Solved

TMG as a smtp to TLS gateway.

Posted on 2011-03-06
9
1,865 Views
Last Modified: 2012-05-11
We would like to use our TMG as a perimeter gateway to encrypt mail traffic using TLS between an external mail provider and  an smtp server on the inside. (TLS on the outside and SMTP on the inside). We do not need virus checking or filtering in the TMG. It should act only as a SMT to TLS gateway.
The question is if we need to install the Exchange Server Edge Transport role or not?

0
Comment
Question by:Perreb
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35045837
Edge server is nothing more than a spam filter...for your requirements you dont have to deploy an edge serve.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 250 total points
ID: 35045846
>>Edge server is nothing more than a spam filter

This statement is completely wrong, Edge Transport Role is not only a message cleansing role it's also an SMTP Relay or Smarthost service.

It's designed so that it acts as a barrier between your internal SMTP service and your external one.

However, if all you want to do is send TLS then Exchange Send Connectors can do this for you and this doesn't require an Edge Transport service
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35045875
Thanks demazter for correction.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 35046126
Agreed - just make sure you enable TLS at the right point else ALL SMTP traffic will expect to be TLS-enabled. You don't mention the version of Exchange you are running but assuming it is Exchange 2007/2010 then you do at least have the ability for opportunistic TLS.
0
 

Author Comment

by:Perreb
ID: 35046231
Thanks all for replies.  The inside server is a 2003 and as I understand it can not have different TLS settings for differend connectors. TLS can be ON or OFF Globally. An uppgrade to 2007/2010 is not possible at this time.  Thats why we want to use the TMG between the server and the external mail provider where we want to use Enforced TLS. The TMG is installed and configured. SMTP works fine but TLS not. Thats why I suspected we needed Edge transport to make it work.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 35046252
Under 2003, I thought you could make a secondary virtual server etc and create an SMTP connector within just for the domain(s) you want TLS to operate with (correct, opportunistic TLS didn't come in until 2007).
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35046343
Keith is right, to enable TLS with Exchange 2003 create a new Virtual Server, set the TLS settings on that virtual server then create a new SMTP Connector with the appropriate address space and then select the Virtual Server you created earlier.

Its much easier with 2007/2010 and if you are using 2003 a 2007 or 2010 Edge server wouldn't be of any use to you anyway.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now