ISP Redundancy made easy

Published on
10,319 Points
Last Modified:
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  This includes:

•Lost reputation
•Inability for personnel to communicate over IM
•Inability of personnel to research
•Ultimately – lost productivity and profitability

This really depends on the industry and the specific industries reliance on Internet Connectivity.  Online traders for example would require a significantly more reliable Internet Experience than say, your local school.

Attempts to get around ISP failures include trying to fool your ISA server through multiple metric default gateways (  However, this only gives one ISP all of the traffic and the other get’s nothing.  In the event of a failure of the primary ISP, manual intervention is required as ISA only does what you tell it (Default gateway means ‘default’).

Another way to try and avoid this is to give equal metric Default Gateways.  This doesn’t work either.  When one of your ISPs goes down, you have 50% Internet Connectivity.  Not exactly a solution…

So, that said, with the exception of the Malware Detection built into Threat Management Gateway 2010 (TMG), the ISP redundancy feature of TMG is brilliant!  Business value in 60 minutes.

Here’s how I have set it up at a few customers:

•2 Data Centres (one is primary and the other is DR)
•2 Cisco ASA Firewalls (one in each Data Centre)
•2 ISP connections
•1 1gbps connection between each Data Centre
•2 Microsoft TMG 2010 Enterprise Servers

Summary of config:

•Create a TMG Array (similar to an ISA Array – shared config)
•Use NLB on the internal NICs so that users browser settings always point to a single IP Address.  If one TMG server goes down – no worries – the other takes over all traffic
•On each TMG Server, 2 external NICs are required – one for each ISP
•On both TMG servers, connect to both ISPs.  We do this by creating a separate VLAN for each ISP and having both ASA firewalls and the respective TMG Server NICs as ports of the respective VLAN
•Under the network configuration tab, enable ISP Redundancy

Lots of detail missing here, but I think this is enough to conceptually understand the ISP Redundancy feature of TMG.

Have a look at this TechNet Article on enabling ISP Redundancy for TMG:


Hope this helps,


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Join & Write a Comment

The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month