Solved

Forefront tmg to barracuda

Posted on 2011-03-23
14
1,048 Views
Last Modified: 2012-05-11
I want to pass SMTP traffic from the forefront TMG to the barracuda.  has anyone done this succsessfully?  So far, no matter what kind of rule I set up as soon as i switch off the old ISA server, add the email ip addresses to the TMG server and enable the rule, the SMTP traffic to the barracuda stops.  we are not using exchange server.
0
Comment
Question by:gjcp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
14 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 35206789
The TMG has to have all the IP#s the old ISA had.  There is no "email address".  It isn't going to do you any good if the incoming traffic hits the TMG and the Barracuda doesn't respond back the TMG identically to how it did with the ISA.

You have to use a simple straight SMTP Publishing Rule,...Server Publishing Rule,..aka. a Non-Web Server Publishing Rule using "SMTP Server" as the Protocol (not the regular SMTP)
0
 

Author Comment

by:gjcp
ID: 35207858
I have ALL of the IP addresses that the old ISA had.  I made sure of that before I turned on the rule i made for smtp traffic.  I set up the following rule-
Action = allow
Traffic = SMTP Server
From = Anywhere
to =  the IP address of the barracuda
        requests appear to come from the origional client
networks = external   all IP addresses

I set this up using the "Non-web server protocols"

Any Ideas?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35208366
requests appear to come from the origional client

Change to:

requests appear to come from the ISA

Now what does it do?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:pwindell
ID: 35208397
From = Anywhere

Really should be

From = External

However that by itself should not break anything,...it is just good practise to be specific,..."anywhere" is not very specific.
0
 

Author Comment

by:gjcp
ID: 35210464
I will not have a window of opportunity to try the change you suggest until next week.  I will post the results then.  thanks
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35210783
It is not a change,...it is a troubleshooting step,...although if it works you have the option to leave it that way.
0
 

Author Comment

by:gjcp
ID: 35264003
I had a half hour window and  I tried 2 different rule settings and nether one worked.  I created a straight access rule and a non web server rule.  I tried one at a time and they both failed.  I need to try the setting "requests appear to come from the isa"  I realized that I set it to appear to come from the client.  I wont have another window of opportunity to try anything else until next week.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35283492
Ok, that's fine.  I'll get an email alert when you post back.
0
 

Author Comment

by:gjcp
ID: 35337018
ARRG! all experments have failed.  I almost wish I could put isa 2004 on the win2008 server!  It is strange that all of the other rules work just fine, but for some reason i cant get the smtp traffic to go to the barracuda.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35342190
Well, the ISA part is extremely simple,...it is just a very simple striaght forward Non-Web Server Publishing Rule with External as the Source,..the IP of the Barracuda as the Target,...and the Protocol is "SMTP Server" (not the regular SMTP).  It is just that simple,...no more complex than that.

The Barracuda then has to be a SecureNAT Client of the ISA so the response packets follow the same path out that it came in on.

If it is not working after that then you have some other issues that go beyond the ISA.
0
 

Author Comment

by:gjcp
ID: 35343720
Well I guess my issues go beyond the forefront tmg server.  It is really frustrating since all the other rules work just fine.  You are right, the rule itself is simple, and works correctly on the old isa 2004 server. I have never experienced such a crazy problem and i have been at this for 20+ years!
0
 

Accepted Solution

by:
gjcp earned 0 total points
ID: 37456568
Turned out that it was actually a port problem on a switch.  We switched cables and everything started working
0
 

Author Closing Comment

by:gjcp
ID: 37478667
It turned out to be a faulty switch
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37456710
Ok, very good.  Glad to hear you got it worked out.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question