Solved

TMG as a smtp to TLS gateway.

Posted on 2011-03-06
9
1,892 Views
Last Modified: 2012-05-11
We would like to use our TMG as a perimeter gateway to encrypt mail traffic using TLS between an external mail provider and  an smtp server on the inside. (TLS on the outside and SMTP on the inside). We do not need virus checking or filtering in the TMG. It should act only as a SMT to TLS gateway.
The question is if we need to install the Exchange Server Edge Transport role or not?

0
Comment
Question by:Perreb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
9 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35045837
Edge server is nothing more than a spam filter...for your requirements you dont have to deploy an edge serve.
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 250 total points
ID: 35045846
>>Edge server is nothing more than a spam filter

This statement is completely wrong, Edge Transport Role is not only a message cleansing role it's also an SMTP Relay or Smarthost service.

It's designed so that it acts as a barrier between your internal SMTP service and your external one.

However, if all you want to do is send TLS then Exchange Send Connectors can do this for you and this doesn't require an Edge Transport service
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 35045875
Thanks demazter for correction.
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 35046126
Agreed - just make sure you enable TLS at the right point else ALL SMTP traffic will expect to be TLS-enabled. You don't mention the version of Exchange you are running but assuming it is Exchange 2007/2010 then you do at least have the ability for opportunistic TLS.
0
 

Author Comment

by:Perreb
ID: 35046231
Thanks all for replies.  The inside server is a 2003 and as I understand it can not have different TLS settings for differend connectors. TLS can be ON or OFF Globally. An uppgrade to 2007/2010 is not possible at this time.  Thats why we want to use the TMG between the server and the external mail provider where we want to use Enforced TLS. The TMG is installed and configured. SMTP works fine but TLS not. Thats why I suspected we needed Edge transport to make it work.
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 35046252
Under 2003, I thought you could make a secondary virtual server etc and create an SMTP connector within just for the domain(s) you want TLS to operate with (correct, opportunistic TLS didn't come in until 2007).
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35046343
Keith is right, to enable TLS with Exchange 2003 create a new Virtual Server, set the TLS settings on that virtual server then create a new SMTP Connector with the appropriate address space and then select the Virtual Server you created earlier.

Its much easier with 2007/2010 and if you are using 2003 a 2007 or 2010 Edge server wouldn't be of any use to you anyway.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question