Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Protecting Exchange 2010 with TMG 2010 Forefront Protection for Exchange, Without the Edge Transport Role

Answered Protecting Exchange 2010 with TMG 2010 Forefront Protection for Exchange, Without the Edge Transport Role

  • Monday, December 03, 2012 6:56 PM
     
     
    Sign In to Vote
    0

     Hi,

    Can I install Forefront protection for Exchange without an Edge transport server?

    What I'm looking to implement is something along the lines of the following:

    Exchange 2010 Server (server A) -- TMG Firewall only (server B) --- TMG 2010 (Enterprise Edition) protection for Exchange OWA publishing (server C) --- hardware firewall --- internet

    I'd like Server C to publishing OWA via a rule, as well as perform some anti spam and mail filtering services. Can this be achieved without an edge transport server?

    This is being designed for a small environment - I'm thinking an edge transport server may be overkill.

    I'd appreciate some opinions.

    Thanks


    • Edited by ettringite99 Monday, December 03, 2012 7:10 PM
    •  
     

All Replies

  • Tuesday, December 04, 2012 6:28 AM
     
     Proposed Answer
    Sign In to Vote
    0

    Hi,

    no you can't because TMG uses the functionality of the Exchange Edge role.

    Check the following blog for more details:

    http://blogs.technet.com/b/yuridiogenes/archive/2009/08/15/forefront-tmg-email-protection.aspx

    Greetings

    Christian

    Christian Groebner MVP Forefront

     
  • Tuesday, December 04, 2012 7:41 AM
     
     
    Sign In to Vote
    0

    Christian,

    Due to the network design requirements I need to publish OWA through 2 hops, using something along the lines of:

    Exchange 2010 Server (server A) -- TMG Firewall only (server B) --- TMG 2010 (Enterprise Edition)  OWA publishing (server C) --- TMG 2010 (Enterprise Edition) OWA publishing (server D) -- hardware firewall --- internet

    If I wanted to achieve this, do I have to install the edge transport role on both servers C & D?

    thanks

     
  • Tuesday, December 04, 2012 7:52 AM
     
     Answered
    Sign In to Vote
    0

    Hi,

    you can install Exchange Edge only on one server C or D. It doesn't make sense to scan the emails twice against spam with the same technologies. You can do some kind of loadbalancing when you make one TMG a publishing server for OWA and for all other things that have to be published and the other TMG only does antispam.

    I would install FPE on server B  so TMG D does publishing and TMG B does antispam.

    Greetings

    Christian

    Christian Groebner MVP Forefront