Use the Forefront Unified Access Gateway (UAG) Create Trunk Wizard to create a Web portal for publishing multiple applications and resources. You can create an HTTP or HTTPS trunk, thus specifying whether a remote endpoint should access the portal over an HTTPS or HTTP.

This topic provides a summary of the settings you can configure in the wizard:

Select Trunk Type page

Select trunk settings.

Portal trunk

Select this option to publish multiple applications and resources via a single portal site. You must also select this option when you are using Active Directory Federation Services (AD FS) 2.0 for trunk authentication.
Publish Exchange applications via the portal

Select this option to publish Exchange in the portal.
Active Directory Federation Services (AD FS) 1.x trunk

Select this option when you are using AD FS 1.x trunk authentication.

Setting the Trunk page

Configure basic trunk settings.

Trunk name

Specify the name of the trunk. This name is assigned to the Web site that is created in IIS running on the Forefront UAG server. Within the set of HTTP connections and HTTPS connections, each trunk name must be unique. The trunk name cannot contain the public host name.
Public host name

Specify the host name used by client endpoints to reach the Web site. The host name must contain at least two periods.
IP address

Specify the external IP address used to reach the published Web application or portal.
Array Member

If the Forefront UAG server is part of an array, click the server entry in the IP address column, and select the external IP address of this array member.
HTTP port; HTTPS port

Specify the port for the external Web site. Only the default ports of 80 (for HTTP) and 443 (for HTTPS) are supported.

Authentication page

On the Authentication page, select authentication servers that are used to validate user credentials for Web sessions. You can specify multiple authentication servers. If you create a portal with multiple authentication servers, you can configure portal properties to allow users to select an authentication server from a server list.

Session authentication servers

  • Add─Click to select the authentication server against which clients should authenticate to establish a portal session. In the Authentication and Authorization Servers dialog box, select a server and click Select. To add a new server to the list, click Add.

    • Click User selects from a server list to specify that users will be prompted to select an authentication server during portal login. If you configure one authentication server, users will authenticate to that server only.

    • Select the Show server names check box to allow users to select an authentication server from a drop-down list. Otherwise, users must type in the server name.

    • Click User provides credentials for each selected server to prompt users to authenticate to all the specified authentication servers during session login.

    • Select the Use the same user name check box to specify that users must enter a single user name that will be used to authenticate to all specified authentication servers.

  • Remove—Select an authentication server from the list and then click Remove to specify that the server should no longer be used to authenticate clients requesting access to a portal session.

Certificate page (HTTPS trunks only)

On the Certificate page, select the server certificate that will be used to authenticate the Forefront UAG server to the endpoint.

Server certificate

In the Server certificate drop-down list, select the server certificate that will be used to authenticate the Forefront UAG server.
Forefront UAG does not support certificates with four-level domain names; for example,
Launch Certificate Manager

Click to open the Certificate Manager Microsoft Management Console (MMC). Using Certificate Manager, you can import a certificate into the IIS Certificate store, as follows:
  • On the Action menu of Certificate Manager, click All Tasks, and then click Import.

  • Follow the instructions in the Certificate Import Wizard.

Endpoint Security page

On the Endpoint Security page of the Create Trunk Wizard, control access to portal, by selecting policies that allow or deny access based on the health of client endpoints.

Use Forefront UAG access policies

Select to determine the health of client endpoints using in-built Forefront UAG access policies.
Use Network Access Protection (NAP) policies

Select to determine the health of client endpoints using Network Access Protection (NAP) policies downloaded from a Network Policy Server (NPS) server.