Solved

ForeFront TMG Multiple Gateways

Posted on 2010-09-08
6
1,583 Views
Last Modified: 2013-11-16
Hi Guys,

Is it possible to configure 2 x gateways in Forefront TMG,
We have two routers onsite to the internet.
We want to allocate some users to the one gateway and a group of more users to use the second gateway.

Could this be configured in ForeFront TMG?  I realize that the box will require 3 x network cards;
(1 x internal, 2 x external)
0
Comment
Question by:Rupert Eghardt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33629225
No - it can't. ISA and FTMG have no concept of protocol or user based routing in this context. You can route to different external gateways based on the destination IP address but this is more on the OS routing table rather than anything clever in ISA/FTMG.

Even using the ISP Failover/load-balancing options that now come with FTMG, the balancing is by traffic, not by source user or protocol.

Keith
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 33635543
Maybe you could try using Networking rules, but you will have to filter by Source IPs and not by Usernames.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33635868
I say again, it will not work. Period.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 10

Expert Comment

by:simonlimon
ID: 33635901
You can also try using ISP redundancy mode as explained, I know the question was different and this will be done dynamically.

http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-ISP-Redundancy-Mode.html
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 33640740
ISP redundancy only uses the alternative route if the primnary fails. ISP load-balancing allows the two connections to be used concurrently but splits the traffic either 50-50 or on a percentage basis selectable by the operator. It will not make decisions based upon protocol, source ip address, or other criteria.

Not trying to rain on anyone's parade but neither ISA or FTMG is geared to do what is being asked.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33689365
Are we done here?
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question