Ports required for TMG 2010

Dear All,

I’m planning to install TMG 2010 SP2 as a standalone array (2 servers) connected directly to the firewall.

I’ll use the TMG 2010 for everything almost (proxy, exchange publishing, shrepoint publishing, Lync, VPN … etc)

I would like to know what are the required ports that I have to open in the Cisco firewall which the TMG connect to directly.

Thanks
ACS2012Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
The obvious ones are TCP for ports 25, 80 and 443 inbound and outbound for internal web browsers going out and publishing internal Exchange and Sharepoint to external users (although you may decide not to let port 80 inbound unless you have a normal internal web site you want to make available). You will need multiple external ip addresses and each will need one or more of these ports associating with them. i.e. you will not be able to publish lync, exchange and sharepoint all over one ip address - it would be a nightmare.

You will need to decide which ports you want to use for the additional services you want to make available.
ACS2012Author Commented:
i have multiple public ip's, that's ok.

but i need to know the required ports for each service.
Jakob DigranesSenior ConsultantCommented:
as Keith says - most will need 80 and 443

then you must specify which services you want to deploy: All ports TCP
Lync will require one public IP - port: 443 (and possibly 80)
Exchange will require on public IP: port 80 and 443
sharepoint same ports..

proxy would be internal - i guess you mean web proxying from inside.
VPN - what service? SSL - port TCP443, pptp port TCP1723 (please don't use), IKE-UDP500

And for LYNC you need to deploy several other services directly on firewall (AV, SIP and Web Conference)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.