Ok, you just installed your TMG Server, but now non of your internal clients can access the internet or external resources. To fix this you need to create a so called Access Rule on you TMG server. For this demonstration I will create access rules so internal clients can connect to the internet. For this we need to grant access to HTTP, HTTPS, DNS, and two rules will be created, one to allow HTTP/HTTPS traffic and the other one for DNS.

Open your TMG console and go to Firewall Policy. Here on the Tasks pane click Create Access Rule.

The New Access Rule Wizard opens. Give the rule a name, like Allow HTTP/HTTPS. Click Next.

What action do you want for this rule to apply ? Off course since we are creating an allow rule click Allow, then hit Next.

On the Protocols screen click Add, and in the new window expand Common Protocols. Add the HTTP and HTTPS protocols, then click Close and Next.

On the Malware Inspection screen choose Enable malware inspection for this rule if you want TMG to check for malware on all outgoing HTTP traffic. For this example I am going to choose not to.

Here we tell TMG the source of the traffic, witch is the internal network,

so click the Add button, expand Networks and add the Internal network. Click Close and Next.

On the Rule Destination screen we tell TMG where the internal traffic is going. In this case is going to external, witch means the internet (all hosts/destinations). Click Add, expand Networks and add the External network.

In this example we permit all users to access the internet. Just leave the defaults and click Next.

Click Finish on the Summary page.

We are done with the HTTP/HTTPS rule. Now we need to create the DNS rule so clients can find websites. Go through the same steps again until you reach the Protocols screen. Here click the Add button, expand Infrastructure and add the DNS protocol. Finish the wizard using the same settings like the previous rule.

 The rules to take effect you need to click the Apply button.

After a few seconds you should have something like this.

As proof that it works I attached the TMG log activity. As you can see the traffic is allowed for the Microsoft website, witch I accessed from one of the internal clients.