Solved

Setup TMG 2010

Posted on 2011-09-14
29
980 Views
Last Modified: 2012-05-12
I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
Also need to configure TMG so that exchange 2010 SAN certificate works properly.
Also need to allow rdp traffic to a particular server.
I am new to TMG,ISA. Any help would be much appreciated.
0
Comment
Question by:Malli Boppe
  • 14
  • 12
  • +2
29 Comments
 
LVL 6

Assisted Solution

by:Nagarajb
Nagarajb earned 50 total points
Comment Utility
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
I think you need to get trained on the product before installing it in the production environment.

Answers:

1. I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
TMG is by default works as proxy server on port 8080.

2. need to configure TMG so that exchange 2010 SAN certificate works properly.
Export the san certificate from Exchange server with the private key  and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

3.need to allow rdp traffic to a particular server.
Create a new computers objects with these servers IPs then create a rule from internal to those computers objects selceting Remote desktop protocol for all user.... but if these servers belongs to the  internal networking address range, no need to do anything on TMG.

0
 
LVL 6

Assisted Solution

by:infoplateform
infoplateform earned 100 total points
Comment Utility
Hello,

Hope that you are on same stage where i was but i think you should have ISA knowledge before learning ISA Server 2006 because ISA server 2006 is a basic MS Product anyhows i expect you that you have knowledge of ISA server 2006 so here is link for you (Very Basic) to learn


http://araihan.wordpress.com/2010/03/08/forefront-tmg-2010-how-to-install-and-configure-forefront-tmg-2010-step-by-step/


Regards,

Osama Mansoor

0
 
LVL 1

Assisted Solution

by:Kareem_ElBably
Kareem_ElBably earned 50 total points
Comment Utility
1- to stup TMG as a proxy check the below links
Part 1
Part2
2- to allow RDP traffic creat computer set with the particular server IP then create firewall rule to allow connection protcol RDP from and to your required servers
3- for configure TMG so that exchange 2010 SAN certificate works properly
Export the san certificate from Exchange server with the private key and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
Thanks guys

If I choose the network as edge topology can we later change it to  3-leg permiter
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Yes you can.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
but it is better to make a good network design to match your requirement before installing ISA.
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
Thanks Siliman
does TMG come in  32 bit and 64bit. I am trying to download 64 bit trail but can't find any where.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
I am not using AMD processor. for intel their is only 32 bit in the link that you posted.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
The 32 one is only the management console.
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
Thanks Suliman

Yesterday I started deploying TMG, installation went fine. Stragely I don't get option to pick up the topology its greyed out.
After couple of minutes I lost rdp access. ping wouldn't respond. I don't have console access. Can any one tell what could have happened.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
It could be that you changed the network topology and network relations between network entities. any wrong config there for sure will cause such issues.

it is recommended to configure network topology and relations using the console.

By default ISA/TMG configured as edge firewall (one internal network and everything else is external- except VPN and local host).

how are you trying to connect to the server ? externally  from the public ip ? or using vpn ?
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
I am conencting the server using rdp from the internal LAN.Let me explain to you in detail.
The server has lan network card with IP: 10.81.37.10/255.255.255.240 and out actual internal LAN for all server is 10.81.38.0-255 so in the internel networks I added 10.81.37.0-10.81.38.255. After that I lost the rdp connection.
Alos in the network card priority public NIc is on the top followed by the internal NIC. public NIC has default gateway and internal NIC doesn't have a gateway.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
are you trying to connect from internal range ?

do you have an access rule to allow rdp from internal to localhost ?
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
yesy I am trying to connect from internally.
I haven't setup any thing on TMG but it was all working before I installed TMG.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
If you setup TMG remotely it will add your IP address to the remote management group, so you can configure it.

please check if you client IP address changed ? if it is DHCP client .
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
Thanks for you patience
Sorry its static IP address. Weird thing is I can't even ping it. Could  that be TMG acting as a firewall and blocking every thing. I don't have console access to check what really happened .Probably would get some time today.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
emmmmmmmm

Please do the following, it could help to find out if the server is alive in the network:

from cmd:

1. arp -d * ( felete arp cache)
2. ping the server with IP
3. arp -a

If you found that the ip address is listed in arp table then the server is running, if not then the server is not reachable ( turned of of NIC problem)
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
And you are welcome :)

I am going to bed now , it is 3 AM here.

will post back tomorrow.
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
Thanks once again Siliman.
Will keep you updated.
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
thanks for the update.

So that solved the issue ?
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
no, Sorry I don't have good networking background
I am really confused whether to use edge firewall topology or 3-leg.
I struck the TMG server has 2 private NIC and one public NIC. Read some document about ISA andit said you can't use 3-leg if you don't have public IP for the permiter network.Is that ture.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
It depends...
whats your requirement ? what you are try to achieve ?

Usually, web server (apps) are installed in the permeter networks with a public IPs.
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
Is their going to be issues if I configure as edge topolgy
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 300 total points
Comment Utility
no issues, it is the most used topology.

By applying edge topology, you can secure you internal network by opening only the required ports, and also you can publish any web/non web servers ( Exchange services, Portal, web application or any tcp/udp port based service).
0
 
LVL 23

Author Comment

by:Malli Boppe
Comment Utility
Thanks Suliman
All working fine now
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
Most welcome !
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now