You can permit users to access backed up messages from outside the organization while using Web gateways. In this procedure, Forefront Threat Management Gateway 2010 is used as an example to illustrate the complete process.
Procedure
-
Navigate to the Microsoft Forefront Threat Management Gateway.
-
Right-click Firewall Policy, and then click New > Web Site Publishing Rule.
-
Enter a name that will help you identify the rule correctly in the space, and then click Next.
-
Click Allow, and then click Next.
-
Click Publish a single Web site or load balancer, and then click Next.
-
Click User SSL to connect to the published Web server, and then click Next.
-
Enter the site name in the Internal site name box, enter the IP address of the Web Console Server in the Computer name or IP address box, and then click Next.
The site name should be the same as the one specified in the Web Server URLs tab of the Advanced Client Properties.
-
Enter the path /webconsole/* in the Path (optional) box, and then click Next.
-
Enter the public name to be used for the Web Console in the Public Name box, and then click Next.
The site name should be the same as the one specified in the Web Server URLs tab of the Advanced Client Properties.
-
Select New to create new Web Listener, and then click Next.
-
Enter a name that will help you identify the Web Listener correctly in the space, and then click Next.
-
Click Require SSL secured connections with clients, and then click Next.
-
Select the External check box to listen for the incoming Web request , and then click Next.
-
Click Specified IP addresses on the Forefront TMG computer in the selected network.
-
Select the IP address from the list of Available IP Addresses, click Add IP, and then click OK.
-
Verify that the External check box is selected, and then click Next.
-
Click Use a single certificate for this Web Listener, and then click Select Certificate.
-
Select the certificate that you imported into the TMG server that you plan to use, click Select, and then click Next.
For more information, see the Microsoft Technet article "Importing a certificate to a Forefront TMG computer", http://technet.microsoft.com/en-us/library/cc995102.aspx
-
From the Select how clients will provide credentials to Forefront TMG list, select No Authentication, and then click Next.
-
Click Finish.
-
Make sure that the new listener is selected, and then click Next.
-
From the Select the method used by Forefront TMG to authenticate to the published Web server list, select No delegation, but client may authenticate directly, and then click Next.
-
Click Next.
-
Click Finish.
-
Click Apply.