When trying to create an Access Rule in Forefront TMG, you get this message:
Forefront TMG detected a single network adapter configuration. In this configuration, all the IP addresses are typically associated with the Internal network. Therefore, selecting the External network will not work.
Do you still want to select the External network?
This is because your Forefront TMG server only has one network adapter, otherwise known as a dog-leg configuration. The traffic comes into Forefront TMG from the same network adapter that it leaves. Therefore, the External network cannot be identified by network adapter.
To get around this, click No and identify the External network by another method, such as a network range outside your internal network.