TMG Learning (III), firewall client authentication

The firewall wall client is also a Web proxy client by default. Why? After the firewall client is installed, the browser is automatically set to make the browser a Web proxy client of TMG. When the firewall client accesses http/https/ftp, it will connect to port 8080 of TMG, while when accessing other requests, it will connect to port 1745 of TMG.

 

Note: If the firewall client is installed on the client, the smtp protocol is enabled for TMG, and authentication is required for pop3 protocol, the account name and password used to log on to the PC are used for authentication by default, if the authentication fails, you cannot send or receive emails from the mail client outlook, and no prompt is displayed for entering the user name and password.

 

The network topology is as follows:

 

 

Tutorial goal: to test whether the outlook client is installed with bob, enable smtp on TMG, and send and receive Netease emails after pop3, and only bob is allowed to pass, user mark logs on to the pc and uses outlook. Because the account and password do not match the firewall user requirements, emails cannot be sent and received. Check whether the user name and password dialog box is displayed.

 

SMTP and pop3 are enabled in the firewall, and only bob is allowed.

On the TMG Firewall Policy node, select: Create access rule

 

The random access rule name is identified as follows

 

Allow

 

When adding the protocol, we noticed that there are pop3 and pop3 servers. The POP3 server is directed to the inbound server, and the SMTP server is also the inbound server, while Netease wants to access the Internet, therefore, we can directly select pop3 and SMTP protocols.

 

For example, you can directly select POP3 and SMTP.

 

Access rule Source: Internal

 

Access target external

 

Delete all users and create the "send and receive Contact Group" user set"

 

Add User bob only

 

 

This rule is applied to: send and receive contact group users. Currently, only bob is a member.

 

Policy created

 

Set the domain user bob's outlook client. By default, Netease's mailbox provides methods for setting, as shown in figure

 

Set the outlook client, note that although the firewall client is installed, but still must set the gateway, or outlook authentication can not pass, on this point sometimes cannot think, see the link: http://bbs.51cto.com/thread-967399-1.html

 

The client has passed the test, as shown in figure

 

The client sends a test email to itself.

 

If you have received the email you sent yourself

 

The above is done. After bob logs on, the mail is sent and received.

 

Test that the mark user logs on to the PC and still uses the email account and password just now. In fact, this is definitely not successful. For example, the identity verification cannot be completed, there is also a prompt to enter the user name and password, which is different from the Web proxy client. We know that when the Web proxy client accesses the webpage, if the Integrated Identity Authentication fails, a prompt will be prompted to enter the user name and password, but this seems to be a problem, see the specific link: http://www.bitscn.com/ OS /windows/200604/137.html