Ci dt v cu hnh TMG theo kiu 3-Leg

https://www.youtube.com/watch?v=DwdSLZBXGHs -video
THNG M MT 6, 2010 L PHN H
TMG l th h k tip ca phn mm bo mt quen thuc SA. TMG h tro nhiu m hnh kin trc bo mt Edge
Firewall, 3-Leg Perimetre, Back-to-Back,. Hm nay, ti gi thiu cho cc ban m hnh 3-Leg Perimeter.
Chng ta s dt ra mt ng cnh d thuc tp:
Tai cng ty Contoso c m hnh mang nhu sau:

Chun bj phn cng th nghim.
Cc ban chun bj mt con Server (HOST):
CPU Support VT/ AMD-V (H tro cng ngh o ha)
RAM 8GB
HDD 160GB
NIC 1GB
OS WINDOWS SERVER 2008 R2:
Ci OS, Add Hyper-V Role.
Update windows
Vo Hyper-V Manager: tao 3 Virtual
NetworkInternal, DMZ, ISP (loa
Internal), External (Loa External)

Ln luot tao cc my o theo danh sch sau:
VM Name Server Name OS Name RAM NIC NAME ROLE
DC1 DC1 Windows Server 2003 R2 512 Internal Domain Controller, DNS
SQL1 SQL1 Windows Server 2003 R2 1024 Internal
Database Server
DC Memeber)
EX-BACK EX-BACK Windows Server 2008 R2 1024 Internal
Exchange Server: HUB+CAS+MB
(DC Member)
TMG TMG Windows Server 2008 R2 2048 Internal,DMZ,EXTERNAL
Firewall
(DC Member)
WEB1 WEB1 Windows Server 2003 R2 1024 DMZ
SHAREPOINT
(DC Memeber)
EX-EDGE EX-EDGE Windows Server 2008 R2 1024 DMZ
EXCHANGE EDGE
(WORKGROUP)
ISP-SIM ISP-SIM Windows Server 2003 R2 512 External, ISP ISP Simulator
Client1 Client1 Windows XP SP3 256 ISP Client Test

[a chi IP ca cc Server:
INTERNAL PERIMETER (DMZ)
DC1
IP: 10.0.0.2/24
GW:10.0.0.1
DNS:10.0.0.2
SQL
IP: 10.0.0.4/24
GW:10.0.0.1
WEB
IP: 10.0.1.4/24
GW:10.0.1.1
DNS:10.0.0.2
EX-EDGE
IP: 10.0.1.5/24
GW:10.0.1.1
DNS:10.0.0.2 DNS:10.0.0.2
ja chi con TMG:
INTERNAL DMZ EXTERNAL
IP: 10.0.0.1/24
GW:
DNS:10.0.0.2
IP: 10.0.1.1/24
GW:
DNS:10.0.0.2
IP: 192.168.1.1
GW:192.168.1.254
DNS:192.168.1.254
[a chi IP ca con ISP-SIM
EXTERNAL ISP
IP: 192.168.1.254
GW: 192.168.1.1
DNS:
IP: 172.16.0.1
GW:
DNS: 172.16.0.1
A CI AT V CU HNH TMG
Ti TMG Eval v my HOST, v Build thnh file TMG.iso (cc ban c th dng tin ch Do-ISO)
Cc ban Mount file TMG.iso vo my TMG. Tn hnh c dt TMG:
Tai mn hnh du tin:

Cc ban chon 'Run Preparaion Tool', n s tu add v config cc phn lin quan truc khi ci dt.

Sau khi xong, cc ban chon 'Run nstallation Wizard' d bt du qu trnh c dt TMG:

Cc ban chon nhu trn mn hnh, lm theo cc buc, cho dn:

Cc ban chon card nternal, qu trnh c dt mt khong 15 pht.
Sau khi c dt xong, ta mn hnh chnh ca TMG:

Cc ban chon: Launch Getting Started Wizard

Cc ban chon: Configure network settings

Nhn Next:

Chon kiu 3Leg perimeter, nhn Next

Chon Card n vo mang nternal, nhn Next

Chon card n ra nternet, nhn Next

Chon card n vo vng DMZ, v buc ny ti chon Private v l do vng DMZ dng P private., nhn Next

Cc nhn Finish. Sau khi xong, ban s quay v mn hnh sau:

Cc ban chon 'Configure system settings'

Nhn Next

Nhn Next

V nhn Finish. Ban s quay v mn hnh sau d tip tuc:

Nhn vo 'Define deployment options







Cc ban d giy lt, v sau cng ban s thy mn hnh config wizard hon tt nhu sau:

Nhn Close, d kt thc qu trnh configure.
B TAO RULE
By gi tin hnh tao cc Rule:
1. Tao RuIe cho php WEB (vng DMZ) c th Join vo Domain trong vng InternaI:
Name Intradomain Communications
Action Allow
Protocols Microsoft CIFS (TCP)
Microsoft CIFS (UDP)
DNS
Kerberos-Adm(UDP)
Kerberos-Sec(TCP)
Kerberos-Sec(UDP)
LDAP
LDAP (UDP)
LDAP GC (Global Catalog)
RPC (all interfaces)
NTP (UDP)
Ping
From Perimeter
To Internal
Users All
Schedule Always
Content Types All content types
Join my WEB vo Domain, chun bj c SharePoint. (Tin hnh Join domain nhu bnh thung)
2. Tao RuIe cho php WEB c th truy cp vo SQL trong vng InternaI:
Name Intradomain Communications
Action Allow
Protocols Microsoft SQL Server
Microsoft SQL (TCP)
Microsoft SQL (UDP)
From WEB Server
(Ban djnh ngha mt Network Object:
Name: WEB server
IP: 10.0.1.4)
To SQL Server
(Ban djnh ngha mt Network Object:
Name: SQL server
IP: 10.0.0.4)
Users All
Schedule Always
Content Types All content types
Mn hnh TMG s tuong tu nhu sau:

C CI AT V CU HNH SHAREPOINT TRN CON WEB SERVER
don gin, chng ta s c dt WSS 3.0 theo co ch Farm v back-end Database l con SQL server trong vng
Internal.
1. CI dt WSS 3.0:
Cc ban ti WSS 3.0 tai dy: download (106MB)
C dt:

Chon Advanced

Chon Web Front-End, nhn nstall Now


2. Cu hnh:


Ty chon ny s kt n vo SQL server bn trong d tao Farm

Cung cp thng tin ca SQL server v t khon c quyn tao database trn SQL server, nhn Next




Nhn Finish. Xong qu trnh configure SharePoint Farm.
3. Tao mt Site d chun b[ PubIish


Chon 'Create a new web application' v lm theo cc buc tun tu d tao.

4. Hiu chinh tn cho site d chun b[ PubIish
Ca s Central Administration > Operations chon Alternate Acces mappings

Chon tip 'Edit Public URLs'

Trong muc nternet g vo http://www.contoso.com, nhn Save.

D PUBLISHING SHAREPOINT TRN CON WEB SERVER

















Test Rule s bo l, chng ta hiu chinh la WEB Listener:


By gi Test Rule la ban s thy OK

5. Th truy cp t mt my Client trn nternet

Cu hnh my SP Server:
Buc N dung
1 Ci dt DNS:
Tao FLZ: contoso.com
Tao A Host record: www tr v P 192.168.1.1 (P ngo ca TMG1)
Tao RLZ:
192.168.1.1 > www.contoso.com
2 C dt DHCP
3 Ci dt Routing and Remote Access


Kh dng my Client1, kim tra d nhn duoc P t DHCP ca SP