Solved

Ports required for TMG 2010

Posted on 2012-03-18
3
656 Views
Last Modified: 2012-04-01
Dear All,

I’m planning to install TMG 2010 SP2 as a standalone array (2 servers) connected directly to the firewall.

I’ll use the TMG 2010 for everything almost (proxy, exchange publishing, shrepoint publishing, Lync, VPN … etc)

I would like to know what are the required ports that I have to open in the Cisco firewall which the TMG connect to directly.

Thanks
0
Comment
Question by:ACS2012
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 37736531
The obvious ones are TCP for ports 25, 80 and 443 inbound and outbound for internal web browsers going out and publishing internal Exchange and Sharepoint to external users (although you may decide not to let port 80 inbound unless you have a normal internal web site you want to make available). You will need multiple external ip addresses and each will need one or more of these ports associating with them. i.e. you will not be able to publish lync, exchange and sharepoint all over one ip address - it would be a nightmare.

You will need to decide which ports you want to use for the additional services you want to make available.
0
 

Author Comment

by:ACS2012
ID: 37736603
i have multiple public ip's, that's ok.

but i need to know the required ports for each service.
0
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 37736649
as Keith says - most will need 80 and 443

then you must specify which services you want to deploy: All ports TCP
Lync will require one public IP - port: 443 (and possibly 80)
Exchange will require on public IP: port 80 and 443
sharepoint same ports..

proxy would be internal - i guess you mean web proxying from inside.
VPN - what service? SSL - port TCP443, pptp port TCP1723 (please don't use), IKE-UDP500

And for LYNC you need to deploy several other services directly on firewall (AV, SIP and Web Conference)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OWA through TMG 2010 3 674
TMG 2010 is not able access other network 3 200
Single NIC for http web publish rule - TMG 2 276
Email forensics? 6 239
There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question