Solved

How many NICs does Forefront need?

Posted on 2010-11-23
7
675 Views
Last Modified: 2012-05-10
I'm spec'ing a server for Forefront TMG.  We have 4 VLANs, and 2 ISPs.  Does that automatically mean I should have 6 NICs?  Can I use 1 NIC for ISP redundancy?

I do have L3 switches, but they are absolutely atrocious (Dell 6248) and I'd like to keep as much stress as I can off them to ensure reliability.

The VLANs are:

Staff PCs
Management (Servers, management IPs)
Public kiosk PCs
Public (anonymous unsecured) wireless
0
Comment
Question by:sbumpas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200237
Two nics for external - one for each ISP in ISP failover mode.
one nic as a dmz for the public networks
one for internal.

Use the three-legged firewall template

0
 

Author Comment

by:sbumpas
ID: 34200278
For the internal networks, would routing be handled by TMG or by L3 network equipment?
0
 

Author Comment

by:sbumpas
ID: 34200295
I should probably ask the same question for the public networks, as you suggest they share a NIC?  I assume the NIC would be tagged, if the switches don't handle the routing?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200447
If they are tagged then FTMG would not be able to handle it - FTMG is not a router in itself, it uses the routing capabilitirs of the host OS. The port used by the FTMG to connect to its nearest L3 switch should be a vlan of its own or a straight subnet with the l3 switch using that subnet as its gateway to the FTMG.

0
 

Author Comment

by:sbumpas
ID: 34200489
I think I understand - the 2 internal NICs should be dedicated /30, correct?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34202938
That would work fine - yes.

When you configure the FTMG wizrad, it will ask what are the internal addresses it protects. Includse ALL addresses that are contactable through the INTERNAL nic. These MUST include the network ID's and the broadcast addresses for ALL internal vlans and subnets.

i.e.
192.168.0.0 - 192.168.0.255

Do the same for the Wireless/untrusted nic.
0
 

Author Closing Comment

by:sbumpas
ID: 34205804
Thanks again!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question