You only need to create a new rule for the the Lync auto discover service. The full functionality uses just the regular External Webservices URLs.
For more info on the previous steps go to this article:
Create a new Web Publishing Rule
This is obviously an allow rule
Depending how you load balance or whether you have standard/enterprise edition this might be different on your end.
ISA/TMG supports coockie based load balancing (requirement for external web services URLs) if required in your deployment
You have to select SSL to the server/loadbalancer
Enter the name of the webservices loadbalancer or pool
You have to select to forward the original host header
The public name is lyncdiscover.<domain.com>
Select the correct listener (preferably both port 80 & 443)
Select authentication settings (Depends on your security requirements)
This setting is different from Microsoft recommendations "No Delegation, and Cannot Authenticate Direclty"
Remove All Authenticated Users and replace this with All Users (No Authentication)
Now you have to change the following tab on the rule
You have to include both HTTP and HTTPS and forward to the correct ports
HTTP => 8080
HTTPS => 4443
Change the authentication option for HTTP on the Listener.
(you might need a new listener for security reasons so that the listerner never sends authentication)
Publish your rules and test…