Link to home
Start Free TrialLog in
Avatar of psanjoy
psanjoyFlag for United Arab Emirates

asked on

Pinging does not work from TMG/ISA server

I just installed  TMG 2010 with 2 NICs and created HOST entry of this TMG server on DC DNS.

For the internal, I configured IP add, SM, DNS and no DG.
For External, configured IP, SM and DG only.

But now I cant ping to Netbios of any member servers, But pinging via IP address.

could you pls provide me the solution
Avatar of mrworta
mrworta

You should not rely on netbios for name resolution. On a firewalling device this protocol is very likely blocked by default.

Are your member servers listed within the DC's DNS and does the TMG use the DNS service from the DC?
Please your question requires a little more explanation to be answered. Avoid using not common abbreviations ("IP add", "SM", "DG").
¿From where you ping?. ¿to whom?.
It seems you haven’t set your internal network. You need to add all ip ranges of your internal network. The NIC of the internal network of your ISA/TMG needs to have an IP set for ever subnet you have in your internal network unless there is a router in the middle of the firewall and the other subnet (in these case you will add a route in the OS of your firewall to announce this router).
ASKER CERTIFIED SOLUTION
Avatar of Keith Alabaster
Keith Alabaster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of psanjoy

ASKER

I removed the DNS settings from external NIC. Thanks for your comment.
You can close this case.
No problem. The issue is that by having DNS on the external nic as well, the TMG would have no control over WHICH dns entry to use (entry on the internal or entry on the external). If the TMg decided to use the DNS associated with the external nic then it would use an external DNS service that would have no knowledge of your NetBios-named internal servers.

If you want to you can look at my article on how to setup ISA or TMG at the basic level i.e. the pre-requisite steps before you even install the product.

https://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html
PS - some people feel uncomfortable leaving a blank DNS on the external nic so simply put the internal dns ip addresses on both the internal and external nic.

PPS - Just for my interest, apart from giving you the answer, what else would i have needed to have done to get an A rather than a B?