Configuring TMG for Exchange 2010

I wonder if I need Microsoft TMG forefront  installed on EDGE Server.
I mean TMG or similar solutions.

In the past I have used GFI and installed it in on SMTP server in the DMZ to scan email for viruses before it get forwarded to the mailbox. that was in Exchange 2003.

Exchange 2010 has Edge Server, I am sure I can install GFI on it, but I am thinking what TMG  forefront  can do if I install it on the EDGE server.? or it has to be installed on a separate box on the DMZ where the Edge is installed?

I believe TMG forefront has anti virus/spam/malware functionalities as well as proxying.

Thank you
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sumit GuptaSystem and Virtualization EngineerCommented:
Forefront TMG enables you to protect your organization from spam, viruses and other e-mail-based threats. It does this by leveraging the mail protection provided by Forefront Protection 2010 for Exchange Server (FPES), and by utilizing the end-to-end mail relay service provided by Exchange Edge Transport server.

The steps needed to install Exchange 2010 and TMG on the same box:
jskfanAuthor Commented:
If I install TMG in Edge server , the TMG will be good just for Exchange functionalities.
If I am right TMG is used for other applications too, such as web servers, etc...

So, Is it possible to install TMG in 2 spearate loadbalanced windows boxes( loadbalnce +   High availability)? and configure anti spam on both servers (TMG as well as on Edge servers).
I guess it will be better to have 2 Edge servers (loadbalanced and High Availabilty), as well.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sumit GuptaSystem and Virtualization EngineerCommented:
I used TMG in very simple scenarios but I found a similar question on the link:

But for load balanced yes it will be better to have 2 edge servers.
The answer from other expert for this is:
In addition to your options, you can now have TMG and Edge 2010 on the same server.

I don't think I'd deploy NLB, though I'd consider hardware load balancing.  I don't even know if it's supported with TMG.  If you put TMG in front of Edge (on separate servers) you'd want to use a server farm instead of NLB for the Edge servers, I think.

There is one more post on this question and here the link for that:
jskfanAuthor Commented:
I know that Exchange Hub Transport serve0rs load balance themselves , they do not need Load Balancer. I wonder if Edge servers can Load balance themselves.

Regarding the TMG Implementation, can you please explain the way you put your hardware in the network ? Example:

External Firewall

2 Load Balancer (for traffic coming inside)
2 TMGs ( Please tell me whether the Anti-Virus and Anti Spam should be set up here or on the Edge servers)
2 Exchange Edge Servers (Please tell me whether the Anti-Virus and Anti Spam should be set up here or on the TMG)
2 other Load Balancer(for traffic going out)

2 or more Hub/CAS servers

2 or more Mailbox Servers

Elaboration on this question will be very much appreciated
jskfanAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.