Remote-access Guide

forefront uag remote access agent

by Khalil Boyle Published 2 years ago Updated 2 years ago
image

Microsoft Forefront Unified Access Gateway (UAG) is a discontinued software suite that provides secure remote access to corporate networks for remote employees and business partners. Its services include reverse proxy, virtual private network (VPN), DirectAccess and Remote Desktop Services.

Full Answer

What is forefront UAG and how does it work?

Forefront UAG provides a gateway for managed and unmanaged remote client endpoints, from a variety of locations, to access corporate applications and resources. Forefront UAG installs client components on client endpoints to enable a number of remote access features.

How do I download files from forefront UAG?

Once you click on the "Download" button, you will be prompted to select the files you need. Forefront UAG provides a gateway for managed and unmanaged remote client endpoints, from a variety of locations, to access corporate applications and resources.

What is Microsoft Forefront Unified Access Gateway?

Microsoft Forefront Unified Access Gateway ( UAG) was a software suite that provides secure remote access to corporate networks for remote employees and business partners. Its services include reverse proxy, virtual private network (VPN), DirectAccess and Remote Desktop Services.

image

When was the Forefront UAG released?

Service Pack 1 for this product was released on 3 December 2010. Update 1 for Service Pack 1 was released on 17 October 2011 Service Pack 2 for this product was released on 6 August 2011. Service Pack 3 was released on 19 February 2013. Service Pack 4 was released on 27 November 2013. On 17 December Microsoft have announced that Microsoft will not deliver any future full version releases of Forefront UAG and the product will be removed from price lists on 1 July 2014

What authentication systems does UAG work with?

It also works with numerous authentication systems and protocols such as Active Directory, RADIUS, LDAP, NTLM, Lotus Domino, PKI and TACACS+. Possible customizations include single-sign-on (SSO), as well as look-and-feel dynamic customization. With the current release of UAG with Update 2, the product also offers support for many third-party systems such as Linux, Macintosh and iPhone. The product also supports Mozilla Firefox .

What is UAG in Windows 7?

UAG's core new functionality centered on its DirectAccess gateway. DirectAccess, launched with Windows 7, was Microsoft's visionary always on VPN which allowed both VPN access and continuous endpoint management and control. At its launch, UAG was the only solution to publishing DirectAccess making the product an integral part ...

What is UAG service?

UAG was released in 2010, and is the successor for Microsoft Intelligent Application Gateway ( IAG) which was released in 2007. UAG is part of the Microsoft Forefront offering. Microsoft discontinued the product in 2014, ...

What is UAG in Microsoft Exchange?

Included are customized granular access policy and security capabilities for Microsoft Exchange Server (2003, 2007 and 2010), Microsoft SharePoint Portal Server (2003, 2007 and 2010), Microsoft Terminal Services and Citrix Presentation Server. The product is highly customizable, and almost any application can be published With UAG.

What is a UAG?

Microsoft UAG provides secure socket layer (SSL) virtual private network (VPN), a Web application firewall, and endpoint security management (for compliance and security) that enable access control, authorization, and content inspection for a wide variety of line-of-business applications.

What is a unified gateway?

It consisted of an appliance housing a 512k memory chip that toggled connections between two servers via a SCSI bus. The product was originally built to offer sneaker-net services and shortly thereafter features to enable HTTP connections were added. In the 90's and early 2000's, e-Gap was enhanced to provide comprehensive reverse proxy features that included in-depth filtering of inbound traffic to ensure the security of the web servers and applications it protected. As adoption grew, the product pivoted to focus more specifically on Remote Access use-cases and additional features and licensing options were added to provide employee and contractor remote access across a range of connectivity options. In 2002, the market evolved into offering more comprehensive SSL VPN features. Whale's uniqueness was in its ability to granularly filter and alter the flow of traffic to enable a path of least access and protect from both known and unknown attacks/vulnerabilities using an application specific positive logic filtering engine.

How to enable DirectAccess on UAG1?

