Setup TMG 2010

I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
Also need to configure TMG so that exchange 2010 SAN certificate works properly.
Also need to allow rdp traffic to a particular server.
I am new to TMG,ISA. Any help would be much appreciated.
LVL 23
Malli BoppeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Suliman Abu KharroubIT Consultant Commented:
I think you need to get trained on the product before installing it in the production environment.

Answers:

1. I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
TMG is by default works as proxy server on port 8080.

2. need to configure TMG so that exchange 2010 SAN certificate works properly.
Export the san certificate from Exchange server with the private key  and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

3.need to allow rdp traffic to a particular server.
Create a new computers objects with these servers IPs then create a rule from internal to those computers objects selceting Remote desktop protocol for all user.... but if these servers belongs to the  internal networking address range, no need to do anything on TMG.

infoplateformCommented:
Hello,

Hope that you are on same stage where i was but i think you should have ISA knowledge before learning ISA Server 2006 because ISA server 2006 is a basic MS Product anyhows i expect you that you have knowledge of ISA server 2006 so here is link for you (Very Basic) to learn


http://araihan.wordpress.com/2010/03/08/forefront-tmg-2010-how-to-install-and-configure-forefront-tmg-2010-step-by-step/


Regards,

Osama Mansoor

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Kareem_ElBablyCommented:
1- to stup TMG as a proxy check the below links
Part 1
Part2
2- to allow RDP traffic creat computer set with the particular server IP then create firewall rule to allow connection protcol RDP from and to your required servers
3- for configure TMG so that exchange 2010 SAN certificate works properly
Export the san certificate from Exchange server with the private key and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

Malli BoppeAuthor Commented:
Thanks guys

If I choose the network as edge topology can we later change it to  3-leg permiter
Suliman Abu KharroubIT Consultant Commented:
Yes you can.
Suliman Abu KharroubIT Consultant Commented:
but it is better to make a good network design to match your requirement before installing ISA.
Malli BoppeAuthor Commented:
Thanks Siliman
does TMG come in  32 bit and 64bit. I am trying to download 64 bit trail but can't find any where.
Suliman Abu KharroubIT Consultant Commented:
Malli BoppeAuthor Commented:
I am not using AMD processor. for intel their is only 32 bit in the link that you posted.
Suliman Abu KharroubIT Consultant Commented:
The 32 one is only the management console.
Malli BoppeAuthor Commented:
Thanks Suliman

Yesterday I started deploying TMG, installation went fine. Stragely I don't get option to pick up the topology its greyed out.
After couple of minutes I lost rdp access. ping wouldn't respond. I don't have console access. Can any one tell what could have happened.
Suliman Abu KharroubIT Consultant Commented:
It could be that you changed the network topology and network relations between network entities. any wrong config there for sure will cause such issues.

it is recommended to configure network topology and relations using the console.

By default ISA/TMG configured as edge firewall (one internal network and everything else is external- except VPN and local host).

how are you trying to connect to the server ? externally  from the public ip ? or using vpn ?
Malli BoppeAuthor Commented:
I am conencting the server using rdp from the internal LAN.Let me explain to you in detail.
The server has lan network card with IP: 10.81.37.10/255.255.255.240 and out actual internal LAN for all server is 10.81.38.0-255 so in the internel networks I added 10.81.37.0-10.81.38.255. After that I lost the rdp connection.
Alos in the network card priority public NIc is on the top followed by the internal NIC. public NIC has default gateway and internal NIC doesn't have a gateway.
Suliman Abu KharroubIT Consultant Commented:
are you trying to connect from internal range ?

do you have an access rule to allow rdp from internal to localhost ?
Malli BoppeAuthor Commented:
yesy I am trying to connect from internally.
I haven't setup any thing on TMG but it was all working before I installed TMG.
Suliman Abu KharroubIT Consultant Commented:
If you setup TMG remotely it will add your IP address to the remote management group, so you can configure it.

please check if you client IP address changed ? if it is DHCP client .
Malli BoppeAuthor Commented:
Thanks for you patience
Sorry its static IP address. Weird thing is I can't even ping it. Could  that be TMG acting as a firewall and blocking every thing. I don't have console access to check what really happened .Probably would get some time today.
Suliman Abu KharroubIT Consultant Commented:
emmmmmmmm

Please do the following, it could help to find out if the server is alive in the network:

from cmd:

1. arp -d * ( felete arp cache)
2. ping the server with IP
3. arp -a

If you found that the ip address is listed in arp table then the server is running, if not then the server is not reachable ( turned of of NIC problem)
Suliman Abu KharroubIT Consultant Commented:
And you are welcome :)

I am going to bed now , it is 3 AM here.

will post back tomorrow.
Malli BoppeAuthor Commented:
Thanks once again Siliman.
Will keep you updated.
Suliman Abu KharroubIT Consultant Commented:
thanks for the update.

So that solved the issue ?
Malli BoppeAuthor Commented:
no, Sorry I don't have good networking background
I am really confused whether to use edge firewall topology or 3-leg.
I struck the TMG server has 2 private NIC and one public NIC. Read some document about ISA andit said you can't use 3-leg if you don't have public IP for the permiter network.Is that ture.
Suliman Abu KharroubIT Consultant Commented:
It depends...
whats your requirement ? what you are try to achieve ?

Usually, web server (apps) are installed in the permeter networks with a public IPs.
Malli BoppeAuthor Commented:
Is their going to be issues if I configure as edge topolgy
Suliman Abu KharroubIT Consultant Commented:
no issues, it is the most used topology.

By applying edge topology, you can secure you internal network by opening only the required ports, and also you can publish any web/non web servers ( Exchange services, Portal, web application or any tcp/udp port based service).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Malli BoppeAuthor Commented:
Thanks Suliman
All working fine now
Suliman Abu KharroubIT Consultant Commented:
Most welcome !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.