ISP Redundancy made easy

Published on
10,271 Points
Last Modified:
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  This includes:

•Lost reputation
•Inability for personnel to communicate over IM
•Inability of personnel to research
•Ultimately – lost productivity and profitability

This really depends on the industry and the specific industries reliance on Internet Connectivity.  Online traders for example would require a significantly more reliable Internet Experience than say, your local school.

Attempts to get around ISP failures include trying to fool your ISA server through multiple metric default gateways (  However, this only gives one ISP all of the traffic and the other get’s nothing.  In the event of a failure of the primary ISP, manual intervention is required as ISA only does what you tell it (Default gateway means ‘default’).

Another way to try and avoid this is to give equal metric Default Gateways.  This doesn’t work either.  When one of your ISPs goes down, you have 50% Internet Connectivity.  Not exactly a solution…

So, that said, with the exception of the Malware Detection built into Threat Management Gateway 2010 (TMG), the ISP redundancy feature of TMG is brilliant!  Business value in 60 minutes.

Here’s how I have set it up at a few customers:

•2 Data Centres (one is primary and the other is DR)
•2 Cisco ASA Firewalls (one in each Data Centre)
•2 ISP connections
•1 1gbps connection between each Data Centre
•2 Microsoft TMG 2010 Enterprise Servers

Summary of config:

•Create a TMG Array (similar to an ISA Array – shared config)
•Use NLB on the internal NICs so that users browser settings always point to a single IP Address.  If one TMG server goes down – no worries – the other takes over all traffic
•On each TMG Server, 2 external NICs are required – one for each ISP
•On both TMG servers, connect to both ISPs.  We do this by creating a separate VLAN for each ISP and having both ASA firewalls and the respective TMG Server NICs as ports of the respective VLAN
•Under the network configuration tab, enable ISP Redundancy

Lots of detail missing here, but I think this is enough to conceptually understand the ISP Redundancy feature of TMG.

Have a look at this TechNet Article on enabling ISP Redundancy for TMG:


Hope this helps,

Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Join & Write a Comment

In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month