Environement: DA / UAG / TMG / NAP
I have a requirment to limit access to the Intranet Tunnel to a limited group of known computers and not the entire intranet. What are your suggested options.
Has anyone does this? and if so what method did you use?
I can block access to a spacific computer with no problem using TMG firewall rules.
The current approch is to create TMG computer group called "LimitedAccess" with all the systems that we need to access (intrAnet), then use a TMG Deny rule for all oubound protocols from "Local Host" to "Internal" and then excluding the "LimitedAccess" group. The rule is currently just below "DirectAccess Allow Local Host Services". Unfortunaly other access rules above this rule are allowing Netbios and other traffic to flow.
Any thoughts?