Designing packet filtering for Forefront UAG DirectAccess
Updated: February 1, 2010
Applies To: Unified Access Gateway
As you develop a deployment strategy for Forefront UAG DirectAccess, you should consider what packet filters you need to add to the firewalls and computers in your organization.
Packet filtering must be modified for multiple components on your network to allow for the different types of traffic. The following topics describe the required packet filtering for each type of traffic:
Packet filtering for the Internet firewall—DirectAccess client traffic to and from Forefront UAG DirectAccess servers on the Internet.
Packet filtering for intranet firewalls—Forefront UAG DirectAccess server traffic to and from the intranet.
Confining ICMPv6 traffic to the intranet—Encapsulated DirectAccess client traffic to and from the intranet.
Packet filtering for Teredo connectivity—Teredo discovery traffic for DirectAccess clients located behind network address translation (NAT) devices.
Packet filtering for management computers—Management server traffic to DirectAccess clients.
Forefront UAG DirectAccess and Third-party host firewalls—Describes third-party host firewall requirements.