Solved

Microsoft forefront TMZ 2010 in a bridgemode

Posted on 2012-03-17
7
1,158 Views
Last Modified: 2012-03-20
Hi,
Can Microsoft forefront TMZ 2010 be installed in a bridged mode behind a cisco 2911 router? i.e In this scenario the TMZ 2010 has 2 NICs one external (no IP) and one internal (with internal IP)
Router cisco 2911.....to....>>>External NIC of TMZ2010 with no IP......to...>>>Internal NIC of TMZ with IP...........to.........>>>>>the LAN switch......>>>>>USERS.
My purpose is to test TMZ 2010 with minimal configuration on my network while TMZ sees all the traffic.
Help, please correct the above physical layout if required.
Thanks
0
Comment
Question by:amanzoor
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
No - not supported, sorry.
0
 
LVL 4

Author Comment

by:amanzoor
Comment Utility
Keith,
Then please let me know if I have to put both NICs coming out of TMZ 2010 into the switch? or what will be the physical layout in the above mentioned scenario?
Thanks
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
The TMG is a firewall so one nic will go the the internal switch and be given an internal IP address. The other nic will be the external one and will need to be on a different subnet to the internal network which will require you to change the internal IP of the Cisco.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 4

Author Comment

by:amanzoor
Comment Utility
Keith:
At the moment I have 2 subnets '10.10.10.0/24 and '10.10.2.0/24', on my cisco 2911 router I have already assigned two internal IPs for it i.e 10.10.10.254 and 10.10.2.254' I will assign the internal IP to the internal NIC of the TMZ server say '10.10.10.6', for its External NIC I will assign '10.10.2.6' Is this good?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
Comment Utility
Internet ASA NIC 1.1.1.1
           ASA
Internal ASA Nic 10.10.2.x /24
         |
    DMZ Area using 10.10.2.abc subnet
         |
 TMG external NIC 10.10.2.z  /24
           TMG
  TMG internal NIC 10.10.10.y  /24
         |
         |
   Internal LAN using 10.10.10.def subnet

This is the way it has to be.
0
 
LVL 4

Author Comment

by:amanzoor
Comment Utility
keith,
Let me clarify the scenario, I do not have any permiter network (all the eggs in one basket).  Basically Cisco 2911 is an IOS firewall, and its internal interface has two IP addresses (10.10.10.0/24 and 10.10.2.0/24) and all of my servers and clients run from within these 2 subnets, these two subnets are internal subnets.  Now please guide if I still have to assign 10.10.2.z/24 to the external interface of the TMZ?  appreciate.
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
Comment Utility
Understood - I have been Cisco qualified on their switching and routing track plus their security track for over 10 years.

Obviously we are not communicating too well or I am not guiding appropriately - not sure which.

The bottom line here is that you MUST have a different subnet on both of TMG's network cards. You are suggesting placing a 10.10.2.x address on one nic and a 10.10.10.x address on the other - at least that is what I am understanding from your posts. This cannot be done because both of these subnets are already connected to the Cisco unit - you state that the Cisco has two ip's on its internal nic.

There must be a total seperation between the subnets that are on the outside of TMG and ANY subnets which will form the internal network.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now