[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


ISP Redundancy made easy

Published on
10,483 Points
Last Modified:
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  This includes:

•Lost reputation
•Inability for personnel to communicate over IM
•Inability of personnel to research
•Ultimately – lost productivity and profitability

This really depends on the industry and the specific industries reliance on Internet Connectivity.  Online traders for example would require a significantly more reliable Internet Experience than say, your local school.

Attempts to get around ISP failures include trying to fool your ISA server through multiple metric default gateways (  However, this only gives one ISP all of the traffic and the other get’s nothing.  In the event of a failure of the primary ISP, manual intervention is required as ISA only does what you tell it (Default gateway means ‘default’).

Another way to try and avoid this is to give equal metric Default Gateways.  This doesn’t work either.  When one of your ISPs goes down, you have 50% Internet Connectivity.  Not exactly a solution…

So, that said, with the exception of the Malware Detection built into Threat Management Gateway 2010 (TMG), the ISP redundancy feature of TMG is brilliant!  Business value in 60 minutes.

Here’s how I have set it up at a few customers:

•2 Data Centres (one is primary and the other is DR)
•2 Cisco ASA Firewalls (one in each Data Centre)
•2 ISP connections
•1 1gbps connection between each Data Centre
•2 Microsoft TMG 2010 Enterprise Servers

Summary of config:

•Create a TMG Array (similar to an ISA Array – shared config)
•Use NLB on the internal NICs so that users browser settings always point to a single IP Address.  If one TMG server goes down – no worries – the other takes over all traffic
•On each TMG Server, 2 external NICs are required – one for each ISP
•On both TMG servers, connect to both ISPs.  We do this by creating a separate VLAN for each ISP and having both ASA firewalls and the respective TMG Server NICs as ports of the respective VLAN
•Under the network configuration tab, enable ISP Redundancy

Lots of detail missing here, but I think this is enough to conceptually understand the ISP Redundancy feature of TMG.

Have a look at this TechNet Article on enabling ISP Redundancy for TMG:


Hope this helps,


Featured Post

Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

Learn how to collaborate with office 365 Office Online
There are many cases found where ScanPST.exe fails to repair corrupt Outlook PST File. When user tries to repair PST using Inbox Repair tool and it throws below error: •      Inbox Repair tool does not recognize the file •      ScanPST.exe hangs in betwee…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month