Solved

How many NICs does Forefront need?

Posted on 2010-11-23
7
671 Views
Last Modified: 2012-05-10
I'm spec'ing a server for Forefront TMG.  We have 4 VLANs, and 2 ISPs.  Does that automatically mean I should have 6 NICs?  Can I use 1 NIC for ISP redundancy?

I do have L3 switches, but they are absolutely atrocious (Dell 6248) and I'd like to keep as much stress as I can off them to ensure reliability.

The VLANs are:

Staff PCs
Management (Servers, management IPs)
Public kiosk PCs
Public (anonymous unsecured) wireless
0
Comment
Question by:sbumpas
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200237
Two nics for external - one for each ISP in ISP failover mode.
one nic as a dmz for the public networks
one for internal.

Use the three-legged firewall template

0
 

Author Comment

by:sbumpas
ID: 34200278
For the internal networks, would routing be handled by TMG or by L3 network equipment?
0
 

Author Comment

by:sbumpas
ID: 34200295
I should probably ask the same question for the public networks, as you suggest they share a NIC?  I assume the NIC would be tagged, if the switches don't handle the routing?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34200447
If they are tagged then FTMG would not be able to handle it - FTMG is not a router in itself, it uses the routing capabilitirs of the host OS. The port used by the FTMG to connect to its nearest L3 switch should be a vlan of its own or a straight subnet with the l3 switch using that subnet as its gateway to the FTMG.

0
 

Author Comment

by:sbumpas
ID: 34200489
I think I understand - the 2 internal NICs should be dedicated /30, correct?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34202938
That would work fine - yes.

When you configure the FTMG wizrad, it will ask what are the internal addresses it protects. Includse ALL addresses that are contactable through the INTERNAL nic. These MUST include the network ID's and the broadcast addresses for ALL internal vlans and subnets.

i.e.
192.168.0.0 - 192.168.0.255

Do the same for the Wireless/untrusted nic.
0
 

Author Closing Comment

by:sbumpas
ID: 34205804
Thanks again!
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question