How to Use Both Autoconfiguration Auto Discovery and Round Robin ISA in DNS For Firewall Clients and Web Proxy Clients?
-
Monday, February 18, 2013 1:18 AM
I need the Web Proxy Clients to autodiscover the VIP of the 2 ISA servers and I need the web proxy clients to automatically use Round Robin.
If you have 2 ISA servers called ISA1 and ISA2, do you just add a second DNS entry for ISA1 pointed to the IP address of ISA2 or do you create a new fake host name with both ISA1 and ISA2's IP adresses?
When you are using automatic configuration Autodiscovery of firewall clients and are also using Round Robin, what do you put as the "ISA Server Name or IP Address" in Firewall Client Properties?
- Edited by MyGposts Monday, February 18, 2013 1:19 AM
All Replies
-
Monday, February 18, 2013 5:52 AM
Hi,
create a A record in DNS for the VIP on the ISA Server array.
BTW: Firewall client is not NLB aware: http://technet.microsoft.com/en-us/library/cc302674.aspx#NLBIssuesregards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Thursday, March 07, 2013 8:04 AM
-
Monday, February 18, 2013 6:05 AM
How is auto-configuration handled when you use DNS round robin for the firewall clients?
Since I can't use the VIP for the firewall clients, how do I get round robin working with auto detection of ISA server for firewall clients? Do you create a completely new host record with the IP address of ISA1 and ISA2 and configure firewall clients to point to the new "virtual" round robin host name or do you create a second host record for ISA1 with the IP address of ISA2 and point the firewall clients to ISA1.
I tried the second method and it seemed to break communication between the configuration servers, so reverted back.
-
Friday, February 22, 2013 2:49 AMModerator
Hi,
Thank you for the post.
You can just use DNS round robin to point the clients to the Forefront TMG array member’s dedicated IP addresses. To learn more about the TMG Firewall Client and how it functions, please refer to: http://technet.microsoft.com/en-us/library/ee291341.aspx
Regards,
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, February 25, 2013 2:54 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Wednesday, February 27, 2013 5:33 AM
-
Sunday, February 24, 2013 11:10 PMWhich array member do you point to when you are using round robin?
-
Monday, February 25, 2013 2:53 AMModerator
Hi,
Thank you for the update.
Actually, TMG will use a Round Robin response and cycle through the list of Round Robin IP addresses when making new connections.
Consider the following example:
We have 2 TMG servers (10.1.1.1 and 10.1.1.2) and for that we register the name TMG.TEST.COM in DNS.
TMG.TEST.COM A 10.1.1.1
TMG.TEST.COM A 10.1.1.2
You should enter the name TMG.TEST.COM in TMG firewall client.
Regards,
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, February 25, 2013 2:54 AM
.png)
