[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1008
  • Last Modified:

Setup TMG 2010

I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
Also need to configure TMG so that exchange 2010 SAN certificate works properly.
Also need to allow rdp traffic to a particular server.
I am new to TMG,ISA. Any help would be much appreciated.
0
Malli Boppe
Asked:
Malli Boppe
  • 14
  • 12
  • +2
4 Solutions
 
Suliman Abu KharroubIT Consultant Commented:
I think you need to get trained on the product before installing it in the production environment.

Answers:

1. I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
TMG is by default works as proxy server on port 8080.

2. need to configure TMG so that exchange 2010 SAN certificate works properly.
Export the san certificate from Exchange server with the private key  and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

3.need to allow rdp traffic to a particular server.
Create a new computers objects with these servers IPs then create a rule from internal to those computers objects selceting Remote desktop protocol for all user.... but if these servers belongs to the  internal networking address range, no need to do anything on TMG.

0
 
infoplateformCommented:
Hello,

Hope that you are on same stage where i was but i think you should have ISA knowledge before learning ISA Server 2006 because ISA server 2006 is a basic MS Product anyhows i expect you that you have knowledge of ISA server 2006 so here is link for you (Very Basic) to learn


http://araihan.wordpress.com/2010/03/08/forefront-tmg-2010-how-to-install-and-configure-forefront-tmg-2010-step-by-step/


Regards,

Osama Mansoor

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Kareem_ElBablyCommented:
1- to stup TMG as a proxy check the below links
Part 1
Part2
2- to allow RDP traffic creat computer set with the particular server IP then create firewall rule to allow connection protcol RDP from and to your required servers
3- for configure TMG so that exchange 2010 SAN certificate works properly
Export the san certificate from Exchange server with the private key and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

0
 
Malli BoppeAuthor Commented:
Thanks guys

If I choose the network as edge topology can we later change it to  3-leg permiter
0
 
Suliman Abu KharroubIT Consultant Commented:
Yes you can.
0
 
Suliman Abu KharroubIT Consultant Commented:
but it is better to make a good network design to match your requirement before installing ISA.
0
 
Malli BoppeAuthor Commented:
Thanks Siliman
does TMG come in  32 bit and 64bit. I am trying to download 64 bit trail but can't find any where.
0
 
Suliman Abu KharroubIT Consultant Commented:
0
 
Malli BoppeAuthor Commented:
I am not using AMD processor. for intel their is only 32 bit in the link that you posted.
0
 
Suliman Abu KharroubIT Consultant Commented:
The 32 one is only the management console.
0
 
Malli BoppeAuthor Commented:
Thanks Suliman

Yesterday I started deploying TMG, installation went fine. Stragely I don't get option to pick up the topology its greyed out.
After couple of minutes I lost rdp access. ping wouldn't respond. I don't have console access. Can any one tell what could have happened.
0
 
Suliman Abu KharroubIT Consultant Commented:
It could be that you changed the network topology and network relations between network entities. any wrong config there for sure will cause such issues.

it is recommended to configure network topology and relations using the console.

By default ISA/TMG configured as edge firewall (one internal network and everything else is external- except VPN and local host).

how are you trying to connect to the server ? externally  from the public ip ? or using vpn ?
0
 
Malli BoppeAuthor Commented:
I am conencting the server using rdp from the internal LAN.Let me explain to you in detail.
The server has lan network card with IP: 10.81.37.10/255.255.255.240 and out actual internal LAN for all server is 10.81.38.0-255 so in the internel networks I added 10.81.37.0-10.81.38.255. After that I lost the rdp connection.
Alos in the network card priority public NIc is on the top followed by the internal NIC. public NIC has default gateway and internal NIC doesn't have a gateway.
0
 
Suliman Abu KharroubIT Consultant Commented:
are you trying to connect from internal range ?

do you have an access rule to allow rdp from internal to localhost ?
0
 
Malli BoppeAuthor Commented:
yesy I am trying to connect from internally.
I haven't setup any thing on TMG but it was all working before I installed TMG.
0
 
Suliman Abu KharroubIT Consultant Commented:
If you setup TMG remotely it will add your IP address to the remote management group, so you can configure it.

please check if you client IP address changed ? if it is DHCP client .
0
 
Malli BoppeAuthor Commented:
Thanks for you patience
Sorry its static IP address. Weird thing is I can't even ping it. Could  that be TMG acting as a firewall and blocking every thing. I don't have console access to check what really happened .Probably would get some time today.
0
 
Suliman Abu KharroubIT Consultant Commented:
emmmmmmmm

Please do the following, it could help to find out if the server is alive in the network:

from cmd:

1. arp -d * ( felete arp cache)
2. ping the server with IP
3. arp -a

If you found that the ip address is listed in arp table then the server is running, if not then the server is not reachable ( turned of of NIC problem)
0
 
Suliman Abu KharroubIT Consultant Commented:
And you are welcome :)

I am going to bed now , it is 3 AM here.

will post back tomorrow.
0
 
Malli BoppeAuthor Commented:
Thanks once again Siliman.
Will keep you updated.
0
 
Suliman Abu KharroubIT Consultant Commented:
thanks for the update.

So that solved the issue ?
0
 
Malli BoppeAuthor Commented:
no, Sorry I don't have good networking background
I am really confused whether to use edge firewall topology or 3-leg.
I struck the TMG server has 2 private NIC and one public NIC. Read some document about ISA andit said you can't use 3-leg if you don't have public IP for the permiter network.Is that ture.
0
 
Suliman Abu KharroubIT Consultant Commented:
It depends...
whats your requirement ? what you are try to achieve ?

Usually, web server (apps) are installed in the permeter networks with a public IPs.
0
 
Malli BoppeAuthor Commented:
Is their going to be issues if I configure as edge topolgy
0
 
Suliman Abu KharroubIT Consultant Commented:
no issues, it is the most used topology.

By applying edge topology, you can secure you internal network by opening only the required ports, and also you can publish any web/non web servers ( Exchange services, Portal, web application or any tcp/udp port based service).
0
 
Malli BoppeAuthor Commented:
Thanks Suliman
All working fine now
0
 
Suliman Abu KharroubIT Consultant Commented:
Most welcome !
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 14
  • 12
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now