Today I stumbled across an old issue that has been around since MOSS 2007 & ISA server; in principle the same pitfalls exist in SharePoint 2010 and Threat Management Gateway (TMG).
One of our partners uses TMG as a proxy to any internal systems such as SharePoint or Outlook Web Access and I confused myself when troubleshooting external access to their My Sites.
The company in question is not a big organisation (~50 employees), they have a setup as follows:
Internal Url: http://sharepoint/
My Sites Url: http://sharepoint/my/etc.
External Acccess via TMG: https://remote.domain.com/
Initially you might be forgiven for thinking that either:
2. You could use Alternate Access Mappings (AAM) to add https://remote.domain.com to the Internet zone in SharePoint 2010
However, even TMG is unable to manage all the links that SharePoint outputs (eg Alerts or My Sites), and using AAM on its own will not allow TMG to do the required link translation without HTTP/HTTPS mixed content issues (at minimum!).
In fact both above suggestions are part solutions – they must both be implemented as follows:
1. Setup a new internal domain, using the same protocol (HTTPS in this case) that TMG can map to. In this case we used https://sharepoint.domain.local/. This can be using a self-signed cert if necessary.
2. Setup AAM such that both the new domain AND the external domain are in the same (Internet) zone, so:
IISReset never did any harm at this point either
At this point, My Sites should work fine if the site collection uses the same domain as the main SharePoint site (as it does it in this case). If a mysites.domain.com approach has been taken, similar steps must be repeated for this domain.
For a fuller explanation the original post series involving MOSS 2007 & ISA Server by Troy Starr (great name, even better post series!) can be found here (with broken images at the time of writing; I’m guessing “somebody’s” migration to 2010 cut corners?!):
Hope that helps!