Solved

ForeFront TMG Multiple Gateways

Posted on 2010-09-08
6
1,560 Views
Last Modified: 2013-11-16
Hi Guys,

Is it possible to configure 2 x gateways in Forefront TMG,
We have two routers onsite to the internet.
We want to allocate some users to the one gateway and a group of more users to use the second gateway.

Could this be configured in ForeFront TMG?  I realize that the box will require 3 x network cards;
(1 x internal, 2 x external)
0
Comment
Question by:Rupert Eghardt
  • 4
  • 2
6 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33629225
No - it can't. ISA and FTMG have no concept of protocol or user based routing in this context. You can route to different external gateways based on the destination IP address but this is more on the OS routing table rather than anything clever in ISA/FTMG.

Even using the ISP Failover/load-balancing options that now come with FTMG, the balancing is by traffic, not by source user or protocol.

Keith
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 33635543
Maybe you could try using Networking rules, but you will have to filter by Source IPs and not by Usernames.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33635868
I say again, it will not work. Period.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 10

Expert Comment

by:simonlimon
ID: 33635901
You can also try using ISP redundancy mode as explained, I know the question was different and this will be done dynamically.

http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-ISP-Redundancy-Mode.html
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 33640740
ISP redundancy only uses the alternative route if the primnary fails. ISP load-balancing allows the two connections to be used concurrently but splits the traffic either 50-50 or on a percentage basis selectable by the operator. It will not make decisions based upon protocol, source ip address, or other criteria.

Not trying to rain on anyone's parade but neither ISA or FTMG is geared to do what is being asked.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 33689365
Are we done here?
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now