Solved

Forefront tmg to barracuda

Posted on 2011-03-23
14
1,040 Views
Last Modified: 2012-05-11
I want to pass SMTP traffic from the forefront TMG to the barracuda.  has anyone done this succsessfully?  So far, no matter what kind of rule I set up as soon as i switch off the old ISA server, add the email ip addresses to the TMG server and enable the rule, the SMTP traffic to the barracuda stops.  we are not using exchange server.
0
Comment
Question by:gjcp
  • 7
  • 7
14 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 35206789
The TMG has to have all the IP#s the old ISA had.  There is no "email address".  It isn't going to do you any good if the incoming traffic hits the TMG and the Barracuda doesn't respond back the TMG identically to how it did with the ISA.

You have to use a simple straight SMTP Publishing Rule,...Server Publishing Rule,..aka. a Non-Web Server Publishing Rule using "SMTP Server" as the Protocol (not the regular SMTP)
0
 

Author Comment

by:gjcp
ID: 35207858
I have ALL of the IP addresses that the old ISA had.  I made sure of that before I turned on the rule i made for smtp traffic.  I set up the following rule-
Action = allow
Traffic = SMTP Server
From = Anywhere
to =  the IP address of the barracuda
        requests appear to come from the origional client
networks = external   all IP addresses

I set this up using the "Non-web server protocols"

Any Ideas?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35208366
requests appear to come from the origional client

Change to:

requests appear to come from the ISA

Now what does it do?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35208397
From = Anywhere

Really should be

From = External

However that by itself should not break anything,...it is just good practise to be specific,..."anywhere" is not very specific.
0
 

Author Comment

by:gjcp
ID: 35210464
I will not have a window of opportunity to try the change you suggest until next week.  I will post the results then.  thanks
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35210783
It is not a change,...it is a troubleshooting step,...although if it works you have the option to leave it that way.
0
 

Author Comment

by:gjcp
ID: 35264003
I had a half hour window and  I tried 2 different rule settings and nether one worked.  I created a straight access rule and a non web server rule.  I tried one at a time and they both failed.  I need to try the setting "requests appear to come from the isa"  I realized that I set it to appear to come from the client.  I wont have another window of opportunity to try anything else until next week.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 29

Expert Comment

by:pwindell
ID: 35283492
Ok, that's fine.  I'll get an email alert when you post back.
0
 

Author Comment

by:gjcp
ID: 35337018
ARRG! all experments have failed.  I almost wish I could put isa 2004 on the win2008 server!  It is strange that all of the other rules work just fine, but for some reason i cant get the smtp traffic to go to the barracuda.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35342190
Well, the ISA part is extremely simple,...it is just a very simple striaght forward Non-Web Server Publishing Rule with External as the Source,..the IP of the Barracuda as the Target,...and the Protocol is "SMTP Server" (not the regular SMTP).  It is just that simple,...no more complex than that.

The Barracuda then has to be a SecureNAT Client of the ISA so the response packets follow the same path out that it came in on.

If it is not working after that then you have some other issues that go beyond the ISA.
0
 

Author Comment

by:gjcp
ID: 35343720
Well I guess my issues go beyond the forefront tmg server.  It is really frustrating since all the other rules work just fine.  You are right, the rule itself is simple, and works correctly on the old isa 2004 server. I have never experienced such a crazy problem and i have been at this for 20+ years!
0
 

Accepted Solution

by:
gjcp earned 0 total points
ID: 37456568
Turned out that it was actually a port problem on a switch.  We switched cables and everything started working
0
 

Author Closing Comment

by:gjcp
ID: 37478667
It turned out to be a faulty switch
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37456710
Ok, very good.  Glad to hear you got it worked out.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now