Microsoft Forefront codename "Stirling" >
Forefront Codename 'Stirling' Forums
>
Forefront Threat Management Gateway
>
TMG and Dynamic IP address
TMG and Dynamic IP address
- Is it possible to configure TMG with a cable modem that has a dynamic IP address? If so, can somebody point us in the right direction?
Jay
All Replies
- Hi Jaygun,
I guess it depends on how you're planning to configure the FF Server.. do you want it as an inbound or outbound proxy ? Does it have a single or multiple interfaces?
If you were doing it as an outbound proxy, then yes, it should be possible. You would setup one interface as the LAN side, on say 192.168.1.1
the other interface would be the WAN side, and it doens't need to be concerned at all abou what the cable modem's public dynamic address is, it just needs to be able to talk to the LAN side of the modem.
Of course.. if you want to do inbound it becomes a bit more difficult....
Try to give me a bit more info about what you're trying to acheive. - Would you be availalbe to speak by phone? What we are trying to do is setup a TMG Server as our firewall/gateway. The box that we have has 3 nics in it.
Behind the TMG, we have an Exchange 2007 setup.
Jay - Hi,
yes this is possible in the same way as in ISA Server 2006, but I recommend using a router in front of TMG which deals with this work.
http://www.isaserver.org/tutorials/How_to_Set_up_an_ISA_Server_with_a_Cable_Modem_Connection.html
regards Marc
www.nt-faq.de
www.it-training-grote.de - Thank you both for very quick replys. The article looks great. Couple of questions:
It appears this article explains how to configure the external nic to connect to the WAN and automatically pick up the IP address from the Cable Provider's DHCP server, but how I do configure the internal NIC? Should it be set to a static ip that will be the default gateway for the internal clients? Do I need the third NIC?
Jay - One moe question. What benefit would it be to put the router in front of the ISA? The router also serves as the wireless provider for my network. If we placed the router in front of the ISA then would we lose the ability to use Wifi? Sorry for all these basic questions!!
Jay It is generally easier to setup the internal NIC as a static IP as the default gateway for the clients. You should not need a third NIC unless you were setting up a DMZ. I have always setup my own critical servers with static IP addresses as I did not want to chance anything with DNS and DHCP causing major problems. In my case I have always viewed the TMG/ISA server as a critical server.
Michael R. Mastro II
