Publishing Multiple HTTP Web Sites with TMG 2010

It’s piece-of-cake to publish a single HTTP website with TMG 2010, but what do you do when you have multiple web sites in your organization and you want all of them to be visible to the world. Is not a difficult process, but there are a lot of steps involved. 

For this lab I have two web servers running IIS 7.5 (that’s Windows 2008 R2), a Domain Controller, and a TMG 2010 server. All servers are joined to the Windows domain vkernel.local. I wanted to put the web servers configurations in a sentence, but then I realized that is going to be a long one, so I created the bellow table:

Name Sites/Port Number
Web Server 1 Server-Web1 – 80 – 80 – 8080
Web Server 2 Server-Web2 – 81

If you want, you can have multiples IP addresses on those IIS servers, and bind every site to a separate IP address. For this demonstration however, I have only a single IP on every IIS server. One important thing before we move forward, make sure your site headers are properly configured.

Now that your web servers/sites are functional let’s publish them so they be accessible for the outside world. Open the TMG console, right-click Firewall Policy and select New > Web Site Publishing Rule.

Give the rule a name and continue the wizard. I will just type Site here because the wizard will complete the site name after we finish publishing and it will be in the form Site

The rule action is to allow the traffic, so go with the default selection here.

Since we want to publish more than one site select the last option Publish multiple web sites. You can go with the first option too, but you will have to launch the wizard again for every site you want to make it available to the outside world.

Click the Add button and type the name (specified in the site headers in IIS) of every site you want to publish. Do NOT check the box Forefront TMG will use SSL to connect to this web site (recommended), because we don’t use SSL between the TMG server and the IIS servers.


Leave this box empty, because we are publishing sites with different domain names.

Select the default HTTP Web Listener from the list and click Next.

Choose No delegation, but clients can authenticate directly; this is if you want clients to get authenticated by the IIS servers, not the TMG server.

We want all user to be able to access the websites, so leave All Users here and click Next.

At the last page of the wizard if you click the Test Rule button, some of the websites will fail the test. This is because TMG is trying to connect by default using port 80 to those websites, but they are working on port 81 and respectively 8080. We will change that in a moment. Click Finish to close the wizard.


As I told you, the wizard completes the rule(s) names, so it’s not just Site as we named it at the beginning. Don’t apply the changes yet, because we need to modify two of the rules, so the traffic is redirected on different ports, than 80.

We need to modify the rule and Right-click one of them and choose Properties. Go to the Bridging tab and modify the port on the Redirect requests to HTTP port box. Make the change on the other rule too. When you’re done submit the changes by clicking the Apply button.


Let’s open a browser from an external client and see how it works.


On the TMG server logs, we can see the traffic is allowed and redirected to the internal web servers.

If, for some reason you get the error message “ERROR Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)“, is because the publishing wizard put a dot (.) at the of the public web site name in the rule.

To get rid of the error, and make the site functional, right-click the TMG rule and choose Properties. Go to the Public Name tab, select the web site from the list, and click the Edit button. Remove the dot (.) at the end of the website and click OK. Apply the changes, and do another test from the external client; it should work now.


Want content like this delivered right to your

email inbox?

4 thoughts on “Publishing Multiple HTTP Web Sites with TMG 2010

  • 26/03/2015 at 21:26

    thx for this very useful tutorial but I have a problem
    I have a web site on IIS and another on Apache
    I open the site on apache from a link in IIS site
    IIS site works fine
    the site on apache is published with url as follow:
    . ( I mean it uses direst real IP )
    I tried to publish it on TMG 2010 beside the site on IIS but it gives me “Bad Request” page
    i.e. apache uses also port 80

    • 26/03/2015 at 21:41

      You need to use/publish the FQDN of the site that is running on Apache not the IP address. This way all traffic using that FQDN will be sent to the Apache web server. If you are not using SSL is easy. Let me know how it works.

  • 25/01/2015 at 13:41


    TMG server is on IP

    Web Server 1
    Web Server 1

    i have published websites using publish multiple websites. but how can i tell tmg that website is on IP and

    when i published single website tmg asked “Use a computer name or IP address to connect to the published server” but in multiple websites publishing it is not asking for ip address of server which is hosting website.

    • 27/01/2015 at 14:04

      Right-click the rule and choose Properties. Go to the To tab and here you can find a Browse button. If you click it you can specify the computer name, or just type its IP address in the box. Let me know how it works because I kinda rushed the article :-).


Leave a Reply

Your email address will not be published. Required fields are marked *