locked
Forefront UAG - SMTP Publishing - Support Boundaries Inquiry RRS feed

  • Question

  • Hey guys...me again,

    We are currently working towards putting out 2 node UAG Array into production.  We are using TMG to publish SMTP to our Exchange Solution on incoming mail and this is working successfully. (via FOPE 2010)

    I would also really like to publish outgoing mail through the TMG, but am curious if this is included in the support boundaries for TMG in a UAG solution?

    http://technet.microsoft.com/en-us/library/ee522953.aspx

    Any help would be appreciated,

    Justin

    Monday, July 5, 2010 7:20 PM

Answers

  • Hi Justin,

    UAG does not support the use of TMG running on the UAG server for outbound trafic. In the list of not supported scenarios you can see a specific mention of the outbound proxy scenario.  Outbound SMTP qualifies as outbound access, and therefore is not supported.

    HTH,

           Ophir.

    • Marked as answer by JCred101 Tuesday, July 6, 2010 3:02 PM
    Tuesday, July 6, 2010 12:35 PM

All replies

  • You don't "publish" outgoing traffic, this would likely be an access rule for the SMTP protocol.

    Using TMG (under UAG) in this way would probably be unsupported in my view, but I would be interested in feedback from an MS member ;)

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, July 6, 2010 12:10 PM
  • Hi Justin,

    UAG does not support the use of TMG running on the UAG server for outbound trafic. In the list of not supported scenarios you can see a specific mention of the outbound proxy scenario.  Outbound SMTP qualifies as outbound access, and therefore is not supported.

    HTH,

           Ophir.

    • Marked as answer by JCred101 Tuesday, July 6, 2010 3:02 PM
    Tuesday, July 6, 2010 12:35 PM
  • Thanks guys...this is very unfortunate.  I understand that UAG is an classified as an inbound proxy only...but this does not make a ton of sense to me that you are allowed to publish inbound SMTP traffic and not outbound.

    We will be using MS Online Protection anyways...so not a big deal...but this is a little frustrating.  With companies looking to utilize UAG as their only edge device...this seems to be a major flaw to have to deploy a TMG box just to perform your outgoing SMTP relays.

    Just my 2 cents though...thanks again,

    Justin

    Tuesday, July 6, 2010 3:02 PM
  • The strategy includes both TMG and UAG. TMG is primarily now aimed at outbound protection and UAG is aimed at inbound protection.

    TMG on UAG is not provided to replace the outbound TMG role, it is simply to protect the UAG device when placed in a hostile environment (like at the network edge).

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, July 6, 2010 3:14 PM