From a networking perspective, one must carefully plan the IP addresses assigned to the server, especially when NAT needs to be used on either the external or internal side. During the installation of UAG, the TMG firewall is also installed, and it includes a set of access rules that define the internal and external networks. An administrator should avoid assigning temporary or invalid IP addresses to the server, if possible. If the plan is to have the server hosted in a temporary test environment before deploying it to the production environment, do your best to simulate the real environment as closely as possible. A common bad practice that often leads to problems is configuring the external side of the UAG server so that it's facing into the internal corporate network. This sounds attractive as it would let you do testing with internal corporate computers, but it could lead to impossible routing scenarios, and is strongly discouraged. A good practice would be to dedicate a computer or a virtual machine to be used as a test client, and physically connecting it to the same subnet as the external interface.

As stated before, UAG is, fundamentally, a router, so the Subnet Mask and default gateway are also very important. A default gateway should be assigned to the external interface of UAG only, and the subnet masks and IP addresses need to be carefully planned so that there is no overlap. If the internal network contains additional IP ranges that are outside the IP range assigned to the internal Network Card, these may need to be added to the Server's routing table in the form of static routing rules. All this should be done before the product is installed, so that the TMG server does not end up being inoperational due to network configuration conflicts or blocking traffic it should not be blocking.