<div>
Thanks for your reply.<br />
<br />
My intentions are as follows :<br />
<br />
1. Build TMG as a VM server<br />
<br />
2. Export firewall rules from ISA<br />
<br />
3. Import firewall rules into TMG<br />
<br />
4. Turn off ISA server and take the IP addresses from ISA to the TMG server. This would prevent &nbsp;new firewall rules be implemented on the external facing firewall.<br />
<br />
Also, do I export the ISA configuration from the top Array site, we only have 1 array, or should it just be the rules. I have a feeling its the latter.
</div>


Thanks for your reply.

My intentions are as follows :

1. Build TMG as a VM server

2. Export firewall rules from ISA

3. Import firewall rules into TMG

4. Turn off ISA server and take the IP addresses from ISA to the TMG server. This would prevent  new firewall rules be implemented on the external facing firewall.

Also, do I export the ISA configuration from the top Array site, we only have 1 array, or should it just be the rules. I have a feeling its the latter.

<div>
Thanks for the points and glad it worked out.
</div>


Thanks for the points and glad it worked out.

<div>
<div class="content wysiwyg-content">
I have 2 ISA 2006 servers that are Windows NLB. &nbsp;I am going to decomm each server and replace them with 2 new virtual servers with TMG 2010.<br />
<br />
I need to do the migration with as little downtime as possible, therfore :<br />
<br />
1. Would it be posible to decomm one ISA and replace it with a TMG server while the other ISA box is still in production ?<br />
<br />
2. Can a TMG and ISA box work side by side ? Or would I have to decomm both ISA boxes and then power-up the two TMG boxes ?<br />
<br />
If anyone has any experience on ISA to TMG migrations into a production environment with little downtime, I'll br glad to hear from oyui.<br />
<br />
Thanks
</div>
</div>


I have 2 ISA 2006 servers that are Windows NLB.  I am going to decomm each server and replace them with 2 new virtual servers with TMG 2010.

I need to do the migration with as little downtime as possible, therfore :

1. Would it be posible to decomm one ISA and replace it with a TMG server while the other ISA box is still in production ?

2. Can a TMG and ISA box work side by side ? Or would I have to decomm both ISA boxes and then power-up the two TMG boxes ?

If anyone has any experience on ISA to TMG migrations into a production environment with little downtime, I'll br glad to hear from oyui.

Thanks

ISA 2006 to TMG 2010 Migration

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.

Microsoft Forefront ISA Server

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.