The following should be done before configuring the DirectAccess client section of the Forefront UAG DirectAccess Configuration Wizard:

Wizard Page Before you run the Forefront UAG DirectAccess server section of the Wizard

Load Balancing

(This page will only be present in an array configuration)

If the Forefront UAG is configured as an array then load balanced VIPs must be configured for the external and internal adapters before enabling Forefront UAG DirectAccess.


Ensure that two Internet-facing consecutive public static IPv4 addresses, and an internal static IPv4 address or a static IPv6 address are configured on the Forefront UAG DirectAccess server.

IP-HTTPS Certificate

Prepare an IP-HTTPS certificate that authenticates the Forefront UAG DirectAccess server to DirectAccess clients connecting with IP-HTTPS.

Prefix Configuration

(This page will only be present with a native IPv6 configuration)

If you are using native IPv6 in your organization, prepare the IPv6 prefixes as described in Configuring IPv6 prefixes in SP1.

IPsec Certificate Authentication

Prepare a root or intermediate certificate authority that issues certificates to DirectAccess servers and clients.