Use the Forefront Unified Access Gateway (UAG) Create Trunk Wizard to create a Web portal for publishing multiple applications and resources. You can create an HTTP or HTTPS trunk, thus specifying whether a remote endpoint should access the portal over an HTTPS or HTTP.
This topic provides a summary of the settings you can configure in the wizard:
- Select Trunk
Type page
- Setting the
Trunk page
- Authentication
page
- Certificate
page
- Endpoint
Security page
Select Trunk Type page
Select trunk settings.
- Portal trunk
- Select this option to publish multiple applications and resources via a single portal site. You must also select this option when you are using Active Directory Federation Services (AD FS) 2.0 for trunk authentication.
- Publish Exchange applications via the portal
- Select this option to publish Exchange in the portal.
- Active Directory Federation Services (AD FS) 1.x trunk
- Select this option when you are using AD FS 1.x trunk authentication.
Setting the Trunk page
Configure basic trunk settings.
- Trunk name
- Specify the name of the trunk. This name is assigned to the Web site that is created in IIS running on the Forefront UAG server. Within the set of HTTP connections and HTTPS connections, each trunk name must be unique. The trunk name cannot contain the public host name.
- Public host name
- Specify the host name used by client endpoints to reach the Web site. The host name must contain at least two periods.
- IP address
- Specify the external IP address used to reach the published Web application or portal.
- Array Member
- If the Forefront UAG server is part of an array, click the server entry in the IP address column, and select the external IP address of this array member.
- HTTP port; HTTPS port
- Specify the port for the external Web site. Only the default ports of 80 (for HTTP) and 443 (for HTTPS) are supported.
Authentication page
On the Authentication page, select authentication servers that are used to validate user credentials for Web sessions. You can specify multiple authentication servers. If you create a portal with multiple authentication servers, you can configure portal properties to allow users to select an authentication server from a server list.
- Session authentication servers
-
- Add─Click to select the authentication
server against which clients should authenticate to establish a
portal session. In the Authentication and Authorization
Servers dialog box, select a server and click Select. To
add a new server to the list, click Add.
- Click User selects from a server list
to specify that users will be prompted to select an authentication
server during portal login. If you configure one authentication
server, users will authenticate to that server only.
- Select the Show server names check box
to allow users to select an authentication server from a drop-down
list. Otherwise, users must type in the server name.
- Click User provides credentials for each
selected server to prompt users to authenticate to all the
specified authentication servers during session login.
- Select the Use the same user name
check box to specify that users must enter a single user name that
will be used to authenticate to all specified authentication
servers.
- Click User selects from a server list
to specify that users will be prompted to select an authentication
server during portal login. If you configure one authentication
server, users will authenticate to that server only.
- Remove—Select an authentication server
from the list and then click Remove to specify that the
server should no longer be used to authenticate clients requesting
access to a portal session.
- Add─Click to select the authentication
server against which clients should authenticate to establish a
portal session. In the Authentication and Authorization
Servers dialog box, select a server and click Select. To
add a new server to the list, click Add.
Certificate page (HTTPS trunks only)
On the Certificate page, select the server certificate that will be used to authenticate the Forefront UAG server to the endpoint.
- Server certificate
- In the Server certificate drop-down list, select the
server certificate that will be used to authenticate the Forefront
UAG server.
Note: Forefront UAG does not support certificates with four-level domain names; for example, hr.uag.contoso.com.
- Launch Certificate Manager
- Click to open the Certificate Manager Microsoft Management
Console (MMC). Using Certificate Manager, you can import a
certificate into the IIS Certificate store, as follows:
- On the Action menu of Certificate
Manager, click All Tasks, and then click Import.
- Follow the instructions in the Certificate
Import Wizard.
- On the Action menu of Certificate
Manager, click All Tasks, and then click Import.
Endpoint Security page
On the Endpoint Security page of the Create Trunk Wizard, control access to portal, by selecting policies that allow or deny access based on the health of client endpoints.
- Use Forefront UAG access policies
- Select to determine the health of client endpoints using in-built Forefront UAG access policies.
- Use Network Access Protection (NAP) policies
- Select to determine the health of client endpoints using Network Access Protection (NAP) policies downloaded from a Network Policy Server (NPS) server.