As you develop a deployment strategy for Forefront UAG DirectAccess, you should consider what packet filters you need to add to the firewalls and computers in your organization.
Packet filtering must be modified for multiple components on your network to allow for the different types of traffic. The following topics describe the required packet filtering for each type of traffic:
- Packet filtering for the
Internet firewall—DirectAccess client traffic to and from
Forefront UAG DirectAccess servers on the Internet.
- Packet filtering for
intranet firewalls—Forefront UAG DirectAccess server traffic to
and from the intranet.
- Confining ICMPv6 traffic
to the intranet—Encapsulated DirectAccess client traffic to and
from the intranet.
- Packet filtering for
Teredo connectivity—Teredo discovery traffic for DirectAccess
clients located behind network address translation (NAT)
devices.
- Packet filtering for
management computers—Management server traffic to DirectAccess
clients.
- Forefront UAG
DirectAccess and Third-party host firewalls—Describes
third-party host firewall requirements.