Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How many NICs does Forefront need?

Posted on 2010-11-23
7
Medium Priority
?
684 Views
Last Modified: 2012-05-10
I'm spec'ing a server for Forefront TMG.  We have 4 VLANs, and 2 ISPs.  Does that automatically mean I should have 6 NICs?  Can I use 1 NIC for ISP redundancy?

I do have L3 switches, but they are absolutely atrocious (Dell 6248) and I'd like to keep as much stress as I can off them to ensure reliability.

The VLANs are:

Staff PCs
Management (Servers, management IPs)
Public kiosk PCs
Public (anonymous unsecured) wireless
0
Comment
Question by:sbumpas
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200237
Two nics for external - one for each ISP in ISP failover mode.
one nic as a dmz for the public networks
one for internal.

Use the three-legged firewall template

0
 

Author Comment

by:sbumpas
ID: 34200278
For the internal networks, would routing be handled by TMG or by L3 network equipment?
0
 

Author Comment

by:sbumpas
ID: 34200295
I should probably ask the same question for the public networks, as you suggest they share a NIC?  I assume the NIC would be tagged, if the switches don't handle the routing?
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200447
If they are tagged then FTMG would not be able to handle it - FTMG is not a router in itself, it uses the routing capabilitirs of the host OS. The port used by the FTMG to connect to its nearest L3 switch should be a vlan of its own or a straight subnet with the l3 switch using that subnet as its gateway to the FTMG.

0
 

Author Comment

by:sbumpas
ID: 34200489
I think I understand - the 2 internal NICs should be dedicated /30, correct?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 34202938
That would work fine - yes.

When you configure the FTMG wizrad, it will ask what are the internal addresses it protects. Includse ALL addresses that are contactable through the INTERNAL nic. These MUST include the network ID's and the broadcast addresses for ALL internal vlans and subnets.

i.e.
192.168.0.0 - 192.168.0.255

Do the same for the Wireless/untrusted nic.
0
 

Author Closing Comment

by:sbumpas
ID: 34205804
Thanks again!
0

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is focussed on erradicating the confusion with slash notations. This article will help you identify and understand the purpose and use of slash notations. A deep understanding of this will help you identify networks quicker especially w…
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question