You administer a Windows Essential Business Server 2008 environment. The network contains a Forefront Threat Management Gateway (TMG) installed on the Security Server. All the client computers in the domain run Windows XP Professional.
The company has recently opened a new branch office. You install another Forefront TMG server named TMG2 in the branch office that is connected to the main office through a WAN connection. Most of the client computers in the branch office network have Firewall clients installed. A few client computers are configured as Web Proxy clients.
You are required to minimize the load on TMG2 by preventing Web Proxy clients from looping back through the firewall to access internal Web servers while connecting to servers by using a single label name.
What should you do to achieve the stated goal by involving minimum administrative effort?
A.
On TMG2, select the Bypass proxy for Web server in this network option on the Web Browser tab in the properties dialog box of the internal network.
B.
On TMG2, select the Directly access computers specified in the Domains tab option on the Web Browser tab in the properties dialog box of the internal network.
C.
On TMG2, add the list of computer addresses or domain names that you want to configure for Direct Access.
D.
On TMG2, configure the list of domain names available on the internal network to include the branch domain.
Explanation:
You should select the Bypass proxy for Web server in this network option on the Web Browser tab in the properties dialog box of the internal network on TMG2 . The Bypass proxy for Web servers in this network option configures the Web Proxy clients to connect directly to the Web servers on their local network. This option allows the Web proxy client computers to bypass their Web proxy configuration while connecting to servers by using a single label name, such as http://srvl. If you use the single label name to connect to a Web server, the Web browser ignores the Web proxy settings and connects directly to the Web server. This is known as direct access. While using direct access, the connection is not handled by the Forefront TMG server, and the Forefront TMG server does not perform name resolution on behalf of the client computer. Therefore, the client computer must perform the name resolution on its own. If the client computers are configured as Web Proxy clients, then you should configure the Web browser on the client computers to include the fully qualified domain name (FQDN) of their domain.You should not select the Directly access computers specified in the Domains tab option on the Web Browser tab in the properties dialog box of the internal network on TMG2 . This option allows Web Proxy client computers to bypass the Web proxy configuration while connecting to hosts belonging to a domain included in the Domains tab on the Internal Properties dialog box. To ensure that clients bypass the Web proxy filter for Web servers located in the client network, you will have to add Web servers’ domain to the Domains tab. This will require more administrative effort than configuring the Bypass proxy for Web server in this network option.
You should not add the list of computer addresses or domain names that you want to configure for direct access on TMG2 . Direct access indicates that clients should not go through Forefront TMG in order to access resources on their own network. Direct access is a configuration that affects both Web Proxy clients as well as Firewall clients. You are only required to affect the Web Proxy clients.
You should not configure the list of domain names available on the internal network to include the branch domain. Doing this without also checking the Directly access computers specified in the Domains tab option will affect only Firewall clients and not Web Proxy clients. Even if you did check that box, you are only required to affect Web Proxy clients.