Solved

How many NICs does Forefront need?

Posted on 2010-11-23
7
668 Views
Last Modified: 2012-05-10
I'm spec'ing a server for Forefront TMG.  We have 4 VLANs, and 2 ISPs.  Does that automatically mean I should have 6 NICs?  Can I use 1 NIC for ISP redundancy?

I do have L3 switches, but they are absolutely atrocious (Dell 6248) and I'd like to keep as much stress as I can off them to ensure reliability.

The VLANs are:

Staff PCs
Management (Servers, management IPs)
Public kiosk PCs
Public (anonymous unsecured) wireless
0
Comment
Question by:sbumpas
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200237
Two nics for external - one for each ISP in ISP failover mode.
one nic as a dmz for the public networks
one for internal.

Use the three-legged firewall template

0
 

Author Comment

by:sbumpas
ID: 34200278
For the internal networks, would routing be handled by TMG or by L3 network equipment?
0
 

Author Comment

by:sbumpas
ID: 34200295
I should probably ask the same question for the public networks, as you suggest they share a NIC?  I assume the NIC would be tagged, if the switches don't handle the routing?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200447
If they are tagged then FTMG would not be able to handle it - FTMG is not a router in itself, it uses the routing capabilitirs of the host OS. The port used by the FTMG to connect to its nearest L3 switch should be a vlan of its own or a straight subnet with the l3 switch using that subnet as its gateway to the FTMG.

0
 

Author Comment

by:sbumpas
ID: 34200489
I think I understand - the 2 internal NICs should be dedicated /30, correct?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34202938
That would work fine - yes.

When you configure the FTMG wizrad, it will ask what are the internal addresses it protects. Includse ALL addresses that are contactable through the INTERNAL nic. These MUST include the network ID's and the broadcast addresses for ALL internal vlans and subnets.

i.e.
192.168.0.0 - 192.168.0.255

Do the same for the Wireless/untrusted nic.
0
 

Author Closing Comment

by:sbumpas
ID: 34205804
Thanks again!
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now