none
TMG Failover, Same external IP

    Question

  • Hi,

    I am just looking at setting up an automatic failover for a TGM 2010 setup. We are currently using one TMG as our web proxy and ActiveSync server. We have another physical server that we can use if that unit fails, but would be nice to have this automated. The issue is not with the connection as it is a very reliable connection. And we don’t have any spare external IP addresses so would only be able to use the one currently in use. 

    So my question is: Is it possible to configure Forefront TMG to use automatic failover on two hosts, but only use the one external IP address?

    Cheers


    JC




    Tuesday, December 04, 2012 11:04 AM

Answers

All replies

  • Hi,

    I am just looking at setting up an automatic failover for a TGM 2010 setup. We are currently using one TMG as our web proxy and ActiveSync server. We have another physical server that we can use if that unit fails, but would be nice to have this automated. The issue is not with the connection as it is a very reliable connection. And we don’t have any spare external IP addresses so would only be able to use the one currently in use. 

    So my question is: Is it possible to configure Forefront TMG to use automatic failover on two hosts, but only use the one external IP address?

    Cheers


    JC





    Yes, create a TMG standalone array using two TMG servers and configure it with NLB.

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Wednesday, December 05, 2012 5:05 PM
  • Hi,

    Thank you for the post.

    Yes, you can use NLB to balance network traffic among array members: http://technet.microsoft.com/en-us/library/dd897010.aspx#BKMK_LBTMGServs

    Regards,


    Nick Gu - MSFT

    Thursday, December 06, 2012 7:14 AM
  • Nick,

    I have a TMG 2010 array setup with two servers using load balancing.  When i ping an external website, such as Google, through TMG I get DUP!'s:

    64 bytes from 74.125.239.19: icmp_seq=4016 ttl=54 time=56.800 ms (DUP!)
    64 bytes from 74.125.239.19: icmp_seq=4017 ttl=54 time=38.948 ms
    64 bytes from 74.125.239.19: icmp_seq=4017 ttl=54 time=38.961 ms (DUP!)
    64 bytes from 74.125.239.19: icmp_seq=4018 ttl=54 time=43.809 ms
    64 bytes from 74.125.239.19: icmp_seq=4018 ttl=54 time=44.006 ms (DUP!)
    64 bytes from 74.125.239.19: icmp_seq=4019 ttl=54 time=54.977 ms
    64 bytes from 74.125.239.19: icmp_seq=4019 ttl=54 time=54.999 ms (DUP!)
    64 bytes from 74.125.239.19: icmp_seq=4020 ttl=54 time=55.273 ms
    64 bytes from 74.125.239.19: icmp_seq=4020 ttl=54 time=57.278 ms (DUP!)
    64 bytes from 74.125.239.19: icmp_seq=4021 ttl=54 time=56.677 ms
    64 bytes from 74.125.239.19: icmp_seq=4021 ttl=54 time=56.694 ms (DUP!)

    It fails over now if one of the array members go offline, but is there a way to have TMG "Failover" to a backup array server without using Network Load Balancing and without using a Proxy?  The NLB is causing the DUP's.  :(

    Thanks!

    Justin


    • Edited by netwatcher1 Friday, June 28, 2013 6:34 PM added content
    Friday, June 28, 2013 6:31 PM