I've got three disparit networks that all terminate at a TMG machine. I am trying to communicate between two of these networks, but the TMG firewall keeps dropping the connection as FWX_E_NETWORK_RULES_DENIED.
This is seriously confusing, as I've gone and set up the network rules as follows:
Clearly it's set to permit all traffic between these two networks. But the firewall is still dropping it. What's going on?
The "Network Rule" you show is actually a "Firewall Rule".
As well as the firewall rule you have set up you also need a network rule that tells TMG what the relationship is between the two networks i.e. whether traffic should be routed or NAT'd
Go to Network -> Network rules and add a rule in and it should start working
FWX_E_NETWORK_RULES_DENIED is not actually a drop message based on any firewall rules, but rather network rules.
From Networking > Network Rules, go to your network definition, and make sure that the Source Network has ALL of the Destination Networks selected.
The firewall rules are useless if you don't have the source/destination networks configured correctly in the network setup.