Solved

Forefront tmg to barracuda

Posted on 2011-03-23
14
1,045 Views
Last Modified: 2012-05-11
I want to pass SMTP traffic from the forefront TMG to the barracuda.  has anyone done this succsessfully?  So far, no matter what kind of rule I set up as soon as i switch off the old ISA server, add the email ip addresses to the TMG server and enable the rule, the SMTP traffic to the barracuda stops.  we are not using exchange server.
0
Comment
Question by:gjcp
  • 7
  • 7
14 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 35206789
The TMG has to have all the IP#s the old ISA had.  There is no "email address".  It isn't going to do you any good if the incoming traffic hits the TMG and the Barracuda doesn't respond back the TMG identically to how it did with the ISA.

You have to use a simple straight SMTP Publishing Rule,...Server Publishing Rule,..aka. a Non-Web Server Publishing Rule using "SMTP Server" as the Protocol (not the regular SMTP)
0
 

Author Comment

by:gjcp
ID: 35207858
I have ALL of the IP addresses that the old ISA had.  I made sure of that before I turned on the rule i made for smtp traffic.  I set up the following rule-
Action = allow
Traffic = SMTP Server
From = Anywhere
to =  the IP address of the barracuda
        requests appear to come from the origional client
networks = external   all IP addresses

I set this up using the "Non-web server protocols"

Any Ideas?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35208366
requests appear to come from the origional client

Change to:

requests appear to come from the ISA

Now what does it do?
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 29

Expert Comment

by:pwindell
ID: 35208397
From = Anywhere

Really should be

From = External

However that by itself should not break anything,...it is just good practise to be specific,..."anywhere" is not very specific.
0
 

Author Comment

by:gjcp
ID: 35210464
I will not have a window of opportunity to try the change you suggest until next week.  I will post the results then.  thanks
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35210783
It is not a change,...it is a troubleshooting step,...although if it works you have the option to leave it that way.
0
 

Author Comment

by:gjcp
ID: 35264003
I had a half hour window and  I tried 2 different rule settings and nether one worked.  I created a straight access rule and a non web server rule.  I tried one at a time and they both failed.  I need to try the setting "requests appear to come from the isa"  I realized that I set it to appear to come from the client.  I wont have another window of opportunity to try anything else until next week.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35283492
Ok, that's fine.  I'll get an email alert when you post back.
0
 

Author Comment

by:gjcp
ID: 35337018
ARRG! all experments have failed.  I almost wish I could put isa 2004 on the win2008 server!  It is strange that all of the other rules work just fine, but for some reason i cant get the smtp traffic to go to the barracuda.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35342190
Well, the ISA part is extremely simple,...it is just a very simple striaght forward Non-Web Server Publishing Rule with External as the Source,..the IP of the Barracuda as the Target,...and the Protocol is "SMTP Server" (not the regular SMTP).  It is just that simple,...no more complex than that.

The Barracuda then has to be a SecureNAT Client of the ISA so the response packets follow the same path out that it came in on.

If it is not working after that then you have some other issues that go beyond the ISA.
0
 

Author Comment

by:gjcp
ID: 35343720
Well I guess my issues go beyond the forefront tmg server.  It is really frustrating since all the other rules work just fine.  You are right, the rule itself is simple, and works correctly on the old isa 2004 server. I have never experienced such a crazy problem and i have been at this for 20+ years!
0
 

Accepted Solution

by:
gjcp earned 0 total points
ID: 37456568
Turned out that it was actually a port problem on a switch.  We switched cables and everything started working
0
 

Author Closing Comment

by:gjcp
ID: 37478667
It turned out to be a faulty switch
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37456710
Ok, very good.  Glad to hear you got it worked out.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question