I just set up a TMG 2010 server as an edge firewall. The TMG machine has two NICs:
- LAN: IP-192.168.1.1, Netmask-255.255.255.0, DNS-192.168.1.3, Gateway-(blank)
- WAN: IP-119.x.x.98, Netmask-255.255.255.248, DNS-(blank), Gateway-(119.x.x.97)
The TMG's LAN NIC is plugged into a switch, into which all other subnet PCs are also plugged; while the TMG's WAN NIC is plugged with the ISP's cable coming into our office. That's the network topology. The subnet PCs are set up to use static IPs 192.168.1.x, DNS 192.168.1.3 and Gateway 192.168.1.1.
I followed the steps in this tutorial, and also enabled Web Protection, so that created two additional firewall rules: one for block some default categories (like porn, etc), the other rule enables internal access to external network for HTTP and HTTPS for all users. But, the subnet PCs don't have internet access. I am new to ISA/TMG, and Firewall/Gateway in general, can someone please shed a light on this? Thanks.
UPDATE: I got the internet working, finally. It turned out that I accidentally enabled web proxy on the LAN NIC, so it's turned off. Also, I added DNS to the allow internal web access rule in addition to HTTP and HTTPS. So now it's working fine.
But, there is still some problem: I can't access the gmail page, it says the site's security certificate is not trusted and just won't load the page.
Best Answer
That tutorial describes how to set up your networks in TMG but it makes no mention of firewall rules.
After installation, TMG is configured with just one firewall rule which denies all traffic from anywhere, to anywhere. It's up to you to configure the access rules. Did you?
EDIT: Regarding your GMail problem, does it do this with any SSL site? If so, have you perhaps enabled HTTPS inspection? If you do this, you will also need to deploy a certificate to your clients. TMG uses this certificate to re-encrypt the connection from the client to the TMG server.