[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Setup TMG 2010

Posted on 2011-09-14
29
Medium Priority
?
1,005 Views
Last Modified: 2012-05-12
I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
Also need to configure TMG so that exchange 2010 SAN certificate works properly.
Also need to allow rdp traffic to a particular server.
I am new to TMG,ISA. Any help would be much appreciated.
0
Comment
Question by:Malli Boppe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 14
  • 12
  • +2
29 Comments
 
LVL 6

Assisted Solution

by:Nagarajb
Nagarajb earned 200 total points
ID: 36540758
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36541070
I think you need to get trained on the product before installing it in the production environment.

Answers:

1. I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
TMG is by default works as proxy server on port 8080.

2. need to configure TMG so that exchange 2010 SAN certificate works properly.
Export the san certificate from Exchange server with the private key  and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

3.need to allow rdp traffic to a particular server.
Create a new computers objects with these servers IPs then create a rule from internal to those computers objects selceting Remote desktop protocol for all user.... but if these servers belongs to the  internal networking address range, no need to do anything on TMG.

0
 
LVL 6

Assisted Solution

by:infoplateform
infoplateform earned 400 total points
ID: 36542124
Hello,

Hope that you are on same stage where i was but i think you should have ISA knowledge before learning ISA Server 2006 because ISA server 2006 is a basic MS Product anyhows i expect you that you have knowledge of ISA server 2006 so here is link for you (Very Basic) to learn


http://araihan.wordpress.com/2010/03/08/forefront-tmg-2010-how-to-install-and-configure-forefront-tmg-2010-step-by-step/


Regards,

Osama Mansoor

0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Assisted Solution

by:Kareem_ElBably
Kareem_ElBably earned 200 total points
ID: 36556255
1- to stup TMG as a proxy check the below links
Part 1
Part2
2- to allow RDP traffic creat computer set with the particular server IP then create firewall rule to allow connection protcol RDP from and to your required servers
3- for configure TMG so that exchange 2010 SAN certificate works properly
Export the san certificate from Exchange server with the private key and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.

0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36558437
Thanks guys

If I choose the network as edge topology can we later change it to  3-leg permiter
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36558450
Yes you can.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36558455
but it is better to make a good network design to match your requirement before installing ISA.
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36558457
Thanks Siliman
does TMG come in  32 bit and 64bit. I am trying to download 64 bit trail but can't find any where.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36558462
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36558476
I am not using AMD processor. for intel their is only 32 bit in the link that you posted.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36558571
The 32 one is only the management console.
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36563979
Thanks Suliman

Yesterday I started deploying TMG, installation went fine. Stragely I don't get option to pick up the topology its greyed out.
After couple of minutes I lost rdp access. ping wouldn't respond. I don't have console access. Can any one tell what could have happened.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36564012
It could be that you changed the network topology and network relations between network entities. any wrong config there for sure will cause such issues.

it is recommended to configure network topology and relations using the console.

By default ISA/TMG configured as edge firewall (one internal network and everything else is external- except VPN and local host).

how are you trying to connect to the server ? externally  from the public ip ? or using vpn ?
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36564032
I am conencting the server using rdp from the internal LAN.Let me explain to you in detail.
The server has lan network card with IP: 10.81.37.10/255.255.255.240 and out actual internal LAN for all server is 10.81.38.0-255 so in the internel networks I added 10.81.37.0-10.81.38.255. After that I lost the rdp connection.
Alos in the network card priority public NIc is on the top followed by the internal NIC. public NIC has default gateway and internal NIC doesn't have a gateway.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36564067
are you trying to connect from internal range ?

do you have an access rule to allow rdp from internal to localhost ?
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36564080
yesy I am trying to connect from internally.
I haven't setup any thing on TMG but it was all working before I installed TMG.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36564091
If you setup TMG remotely it will add your IP address to the remote management group, so you can configure it.

please check if you client IP address changed ? if it is DHCP client .
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36564107
Thanks for you patience
Sorry its static IP address. Weird thing is I can't even ping it. Could  that be TMG acting as a firewall and blocking every thing. I don't have console access to check what really happened .Probably would get some time today.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36564163
emmmmmmmm

Please do the following, it could help to find out if the server is alive in the network:

from cmd:

1. arp -d * ( felete arp cache)
2. ping the server with IP
3. arp -a

If you found that the ip address is listed in arp table then the server is running, if not then the server is not reachable ( turned of of NIC problem)
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36564168
And you are welcome :)

I am going to bed now , it is 3 AM here.

will post back tomorrow.
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36564195
Thanks once again Siliman.
Will keep you updated.
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36564722
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36565021
thanks for the update.

So that solved the issue ?
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36565074
no, Sorry I don't have good networking background
I am really confused whether to use edge firewall topology or 3-leg.
I struck the TMG server has 2 private NIC and one public NIC. Read some document about ISA andit said you can't use 3-leg if you don't have public IP for the permiter network.Is that ture.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36565107
It depends...
whats your requirement ? what you are try to achieve ?

Usually, web server (apps) are installed in the permeter networks with a public IPs.
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36565123
Is their going to be issues if I configure as edge topolgy
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 1200 total points
ID: 36565275
no issues, it is the most used topology.

By applying edge topology, you can secure you internal network by opening only the required ports, and also you can publish any web/non web servers ( Exchange services, Portal, web application or any tcp/udp port based service).
0
 
LVL 23

Author Comment

by:Malli Boppe
ID: 36570742
Thanks Suliman
All working fine now
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36571747
Most welcome !
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question