Solved

Microsoft forefront TMZ 2010 in a bridgemode

Posted on 2012-03-17
7
1,176 Views
Last Modified: 2012-03-20
Hi,
Can Microsoft forefront TMZ 2010 be installed in a bridged mode behind a cisco 2911 router? i.e In this scenario the TMZ 2010 has 2 NICs one external (no IP) and one internal (with internal IP)
Router cisco 2911.....to....>>>External NIC of TMZ2010 with no IP......to...>>>Internal NIC of TMZ with IP...........to.........>>>>>the LAN switch......>>>>>USERS.
My purpose is to test TMZ 2010 with minimal configuration on my network while TMZ sees all the traffic.
Help, please correct the above physical layout if required.
Thanks
0
Comment
Question by:amanzoor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37734287
No - not supported, sorry.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37734847
Keith,
Then please let me know if I have to put both NICs coming out of TMZ 2010 into the switch? or what will be the physical layout in the above mentioned scenario?
Thanks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37734938
The TMG is a firewall so one nic will go the the internal switch and be given an internal IP address. The other nic will be the external one and will need to be on a different subnet to the internal network which will require you to change the internal IP of the Cisco.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Author Comment

by:amanzoor
ID: 37735783
Keith:
At the moment I have 2 subnets '10.10.10.0/24 and '10.10.2.0/24', on my cisco 2911 router I have already assigned two internal IPs for it i.e 10.10.10.254 and 10.10.2.254' I will assign the internal IP to the internal NIC of the TMZ server say '10.10.10.6', for its External NIC I will assign '10.10.2.6' Is this good?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 37736480
Internet ASA NIC 1.1.1.1
           ASA
Internal ASA Nic 10.10.2.x /24
         |
    DMZ Area using 10.10.2.abc subnet
         |
 TMG external NIC 10.10.2.z  /24
           TMG
  TMG internal NIC 10.10.10.y  /24
         |
         |
   Internal LAN using 10.10.10.def subnet

This is the way it has to be.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37737334
keith,
Let me clarify the scenario, I do not have any permiter network (all the eggs in one basket).  Basically Cisco 2911 is an IOS firewall, and its internal interface has two IP addresses (10.10.10.0/24 and 10.10.2.0/24) and all of my servers and clients run from within these 2 subnets, these two subnets are internal subnets.  Now please guide if I still have to assign 10.10.2.z/24 to the external interface of the TMZ?  appreciate.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 37737453
Understood - I have been Cisco qualified on their switching and routing track plus their security track for over 10 years.

Obviously we are not communicating too well or I am not guiding appropriately - not sure which.

The bottom line here is that you MUST have a different subnet on both of TMG's network cards. You are suggesting placing a 10.10.2.x address on one nic and a 10.10.10.x address on the other - at least that is what I am understanding from your posts. This cannot be done because both of these subnets are already connected to the Cisco unit - you state that the Cisco has two ip's on its internal nic.

There must be a total seperation between the subnets that are on the outside of TMG and ANY subnets which will form the internal network.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question