MS TMG 2010 Multiple WAN


I have an SBS 2008 network setup whereby two ADSL modems are connected to a D-Link Dual WAN load balancer and a 3rd standalone ADSL modem which has a static public IP.

ISA 2006 sits between LAN and D-Link LB, and the standalone router has builtin firewall and connected directly to LAN (using NAT).

All HTTP, RDP, FTP, etc traffic goes out through ISA 2006, and only SMTP goes over standalone router.

I could not route multiple WAN connections through ISA 2006, but would like to do this now with TMG 2010 so I can remove the D-Link LB and put all WAN connections through one box.

Ideally the new TMG 2010 server would have 4 NICs, 1 internal, 2 x ADSL that are load balanced, and 1 ADSL for the static IP.

Is this possible?

Then would I be able to route traffic by protocol, i.e. RDP, HTTP, FTP over 2 x ADSL LB NICs and then SMTP over 1 x ADSL static IP NIC?

I have attached a Visio JPG of what I would like to end up with. In the end, I would like everything to have one default gateway (
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
From this perspective FTMG is no different to ISA Server - it only supports a single external connection. The fact that there are two adsl connections through the single router is still a single network ie it is seen by FTMG as a single 'external' entity. It would not support the additional 'static' connection.

Keith AlabasterEnterprise ArchitectCommented:
As an aside, neither ISA or FTMG will route by traffic - they only route by IP at layer 3.
Stanton_RouxAuthor Commented: I could set up TMG with just the 2 x ADSL connections for normal load balancing of HTTP, RDP, FTP, etc. and leave the current static IP ADSL router as is?

This would then at least allow me to remove the D-Link Dual WAN load balancer from my network entirely.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Keith AlabasterEnterprise ArchitectCommented:
If you have a unit that connects direct to the LAN then FTMG will have no interest in it. naturally it is a security risk but does not affect FTMG at all.
Stanton_RouxAuthor Commented:
Ideally, I wanted just one firewall (ISA/TMG) to protect all connections - however I know that isn't possible.

I want to remove the D-Link LB as it is just another traffic hop in/out as well as another device to manage - and would make better sense to put firewall and LB features on one device if I can.

The standalone router has a built-in firewall to open/close inbound and outbound ports, plus it has NAT to direct incoming traffic to the necessary servers - so although not ideal having it directly on the LAN, it is the best I can do for now - however I do have the option to use the current ISA 2006 licence and load that as a VM to firewall protect the static router.
Keith AlabasterEnterprise ArchitectCommented:
Yes, as long as you have not used the ISA 2006 license as an upgrade path to get the FTMG license ie you have bought licenses outright for both products.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
H-SinghTechnical DirectorCommented:
Hello Stanton Roux

did you get this solution working for you, I mean removing your D link router and placing TMG as only one firewall with 3 WAN connections as failover and load balancer?

just wanted to check as I am in same situation to implement this setup.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server Apps

From novice to tech pro — start learning today.