none
Installing forefront tmg in a multi router environment with multiple virtual machines

    问题

  • Hello,

    I've planned to install tmg 2010 but very confused to get started. Here is the infrastructure of my working environment.

    We have a 20-30 employees, we have sharepoint server running on a domain controller, but only for sharepoint we get authenticated by the DC. All employees computers are in workgroup. We have 3 routers. One of the router has got static ip and the rest two of them are dynamic. Users mostly use the other 2 routers as the gateway. We 've got a server which runs hyperv with 4 guests(DC with Sharepoint, Development server, Lync server and Sql server). The host machine(server) has got 1 Nic (I have one Extra NIC to configure for TMG but not yet installed) which is connected to the router and has got a private ip address (Eg:192.x.x.2) and all other vm's have got their own ip's accordingly.

    I am planning to install the tmg in one of my VM (LYNC - since we dont use lync often and it has got more free space). How should i configure so that i protect my network and  restrict users from surfing the internet and making security threat for my organization.

    2012年2月22日 5:26

答案

  •  

    Hi,

    Thank you for the update.

    “T1 line for server and other 2 for staffs so if one goes down another one might help us” – ISP redundancy is available from TMG server, and if you want to place router in front of the TMG, you can deploy back to back scenario.

    Regards,


    Nick Gu - MSFT

    2012年2月27日 8:53

全部回复

  •  

    Hi,

    Thank you for the post.

    Would you please outline the network topology? How do you place your 3 routers? Is there any reason to use 3 routers in such a small group(20-30 employees)? If you want to deploy TMG to protect the network, please refer to this design guide: http://technet.microsoft.com/en-us/library/dd896975.aspx.

    Regards,


    Nick Gu - MSFT

    2012年2月22日 14:25
  • Hi,

    Please check this link,

    http://www.itguy.gr/2012/01/using-tmg-2010-with-hyper-v-to-support.html

    I hope this will help you.

    Thanks,


    Best Regards, ----Naresh Man Maharjan,Nepal---- www.msserverpro.com

    2012年2月22日 15:07
  • Well, our servers use T1 line, which is a router with static ip address, and the rest 2 of them are 2 different routers from different isp's which are of only like 1mbps speed. All  the internal network address from all the routers falls between 192.a.b.1 to 192.a.b.254.

    We do not use the t1 line as the gateway for our employees but use any of 2 other connection as gateway for our employees..

    I just took up the job as system Admin here and don't know why they have 3 routers.

    I believe it might be for internet performance and connectivity.

    Thanks.


    Thanks and Regards Mohamed

    2012年2月22日 20:55
  • Mr.Naresh,

    The link really helped me out to understand the configuration settings with hyper v, but here they have only one router whereas mine has 3, that's the thing i am confused about setting up in this environment.

    Thank you so much for your kind response.


    Thanks and Regards Mohamed

    2012年2月22日 20:58
  •  

    Hi,

    Thank you for the post.

    “but here they have only one router whereas mine has 3” – do you must place all this 3 routers in your network? You can use TMG replace the router, and since you have two different ISP connection, you can also implement ISP redundancy feature.

    Regards,


    Nick Gu - MSFT

    2012年2月23日 10:04
  •  Are you wanting to use TMG as a forward proxy, reverse proxy (web publishing), non web protocol server publishing (SMTP)? The features you want to use TMG for are largely going to determine how it will fit into your environment.
    2012年2月23日 14:12
  • Well, i think we need the 3 routers. T1 line for server and other 2 for staffs so if one goes down another one might help us. I there a way to make TMG to take care of these 2 routers routing work.?


    Thanks and Regards Mohamed

    2012年2月24日 7:15
  • The main reason is to prevent employees from surfing websites which may pose a security threat to our network.


    Thanks and Regards Mohamed

    2012年2月24日 7:17
  •  

    Hi,

    Thank you for the update.

    “T1 line for server and other 2 for staffs so if one goes down another one might help us” – ISP redundancy is available from TMG server, and if you want to place router in front of the TMG, you can deploy back to back scenario.

    Regards,


    Nick Gu - MSFT

    2012年2月27日 8:53