DirectAccess is not enabled by default. To enable DirectAccess features and capabilities on UAG1, you need to run the DirectAccess Configuration wizard. After running the DirectAccess Configuration Wizard, two new Group Policy objects are created – one is linked to the computer account for the UAG DirectAccess server, and the second is linked to the DirectAccess clients security group (DA_Clients) you configured earlier. In addition, the IPv6 components, including support for IPv6 transition technologies and IPv6/IPv4 protocol transition technologies are enabled on the UAG DirectAccess server.

Why is UAG DirectAccess important?

UAG DirectAccess makes this possible because when the DirectAccess client returns to the corpnet, it is able to make a connection to the Network Location Server. Once the HTTPS connection is successfully established to the Network Location Server, the DirectAccess client disables it DirectAccess client configuration and uses a direct connection to the corpnet.

How long to shut down UAG1 and UAG2?

Before you begin testing, we recommend that you shut down both UAG1 and UAG2 for at least five minutes. There are a number of reasons for this, which include ARP cache timeouts and changes related to NLB. When validating NLB configuration in a test lab, you will need to be patient as changes in configuration will not be immediately reflected in connectivity ability until after a period of time has elapsed. This is important to keep in mind when you carry out the following tasks.

What is DC1 in DirectAccess?

DC1 acts as the domain controller, Network Location Server (NLS), Certificate server, DNS server, File Server and DHCP server for the corp.contoso.com domain. The following steps prepare DC1 to carry out these roles to support a working DirectAccess solution:

How does DirectAccess work?

DirectAccess clients use a Network Location Server to determine if the computer is on or off the corporate network. If the DirectAccess client can connect to the Network Location Server using HTTPS, it determines that it is on the corporate network and the DirectAccess client configuration is disabled. If the DirectAccess client cannot connect to the Network Location Server, the DirectAccess client configuration is enabled and then the computer configures itself to use the appropriate IPv6 adapter and IPv6 transition technology to connect to the DirectAccess server (the adapter used can be 6to4, Teredo, or IP-HTTPS).

What is UAG for intranet?

Forefront Unified Access Gateway (UAG) provides users with the experience of being seamlessly connected to their intranet any time they have Internet access. When DirectAccess is enabled, requests for intranet resources (such as e-mail servers, shared folders, or intranet Web sites) are securely directed to the intranet, without the need for users to connect to a VPN. DirectAccess enables increased productivity for a mobile workforce by offering the same connectivity experience both inside and outside of the office. Forefront UAG DirectAccess extends the benefits of Windows DirectAccess across your infrastructure by enhancing availability and scalability, as well as simplifying deployments and ongoing management. For more information, see Overview of Forefront UAG DirectAccess.

Why is DHCP installed on INET1?

The DHCP server role is installed on INET1 so that the DirectAccess client can obtain a public IP address automatically after being connected to the Internet subnet or virtual switch.

What is UAG functionality?

Functionality: Manages Forefront UAG endpoint components. UAG Endpoint components can be used to control clients which want to access a Forefront UAG portal .

What is the function of UAG?

Functionality: Collects monitoring information and forwards it to the Web Monitor. Forefront UAG Administrators can use the Web Monitor to monitor and control portal usages and user sessions.

What is FWSRV firewall?

The Forefront TMG Firewall service (FWSRV) is a generic, circuit-level proxy for Windows Sockets applications. The Firewall service redirects the requesting clients / applications to the Forefront TMG server, thus establishing a communication path from the internal application to the Internet application through the Forefront TMG server. The Firewall service runs as a stand-alone service on the Forefront TMG Server. Forefront TMG provides a set of application filters which offer some functionalities, for example controlling RPC traffic through the RPC-filter or an FTP filter to control the FTP data and control channel communication. Third party vendors are able to extend Forefront TMG functionality with custom application filters.

Does TMG issue alerts?

Forefront TMG does not issue any alerts.

Is outgoing traffic allowed on all networks?

Outgoing traffic from the Local Host network to all networks is allowed . If an outgoing connection is established, that connection can be used to respond to incoming traffic.

Does Forefront TMG depend on Windows?

As with Forefront TMG services, Forefront UAG services depend on other Forefront UAG and Windows services, so you should be familiar with these dependencies.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9