Once TMG has been installed with 2 interfaces – one pointing to LAN and the other to the Internet you are ready to create the Web Publishing Rule for Lync.
This rule will be used to access GAL, ABS, Web Conferencing (Meet and Dial) as well as Lync Mobile. Of course all of these URLS need to be included in the Public Certificate and Public A record for each name needs to be configured.

So lets get started..

Select New – Web Site Publishing Rule

Give the new rule a logical name


 Since the Sites will be HTTPS we will use the SSL option

Now we add the internal URL as configured in the Topology Builder

Not required but I no harm in defining this


 For Path add /*

The Public name is what is published in Topology Builder as the external URL as well as a name in the SAN Cert. If using the same cert and rule for more URL’s like lyncdiscover then this will need adding later, see last step.

Since this is a brand new TMG no Web Listener exists so we select New and continue. The Web Listener Name is irrelevant but always good to use something descriptive

Select External as this is where the traffic will originate from

Important to note that the certificate actually needs to be in the local store Personal or it wont show up when you click on select Certificate


Select No Authentication as we don’t want the TMG dealing with that


Finishing the Web Listener and continuing on with the Web Publishing rule

Select No Delegation, and Client cannot authenticate directly

 And Finish, now you need to Apply the new Policy to TMG

Two more tweaks, one on the Publishing rule – go to Bindings and set the port redirections

The second on the Public Name Tab – to add additional URL’s eg LyncDiscover.