need a suitable router for Forefront TMG
Hi,
I am trying to find a suitable router for my TMG server that will allow me to publish as many server which require the use of port 443. In my current setup i've got the mail server using port 443, and another website uses port 4343 becouse my router does not support much and is limited.
The only problem is staff have to type https://whatever.mycompany.com:4343 at the end of the address.
Is there a router out there which possibly will allow me to use an IP range assined to port 443 such as Ip address 192.168.1.1 to 192.168.1.12 for example ?
I dont have a problem with using port 80 becouse forefront will allow me to publish as many websites as I like using that port.
However I have to add additional IP addresses to my external NIC on the forefront server, and assisn them to each website if I want use more than one secure website.
any suggestions?
thanks
I am trying to find a suitable router for my TMG server that will allow me to publish as many server which require the use of port 443. In my current setup i've got the mail server using port 443, and another website uses port 4343 becouse my router does not support much and is limited.
The only problem is staff have to type https://whatever.mycompany.com:4343 at the end of the address.
Is there a router out there which possibly will allow me to use an IP range assined to port 443 such as Ip address 192.168.1.1 to 192.168.1.12 for example ?
I dont have a problem with using port 80 becouse forefront will allow me to publish as many websites as I like using that port.
However I have to add additional IP addresses to my external NIC on the forefront server, and assisn them to each website if I want use more than one secure website.
any suggestions?
thanks
giltjr
What is your current router?
Hi, the recommended approach would be to use multiple statistic public ip addresses assigned to the external nic of the tmg box. You will need to contact your isp in order to set them up and you would need a suitable router to support ip routing (no Nat) so that traffic 'hits' the eternal nic of the tmg box 'directly'.
Once that has been set up, you would create dns A record entries for you services / ip addresses (eg mail.mycompany.com to xxx.xxx.xxx.xxx) as appropriate.
Finally, update your network config in tmg and create publishing rules for your services using there new ips.
For us to help you further, as above, please let us know the make and model of your current router.
Once that has been set up, you would create dns A record entries for you services / ip addresses (eg mail.mycompany.com to xxx.xxx.xxx.xxx) as appropriate.
Finally, update your network config in tmg and create publishing rules for your services using there new ips.
For us to help you further, as above, please let us know the make and model of your current router.
ASKER
My current router hardly supports anything it's a BT home Hub 2.0, i've tryed contacting them but their idots so given up on their help.
This looks like a device target for a home not a business.
First, can you get multiple static IP addresses with the type of account you have?
If you can, then almost any router that can do real NAT'ing for multiple IP addresses will work. However, be prepared, these could be expensive, no USD $99 specials here.
If you are real good with Linux, you could roll your own. A computer with multiple NIC's (at least two) and then a normal everyday switch.
First, can you get multiple static IP addresses with the type of account you have?
If you can, then almost any router that can do real NAT'ing for multiple IP addresses will work. However, be prepared, these could be expensive, no USD $99 specials here.
If you are real good with Linux, you could roll your own. A computer with multiple NIC's (at least two) and then a normal everyday switch.
I don't think the home hub is capable of any of the required functions, also, if the broadband package with bt is the home package, my suggested setup will not work as they do not assign static addresses to home users. If not, a small SoHo router like a date 2900 or similar should do the trick.
If they are only web sites that you are publishing, your only other option in this case would be to use virtual directories on the same port (443 in this case) I.e. whatever.mycompany.com/web
If they are only web sites that you are publishing, your only other option in this case would be to use virtual directories on the same port (443 in this case) I.e. whatever.mycompany.com/web
ASKER
The problem in my case with doing whatever.site.com/webpage is that I got mail server outlook Webaccess for exchange and a local intranet site. I guess if it was just websites that that would be aceptable, however I got two diffrent external domain names such as mail.website.co.uk and intranet.site.co.uk hosted on my servers.
The SoHo router 2900 is that a cisco product I carnt find much on google about them ?
The SoHo router 2900 is that a cisco product I carnt find much on google about them ?
Sorry for the delay in my response, I have been off work sick.
From what you describe above, you should still be able to set up TMG to publish your required services using a single IP:
You can create a single listener to listen on your tmg ip for port 443 traffic then create two different rules using that same listener to differentiate between mail.website.co.uk and intranet.site.co.uk (in the 'Public Name' tab of the rule in tmg). Then, set the rule to forward the original host header (i.e. the address entered in the browser by the user) to the web server and configure the web server to respond appropriately to whichever host header it receives (see: http://technet.microsoft.c
For info: the router I was talking about is a Draytek 2900 (i miss-types draytek as date thanks to my predictive text on my HTC!) Although saying that, the 2900 is quite an old model so maybe the 2920 would suite better see: http://www.draytek.co.uk/p
From what you describe above, you should still be able to set up TMG to publish your required services using a single IP:
You can create a single listener to listen on your tmg ip for port 443 traffic then create two different rules using that same listener to differentiate between mail.website.co.uk and intranet.site.co.uk (in the 'Public Name' tab of the rule in tmg). Then, set the rule to forward the original host header (i.e. the address entered in the browser by the user) to the web server and configure the web server to respond appropriately to whichever host header it receives (see: http://technet.microsoft.c
For info: the router I was talking about is a Draytek 2900 (i miss-types draytek as date thanks to my predictive text on my HTC!) Although saying that, the 2900 is quite an old model so maybe the 2920 would suite better see: http://www.draytek.co.uk/p
ASKER
I'm not sure on that creating a single listner part. If I remeber right the last time, it kept poping up with the same ssl certificate for both sites. Which ment that one side worked and the other didn't. The two secure sites are hosted on diffrent servers. Not sure if what you where explaining could be done if the sites where all hosted on the same server ?
Any chance of any screen shot demos on this? I'm not good at reading instructions, they drive me up the wall and I like to get down to the point.
Any chance of any screen shot demos on this? I'm not good at reading instructions, they drive me up the wall and I like to get down to the point.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.