Solved

Microsoft forefront TMZ 2010 in a bridgemode

Posted on 2012-03-17
7
1,164 Views
Last Modified: 2012-03-20
Hi,
Can Microsoft forefront TMZ 2010 be installed in a bridged mode behind a cisco 2911 router? i.e In this scenario the TMZ 2010 has 2 NICs one external (no IP) and one internal (with internal IP)
Router cisco 2911.....to....>>>External NIC of TMZ2010 with no IP......to...>>>Internal NIC of TMZ with IP...........to.........>>>>>the LAN switch......>>>>>USERS.
My purpose is to test TMZ 2010 with minimal configuration on my network while TMZ sees all the traffic.
Help, please correct the above physical layout if required.
Thanks
0
Comment
Question by:amanzoor
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37734287
No - not supported, sorry.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37734847
Keith,
Then please let me know if I have to put both NICs coming out of TMZ 2010 into the switch? or what will be the physical layout in the above mentioned scenario?
Thanks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37734938
The TMG is a firewall so one nic will go the the internal switch and be given an internal IP address. The other nic will be the external one and will need to be on a different subnet to the internal network which will require you to change the internal IP of the Cisco.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 4

Author Comment

by:amanzoor
ID: 37735783
Keith:
At the moment I have 2 subnets '10.10.10.0/24 and '10.10.2.0/24', on my cisco 2911 router I have already assigned two internal IPs for it i.e 10.10.10.254 and 10.10.2.254' I will assign the internal IP to the internal NIC of the TMZ server say '10.10.10.6', for its External NIC I will assign '10.10.2.6' Is this good?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37736480
Internet ASA NIC 1.1.1.1
           ASA
Internal ASA Nic 10.10.2.x /24
         |
    DMZ Area using 10.10.2.abc subnet
         |
 TMG external NIC 10.10.2.z  /24
           TMG
  TMG internal NIC 10.10.10.y  /24
         |
         |
   Internal LAN using 10.10.10.def subnet

This is the way it has to be.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37737334
keith,
Let me clarify the scenario, I do not have any permiter network (all the eggs in one basket).  Basically Cisco 2911 is an IOS firewall, and its internal interface has two IP addresses (10.10.10.0/24 and 10.10.2.0/24) and all of my servers and clients run from within these 2 subnets, these two subnets are internal subnets.  Now please guide if I still have to assign 10.10.2.z/24 to the external interface of the TMZ?  appreciate.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37737453
Understood - I have been Cisco qualified on their switching and routing track plus their security track for over 10 years.

Obviously we are not communicating too well or I am not guiding appropriately - not sure which.

The bottom line here is that you MUST have a different subnet on both of TMG's network cards. You are suggesting placing a 10.10.2.x address on one nic and a 10.10.10.x address on the other - at least that is what I am understanding from your posts. This cannot be done because both of these subnets are already connected to the Cisco unit - you state that the Cisco has two ip's on its internal nic.

There must be a total seperation between the subnets that are on the outside of TMG and ANY subnets which will form the internal network.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question