In this post I will explain the steps I had to take to allow DPM traffic in and out of my ISA firewall. (NOTE: This will also work with TMG 2010). This is required in order for a Secondary offsite DPM server to backup a Primary DPM server that is inside the local network and for client protection over the WAN. Both DPM offsite protection and offsite client protection are done via VPN. Configuring ISA / TMG for DPM traffic can seem somewhat complex and there is not any really good documentation on how to do this. My goal of this post is to simply this process as much as possible in clear easy to follow steps. I will assume that if you are reading this post that you are somewhat familiar with ISA 2006 / TMG 2010.
The steps needed to configure ISA 2006/TMG 2010 to allow DPM traffic in and out of the network are:
- Configure an access rule for DPM traffic.
- Define protocols in ISA/TMG for DPM traffic.
- Unrestrict RPC security.
1. Configure an access rule for DPM traffic.
You first need to create an Access rule in ISA 2006 for DPM. I called mine DPM offsite.
In the rule allow access to and from Internal, Local Host, and VPN Clients. We will add the protocols next.