Solved

Ports required for TMG 2010

Posted on 2012-03-18
3
655 Views
Last Modified: 2012-04-01
Dear All,

I’m planning to install TMG 2010 SP2 as a standalone array (2 servers) connected directly to the firewall.

I’ll use the TMG 2010 for everything almost (proxy, exchange publishing, shrepoint publishing, Lync, VPN … etc)

I would like to know what are the required ports that I have to open in the Cisco firewall which the TMG connect to directly.

Thanks
0
Comment
Question by:ACS2012
3 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 37736531
The obvious ones are TCP for ports 25, 80 and 443 inbound and outbound for internal web browsers going out and publishing internal Exchange and Sharepoint to external users (although you may decide not to let port 80 inbound unless you have a normal internal web site you want to make available). You will need multiple external ip addresses and each will need one or more of these ports associating with them. i.e. you will not be able to publish lync, exchange and sharepoint all over one ip address - it would be a nightmare.

You will need to decide which ports you want to use for the additional services you want to make available.
0
 

Author Comment

by:ACS2012
ID: 37736603
i have multiple public ip's, that's ok.

but i need to know the required ports for each service.
0
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 250 total points
ID: 37736649
as Keith says - most will need 80 and 443

then you must specify which services you want to deploy: All ports TCP
Lync will require one public IP - port: 443 (and possibly 80)
Exchange will require on public IP: port 80 and 443
sharepoint same ports..

proxy would be internal - i guess you mean web proxying from inside.
VPN - what service? SSL - port TCP443, pptp port TCP1723 (please don't use), IKE-UDP500

And for LYNC you need to deploy several other services directly on firewall (AV, SIP and Web Conference)
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question