none
ISA ---> TMG ---> UAG? RRS feed

  • Question

  • Greetings!

    In our company we were using ISA 2006, and about 2 years ago we have migrated to TMG.
    TMG in our case is configured as a WEB PROXY or caching server with only 1 NIC and multiple IP’s.
    We've heard about TMG not being supported any more in the future from MS, now we are thinking about moving TMG to UAG.

    We use TMG as reverse proxy:
    - for Lync2010srv&Lync2013srv
    - for exchange2010
    - sharepoint 2010
    - and some of our internal apps

    The magic question is:
    Is it possible:
    -Install OS, Install UAG, and going straight forward with exporting firewall rules on TMG and importing it to UAG?

    Is there anything to be aspecially aware of in our case scenario?


    bostjanc

    Friday, May 31, 2013 7:14 AM

Answers

  • Hiya, 

    as far as I am aware currently the status is:

    UAG will replace TMG as application firewall. (UAG is basically a TMG with extended application configuration possibilities)

    Which means you could basically add all your TMG firewall rules to the UAG TMG, but why would you want to do that? Secondly it is only supported? in a few number of situations to alter in the TMG configuration for your UAG.

    So in relation to your specific setup, you will not gain any advantage of migrating to UAG as the products are now.

    • Marked as answer by B_C_R Monday, June 3, 2013 6:23 AM
    Friday, May 31, 2013 1:30 PM
  • Hiya, 

    Your partially right on that 
    Microsoft Product Lifecycle Search
    http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&qid=&alpha=Forefront+Threat+Management+Gateway+2010&Filter=FilterNO

    • Marked as answer by B_C_R Monday, June 3, 2013 6:23 AM
    Friday, May 31, 2013 8:12 PM

All replies

  • Hiya, 

    as far as I am aware currently the status is:

    UAG will replace TMG as application firewall. (UAG is basically a TMG with extended application configuration possibilities)

    Which means you could basically add all your TMG firewall rules to the UAG TMG, but why would you want to do that? Secondly it is only supported? in a few number of situations to alter in the TMG configuration for your UAG.

    So in relation to your specific setup, you will not gain any advantage of migrating to UAG as the products are now.

    • Marked as answer by B_C_R Monday, June 3, 2013 6:23 AM
    Friday, May 31, 2013 1:30 PM
  • thank you for your answer.

    I have understood TMG not being supported from MS as a: MS not given any more updates, that leaving some security holes in the future.


    bostjanc

    Friday, May 31, 2013 1:42 PM
  • Hiya, 

    Your partially right on that 
    Microsoft Product Lifecycle Search
    http://support.microsoft.com/lifecycle/search/default.aspx?sort=PN&qid=&alpha=Forefront+Threat+Management+Gateway+2010&Filter=FilterNO

    • Marked as answer by B_C_R Monday, June 3, 2013 6:23 AM
    Friday, May 31, 2013 8:12 PM
  • thanks

    bostjanc

    Monday, June 3, 2013 6:22 AM
  • I dont think its accurate answer. In UAG - TMG is there only to secure the product and not to publish anything on it or import configuration from other TMGs.

    Please check this, you will find all answers you need : http://tmgblog.richardhicks.com/2010/10/10/what-are-the-differences-between-tmg-and-uag/

    Regarding the TMG lifecycle:

    Support:

    ISA 2006 – Mainstream support END date 10/2012,  Extended support END date 10/2017

    TMG 2010 – Mainstream support END date 04/2015, Extended support END date 04/2020

    If remember correctly you cant purchase TMG anymore, dont know however how it is with upgrades from previous versions.


    • Edited by Tullkas Wednesday, June 5, 2013 1:13 PM
    • Proposed as answer by Ran [MSFT] Sunday, June 9, 2013 1:27 PM
    Wednesday, June 5, 2013 1:12 PM
  • Hello There,

    We have come across this and we have UAG running in place instead of TMG for the inbound traffic. I would suggest a parallal build approach rather than export import.

    You can make the public DNS changes post successful testing on few test machines using host file modifcation with public IP.

    Exchange rules can be migrated

    Sharepoint can be migrated

    Once you have UAG ready . You can pick one after the other configure in UAG under a new trunk and migrate the applications.

    Please revert in case you need more detailed explanation

    Thursday, August 14, 2014 2:15 PM