Because Forefront Unified Access Gateway (UAG) enables you to provide access to specified internal resources, you should check that these resources are available as and when required. For example, if you are publishing an internal Web site so that users can access the site remotely and the Web server is accidentally turned off, users will be unable to access this resource. This might not be a Forefront UAG issue. In addition to checking that internal resources are working, verify that the servers and services required to provide access to the necessary resources required by your users are also functioning.

Forefront UAG administrators should perform the following connectivity checks, as and when required:

Connecting a client endpoint to the Forefront UAG server

To ensure that the Forefront UAG server is available you might want to check connectivity to the Forefront UAG server from a client endpoint.

Testing connectivity between a client endpoint and the Forefront UAG server

  1. From a client endpoint, open your Web browser.

  2. For each trunk, in the address bar, enter the Public host name of the Portal, as configured in the trunk configuration. For example, if you created an HTTPS trunk with a public host name of portal.contoso.com, from your browser type: https://portal.contoso.com. If there is connectivity and the Forefront UAG portal is functioning, the relevant portal screen displays.

    Examples include:

    • The Application and Network Access page.

    • The Install and Detect page.

    • The Portal home page (if the trunk does not have authentication configured).

    • An Application page (if authentication is not configured on the trunk and another application is configured as the initial application, or if authentication is not configured on the trunk and you typed the AAM link for an application).

Connecting a client endpoint through Forefront UAG to backend server applications

Forefront UAG allows client endpoints to access internal corporate resources by publishing applications via one or more Forefront UAG trunks. Endpoints then access applications via a Forefront UAG portal Web page.

You can test connectivity between client endpoints and backend server applications as follows:

  • By connecting through the portal, as follows:

    1. From a client endpoint, open your Web browser.

    2. For each trunk, in the address bar, enter the Public host name of the Portal, as configured in the trunk configuration. For example, if you create an https trunk with a public host name of portal.contoso.com, from your browser type: https://portal.contoso.com. If there is connectivity and the Forefront UAG portal is functioning, the Application and Network Access portal screen displays requesting authentication credentials.

    3. After your credentials have been authenticated, the Application and Network Access Portal appears in the Web browser. Connect to an application to confirm that it is functioning.

  • If an Application host name URL is resolvable using public DNS servers, you can access the application by typing the URL in your Web browser.

Automatically checking connectivity

You can configure connectivity verifiers that test connectivity to specified servers, and if connectivity fails, Forefront TMG generates an alert to the Event viewer.

To configure connectivity verifiers

  1. On the taskbar, click Start, click All Programs, click Microsoft Forefront TMG, and then click Forefront TMG Management.

  2. Expand the Forefront TMG node, click Monitoring, click the Connectivity Verifiers tab, then, in the right pane, click Tasks, and click Create New Connectivity Verifier.

  3. Follow the on-screen instructions to create connectivity verifiers for each server whose connectivity you want to monitor. For more information, see Monitoring Server Connectivity (http://go.microsoft.com/fwlink/?LinkId=184793).

To monitor connectivity verifiers

  1. On the taskbar, click Start, click All Programs, click Microsoft Forefront TMG, and then click Forefront TMG Management.

  2. Expand the Forefront TMG node, click Monitoring, and then click the Connectivity Verifiers tab. If the status indicates connectivity problems, select the Alerts tab to see which server has failed.

    Note:
    When a connectivity verifier fails, an event is sent to the Event viewer.

Using the Forefront UAG management pack

If Microsoft System Center Operations Manager 2007 is deployed, you can use Forefront UAG management pack (version 4.0.1095.0) to monitor Forefront UAG servers. You can create customizations within a management pack, such as overrides or new monitoring objects. As a best practice, you should create a separate management pack for each sealed management pack that you want to customize.

For more information about System Center Operations Manager 2007, see the System Center Operations Manager (http://go.microsoft.com/fwlink/?LinkId=184792).

For more information about the Forefront UAG management pack (version 4.0.1095.0), see Using System Center Operations Manager (SCOM).