Solved

TMG as a smtp to TLS gateway.

Posted on 2011-03-06
9
1,897 Views
Last Modified: 2012-05-11
We would like to use our TMG as a perimeter gateway to encrypt mail traffic using TLS between an external mail provider and  an smtp server on the inside. (TLS on the outside and SMTP on the inside). We do not need virus checking or filtering in the TMG. It should act only as a SMT to TLS gateway.
The question is if we need to install the Exchange Server Edge Transport role or not?

0
Comment
Question by:Perreb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35045837
Edge server is nothing more than a spam filter...for your requirements you dont have to deploy an edge serve.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 250 total points
ID: 35045846
>>Edge server is nothing more than a spam filter

This statement is completely wrong, Edge Transport Role is not only a message cleansing role it's also an SMTP Relay or Smarthost service.

It's designed so that it acts as a barrier between your internal SMTP service and your external one.

However, if all you want to do is send TLS then Exchange Send Connectors can do this for you and this doesn't require an Edge Transport service
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35045875
Thanks demazter for correction.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 35046126
Agreed - just make sure you enable TLS at the right point else ALL SMTP traffic will expect to be TLS-enabled. You don't mention the version of Exchange you are running but assuming it is Exchange 2007/2010 then you do at least have the ability for opportunistic TLS.
0
 

Author Comment

by:Perreb
ID: 35046231
Thanks all for replies.  The inside server is a 2003 and as I understand it can not have different TLS settings for differend connectors. TLS can be ON or OFF Globally. An uppgrade to 2007/2010 is not possible at this time.  Thats why we want to use the TMG between the server and the external mail provider where we want to use Enforced TLS. The TMG is installed and configured. SMTP works fine but TLS not. Thats why I suspected we needed Edge transport to make it work.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 35046252
Under 2003, I thought you could make a secondary virtual server etc and create an SMTP connector within just for the domain(s) you want TLS to operate with (correct, opportunistic TLS didn't come in until 2007).
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35046343
Keith is right, to enable TLS with Exchange 2003 create a new Virtual Server, set the TLS settings on that virtual server then create a new SMTP Connector with the appropriate address space and then select the Virtual Server you created earlier.

Its much easier with 2007/2010 and if you are using 2003 a 2007 or 2010 Edge server wouldn't be of any use to you anyway.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question