locked
Is our Forefront install active? How to tell... RRS feed

  • Question

  • We are currently running Exchange 2010 and we have a Forefront Threat Management Gateway 2010 server installed also. We are in the process of upgrading Exchange to v2016. In gathering all the information and mail paths, I'm not so sure we are actively using the Forefront server. It has a single NIC with an IP address that is in our DMZ. When tracing mail paths coming into our Exchange servers, I don't see where this IP address ever comes up or is specified in the settings of the various devices. Looking into the configuration of the Exchange servers themselves, I don't see a reference to the Forefront server either.  Short of disabling the NIC on the Forefront server and testing mail flow, is there some other way of telling if this is being actively used in our environment?
    Wednesday, May 22, 2019 8:49 PM

Answers

  • TMG won't appear in mail headers as it's basically a proxy which publishes Exchange receive port on the internet. 

    You won't see any settings on the Exchange side, you will have to check TMG configuration. 

    Or, check with google DNS your MX record (dig MX yourdomain @8.8.8.8 +short) : does it point to TMG IP? if so, TMG is in use. Does it point directly to the Exchange server IP? then TMG is not in use. 


    • Marked as answer by BClark22 Friday, June 21, 2019 4:32 PM
    Wednesday, May 22, 2019 8:59 PM

All replies

  • TMG won't appear in mail headers as it's basically a proxy which publishes Exchange receive port on the internet. 

    You won't see any settings on the Exchange side, you will have to check TMG configuration. 

    Or, check with google DNS your MX record (dig MX yourdomain @8.8.8.8 +short) : does it point to TMG IP? if so, TMG is in use. Does it point directly to the Exchange server IP? then TMG is not in use. 


    • Marked as answer by BClark22 Friday, June 21, 2019 4:32 PM
    Wednesday, May 22, 2019 8:59 PM
  • When checking MX records, it is pointed to our Barracuda Cloud service. When looking at our Barracuda Cloud service, the network settings there have it point to the external IP of our Barracuda onsite appliance. From there, it passes to the DMZ address of the Barracuda appliance and finally to our Exchange 2010 DAG. Nowhere do I see the TMG address. So, despite my boss and the CIO saying it is in use, I am highly doubting it.  At this point, I think I will disable that TMG NIC after hours and do some inbound and outbound testing of mail flow.
    Wednesday, May 22, 2019 9:07 PM
  • Think I finally tracked this down.  It appears that this is in use for any access to OWA in our environment.  A small handful of users have access to OWA, and there is a NAT on our firewall that directs those external requests to the DMZ-side of the TMG.  In moving forward, we won't be utilizing this old TMG server or service so it will stay in place for now until we finish migrating to 2016.
    Thursday, May 23, 2019 9:23 PM