Forefront UAG: About Trunks

Forefront UAG: About Trunks

Using Forefront UAG trunks you can publish corporate applications for access by a wide range of remote endpoint devices.


  • A transfer channel via which you publish applications and resources.
  • Provides remote access to a single corporate Web application
  • Provides remote access to multiple corporate applications through a Web portal
  • Allows remote endpoint devices to access corporate resources in a secure and controlled manner


  • Each trunk has a unique listener (IP address and port combination)
  • A trunk can only listen on standard HTTP and HTTPS ports
  • A trunk connects to backend servers published via the trunk using an HTTP or HTTPS connection
  • A trunk can receive requests from endpoint devices over HTTP or HTTPS
  • You can create a portal for a trunk (either using the default UAG portal page or a customized portal page)
  • You can publish multiple applications via a trunk.  Endpoint devices type the host name of the trunk portal in a browser to connect.
  • You can use authorization to restrict access to portal applications to specific users and groups only)
  • You can publish a single Web application in a trunk. Endpoint devices type the application-specific host name to connect to the application.
  • In an array of UAG servers, all array members share the same trunks. For load balanced traffic, each trunk has a unique VIP. Traffic arriving at the trunk can be served by any array member.


To deploy a trunk you:

  • Create an HTTP or HTTPS trunk using the New Trunk Wizard. HTTPS trunks need a server certificate to authenticate the UAG server to clients connecting to the trunk.
  • You can publish a number of Web applications; non-Web applications; remote VPN access to the corporate network; remote access to internal file servers and shares via a trunk
  • You can control access to a trunk by:
    • Authenticating clients for trunk access
    • Verifying endpoint device health against UAG access controls or NAP policies
    • Authorizing users and groups for access to specific portal applications
  • After creating a trunk with the wizard, you can configure trunk property pages including: IP addresses, public host name, session authentication requirements, anonymous access, session settings, logoff settings, access policies, traffic inspection


Managing a trunk consists of:

  1. Adding and removing applications from a trunk portal
  2. Defining infrastructure servers used by the trunk - including certificates, NPS servers, and authentication servers
  3. Tweaking trunk settings

More info

Leave a Comment
  • Please add 3 and 7 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
  • Carsten Siemens edited Revision 2. Comment: Added tags: has TOC, has comment

  • Fernando Lugão Veltem edited Revision 1. Comment: added toc and tags

Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Page 1 of 1 (3 items)