Recursos para Profesionales de TI >
Página principal de foros
>
Forefront Security for Exchange Server
>
SFP 2010 and TMG
SFP 2010 and TMG
- Hi,
I have a question regarding the SFP 2010, I know that we have to install the Exchange Edge role and SFP 2010 befor installing TMG, and after installing these 2 procuces we have to install the TMG on the same server as these 2 produces are installed, but here is my question,
As you know the Edge server has no information store, that means no Scan mailbox option is availebale for the FSP 2010 that is installed on the Edge transport server, so what is the Best practice here? to get maximum of SFP 2010? do I have to install the SFP also on the Exchange server with Hub and mailbox roles?
Thanks,
Shahin
Shahin
Respuestas
- Hi Shahin,
yes on the edge do all the spam-filtering and av-scanning with maximum bias-settings and on the mailbox servers do only realtime (hub transport and mailbox) and manual (mailbox) scanning with lower bias settings.
As far as I know there is no additional license necessary, but to be sure ask your local license expert.
Greetings
Christian
Christian Groebner MVP Forefront- Marcado como respuestaShahin martes, 01 de diciembre de 2009 11:08
Todas las respuestas
- Hi,
yes this is correct, there is no mailbox scanning available on edge role.
I always recommend to use different scan-engines on egde and mailbox servers to get more security. On the egde server I activate the anti-spam-functionality so that the mailbox server only has todo with on access scanning and scheduled jobs. The BIAS-setting for the scan enginges is set to maximum on the egde servers and to neutral on the mailbox servers, so that the performance is better on the mailbox servers.
I my eyes it's not enough to scan only at the transport roles, because you have webclients like OWA and Outlook Anywhere where the emails don't go over SMTP and so aren't scanned by FPE 2010.
Greetings
Christian
Christian Groebner MVP Forefront - Hi Chris,
Thanks for your reply,
If understand it correctly I should let the PFE 2010 on the Edge Transport server do the spam job and on the FPE 2010 on the mailbox server I should Disable the Spam controle and scheduled a job on mailbox server (and HubTransport) to scan the users mailboxes, am I right?
Do you have any info on the licencing the PFE, can we use just one licence for both instences of PFE 2010 (on both servers)?
Thanks,
Shahin
Shahin - Hi Shahin,
yes on the edge do all the spam-filtering and av-scanning with maximum bias-settings and on the mailbox servers do only realtime (hub transport and mailbox) and manual (mailbox) scanning with lower bias settings.
As far as I know there is no additional license necessary, but to be sure ask your local license expert.
Greetings
Christian
Christian Groebner MVP Forefront- Marcado como respuestaShahin martes, 01 de diciembre de 2009 11:08
- Hi Chris,
Thanks for you information, it was really helpfull
Shahin
Shahin
