ISP Redundancy made easy

Published on
10,404 Points
Last Modified:
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  This includes:

•Lost reputation
•Inability for personnel to communicate over IM
•Inability of personnel to research
•Ultimately – lost productivity and profitability

This really depends on the industry and the specific industries reliance on Internet Connectivity.  Online traders for example would require a significantly more reliable Internet Experience than say, your local school.

Attempts to get around ISP failures include trying to fool your ISA server through multiple metric default gateways (  However, this only gives one ISP all of the traffic and the other get’s nothing.  In the event of a failure of the primary ISP, manual intervention is required as ISA only does what you tell it (Default gateway means ‘default’).

Another way to try and avoid this is to give equal metric Default Gateways.  This doesn’t work either.  When one of your ISPs goes down, you have 50% Internet Connectivity.  Not exactly a solution…

So, that said, with the exception of the Malware Detection built into Threat Management Gateway 2010 (TMG), the ISP redundancy feature of TMG is brilliant!  Business value in 60 minutes.

Here’s how I have set it up at a few customers:

•2 Data Centres (one is primary and the other is DR)
•2 Cisco ASA Firewalls (one in each Data Centre)
•2 ISP connections
•1 1gbps connection between each Data Centre
•2 Microsoft TMG 2010 Enterprise Servers

Summary of config:

•Create a TMG Array (similar to an ISA Array – shared config)
•Use NLB on the internal NICs so that users browser settings always point to a single IP Address.  If one TMG server goes down – no worries – the other takes over all traffic
•On each TMG Server, 2 external NICs are required – one for each ISP
•On both TMG servers, connect to both ISPs.  We do this by creating a separate VLAN for each ISP and having both ASA firewalls and the respective TMG Server NICs as ports of the respective VLAN
•Under the network configuration tab, enable ISP Redundancy

Lots of detail missing here, but I think this is enough to conceptually understand the ISP Redundancy feature of TMG.

Have a look at this TechNet Article on enabling ISP Redundancy for TMG:


Hope this helps,


Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Join & Write a Comment

This is Part-2 of Learning to use the Power of Mailwasher Pro so if you haven't watched Part-1 yet, I urge you to do so before watching this video. Click this link to watch Part-1 (https://www.experts-exchange.com/videos/56638/Learn-to-use-the-POWER…
Watch this simple and effective video tutorial to extract attachments from Outlook 2007 and try this easy method by yourself. No need to go anywhere, just watch the video and export attachments from Outlook in few simple steps. To know more, click h…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month