Configuring Web proxy clients

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Web proxy clients are applications that make HTTP, HTTPS, or FTP-over-HTTP, download requests to the TCP port on which Forefront TMG listens for outbound Web requests in the client network.

A Web proxy client application must be:

  • CERN-compatibleā€”That is, it understands the correct method for making a Web proxy request.

  • Able to provide a means for clients to specify a name (or IP address) and port to be used for Web proxy requests.

Web proxy clients display the following characteristics:

  • Any application running on a client computer in an internal network can be a Web proxy client if it makes requests, as described above. Typically, clients are Web browser applications that comply with HTTP 1.1. The browser either specifies Forefront TMG as a proxy, or it uses automatic detection to receive proxy settings from another server.

  • Clients use automatic detection to discover the Forefront TMG server to be used for Web proxy requests.

  • Protocols are limited to HTTP, HTTPS, and FTP over HTTP requests.

  • Clients can authenticate to Forefront TMG by using Basic, Digest/WDigest, or Integrated authentication.

  • Forefront TMG resolves requests on behalf of Web proxy clients.

Configuring Web proxy clients, and browser clients to use Forefront TMG as a Web proxy

Configure Web proxy clients as follows:

  • Enable an internal or perimeter network to listen for requests from Web proxy clients. Forefront TMG listens for outbound Web requests from clients located in the default Internal network on port 8080.

Configure browser clients to use Forefront TMG as a Web proxy as follows:

  • Manually specify a static proxy in the browser settings.

  • Alternatively, use an automatic detection method so that clients use a configuration script or the WPAD protocol to discover which proxy server they should use. For more information, see Configuring automatic detection.

For clients with Forefront TMG Client software installed, you can configure client Web browser settings in Forefront TMGĀ Management. These settings are pushed to clients following installation, on demand, or periodically.

Web proxy clients can be configured to directly access resources located in their own network and to bypass the proxy for specific domain names and addresses. For more information, see Bypassing Forefront TMG for Web proxy client requests.


Configuring client computers
Planning automatic Web proxy detection