locked
Exchange EDGE in DMZ and TMG in seperate box, Installing Forefront Protection for Exchange RRS feed

  • Question

  • Hi Exchange admins

    I'm setting up new company infrastructure and I need your expert support to clarify few things!

    What I had installed so far, Domain Infrastructure domain.root, Exchange 2010 with all roles on single box, TMG with 3 network cards (Internal, DMZ, External)

    I'm stuck on my way of installing Exchange 2010 EDGE Server. I have planned to install EDGE server in DMZ as standalone machine and publish SMTP via TMG to Internet and setup EdgeSync to HUB in Internal network.

    After I have installed EDGE server on standalone machine in DMZ and I have run Microsoft Forefront Protection for Exchange setup. At this point I have found blog post where it's recommended to install EDGE server along with TMG on the single box to have ability to use all features of TMG email scanning. All other blogs discussing the same installation type and i even found instruction on MS site regarding this setup

    This is really confused me.

    My first main questions is: Is it really necessary to install Exchange EDGE role on the same box where TMG installed to have ability use all functionality of email scanning?

    Another question is: What I will lose if I would install EDGE on separate box in DMZ behind protected by TMG?

    In addition: It’s highly recommended to install EDGE server first and then TMG.  But my TMG box is ready and don’t want to do configurations steps again

    The organization is licensed to:

    Forefront Threat Management Gateway Web Protection Services

    Forefront Online Protection for Exchange

     


    Tuesday, January 31, 2012 12:57 PM

Answers

  • Is it really necessary to install Exchange EDGE role on the same box where TMG installed to have ability use all functionality of email scanning?
    I wouldn't do it. By the way, why are you going for EDGE, I would suggest go for Cloud or Hardware based solution for protection, like MessageLabs, Barracuda, CISCO ACE etc.

    What I will lose if I would install EDGE on separate box in DMZ behind protected by TMG?
    Nothing, as far as I know...you will have to play with Ports.


    Gulab Prasad,
    MCITP: Exchange Server 2010 | MCITP: Exchange Server 2007
    MCITP: Lync Server 2010 | MCITP: Windows Server 2008
    My Blog | Z-Hire Employee Provisioning App
    Skype: Exchange.Ranger

    • Proposed as answer by wendy_liu Wednesday, February 29, 2012 10:05 AM
    • Marked as answer by wendy_liu Tuesday, March 6, 2012 2:32 AM
    Thursday, February 2, 2012 11:18 AM

All replies

  • Hi ,

     

    TMG can supports installed in same box with EDGE Server, the advantage is facilitate unified management and save hardware resources. It is not necessary. In other words, you can also install separately.

     

    If you install them separately , also just need to manage separately and use more server. The other will not be affected.

     

     

    The Edge Server usually don’t add the domain . So it no order with TMG. You can retention the configuration of TMG.


    Wendy Liu - MSFT
    Thursday, February 2, 2012 9:32 AM
  • Hi,

               It is better is to install Edge server and TMG separately install TMG First and then install edge server but keep in mind that

    u need to open necessary ports in TMG for Edge Sync..

    • Proposed as answer by rajah r Thursday, February 2, 2012 11:12 AM
    Thursday, February 2, 2012 11:12 AM
  • Is it really necessary to install Exchange EDGE role on the same box where TMG installed to have ability use all functionality of email scanning?
    I wouldn't do it. By the way, why are you going for EDGE, I would suggest go for Cloud or Hardware based solution for protection, like MessageLabs, Barracuda, CISCO ACE etc.

    What I will lose if I would install EDGE on separate box in DMZ behind protected by TMG?
    Nothing, as far as I know...you will have to play with Ports.


    Gulab Prasad,
    MCITP: Exchange Server 2010 | MCITP: Exchange Server 2007
    MCITP: Lync Server 2010 | MCITP: Windows Server 2008
    My Blog | Z-Hire Employee Provisioning App
    Skype: Exchange.Ranger

    • Proposed as answer by wendy_liu Wednesday, February 29, 2012 10:05 AM
    • Marked as answer by wendy_liu Tuesday, March 6, 2012 2:32 AM
    Thursday, February 2, 2012 11:18 AM