it to a .PFX
  4. Import SSL Certificate onto the TMG Server
    1. Local Computer > Personal Certificates store
  5. Create New TMG Web Listener
    1. Launch the Web Listener Wizard
    2. Create a name identifying the SharePoint site URL in it
    3. Use SSL
    4. Choose: Internal
      1. Select IP Addresses
      2. Click New
      3. Click Add IP
      4. Add the internal IP address of the SharePoint server, click OK
      5. choose the IP you added, and click the Add button
      6. Ok
      7. Next
    5. Choose the certificate you imported into the server for this site >Next
    6. HTML Form Authentication > Windows (Active Directory) > Next
    7. Enable SSO > Type in root domain name > Next
    8. Finish
    9. Go into the properties of the Web Listener
    10. Go to the Connections Tab
      1. Make sure it's set up for HTTP (80) and HTTPS (443)
      2. Redirect all traffic from HTTP to HTTPS
  6. Set up the TMG Firewall Rule
    1. Right Click on Firewall Rules > New > SharePoint site Publishing Rule
    2. Type in the URL of your SharePoint site set up in internal DNS
    3. Pick either single server, or balanced, depending how your SharePoint architecture is built. I will pick single for these directions.
    4. Do Not use SSL
    5. Type in the internal DNS name to get to the site
    6. Type in the internal DNS name to get to the site
    7. Choose the listener you set up > Next
    8. Authentication Delegation: Keep default > Next 
    9. Choose: SharePoint AAM is already configured on the server > Next
    10. Keep All Authenticated Users > Next
    11. Finish
Share on Google Plus

About Tom DeMeulenaere

Highly accomplished information technology professional with extensive knowledge in System Center Configuration Manager, Windows Server, SharePoint, and Office 365.
    Blogger Comment

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.