I have ask for help on another question awhile back but got pulled away from the project now I am refereshing my memory and need help. I need help with figuring out first the ACTIVE Directory Roles and forest /domains on setup of Forefront Threat Management Gateway Firewall.
(((First yes I know TMG 2010 has been deprecated but it is all I have to work with due to budget constraints)))
I have 2 servers, 2 PC's and the wireless router for laptops / iphones for the Internal LAN.
I have 3 servers hosting: Lync, Share Team and most importantly Exchange. which are kind the outside. External LAN
All need to be behind the firewall:
There all on the same subnet Internally - They all have the ability of external IP address on NIC2 which of course is leaving them wide open to the world so They are disabled and used for testing only.
Just to restate the setup:
Firewall: MS forefront TMG 2010 on Windows 2008 R2 with 2 NICS
What is behind the firewall;
Server001: MS Server 2012 / Exchange 2013 / Domain Controller: Geek001
Server002: MS Server 2012/ Lync 2013 / Domain Controller: Geek002
Server003: MS Server 2012/ Share Team 2013 / Domain Controller: Geek003
Server004: MS Server 2012/ Web Only IIS8.0 / Domain Controller: Geek004
Server005: MS Server 2012/ Office Server / Domain Controller: Geek005
PC's, Laptop's, and other devices...
Since I don't want it in Work Group Mode and it needs to be added to a domain controller:
I have to have a domain controller for it to attach to: I need to figure out the forest domain structure for the external - Internally I understand but this will make it a 2 part questions in setting up domains in the same forest with different domains so they have 2 way trusts?
I need help with the understand of getting the TMG 2010 FW installed and up and running so there is more protection in house right now I am embarrassed to say!!!
So I am guessing I am guessing I will have to make TMG part of Geek005 domain but how it affect the other domains and other users... Other servers will all be web based access and the PC's will be tied to the Geek005 server??
I need to start the install of TMG because its not secured here and I need the NAT of the 5 static IP address to be sent Thur the firewall... Is Share Team 2013 work OK with TMG 2010??? I am needing the TMG 2010 to be friendly with Share Team, Lync and Exchange all running 2013 software,
PS: I know setting up DMZ with second TMG 2010 but I also will have to make some machine do dual roles...
Thanks for any and all help...