Forefront TMG 2010 Firewall Replacement
Posted on 2013-10-07
We're currently using Forefront TMG 2010 for the 'Firewall Policy' feature only. I'd like to move to something that's going to be developed on (Microsoft announced they are mothballing Forefront).
I wanted to provide an explanation of what we use it for perhaps someone can guide us to a better solution.
1. We have limited external (public) IP addresses, but many internal resources that need to be made available externally.
2. On GoDaddy DNS, we've created DNS entries for our systems -- all tied to one external IP address.
3. On our Cisco Meraki firewall, we've created a 1:1 NAT rule that any traffic on selected ports (generally port 80) directed towards that external IP address assigned to our network should get routed to 10.0.0.XXX on our internal network.
4. At the 10.0.0.XXX address internally, we've installed Forefront that then routes traffic to/from different systems. e.g.:
sandbox1.domain.com is 10.0.0.50
sandbox2.domain.com is 10.0.0.51
sandbox3.domain.com is 10.0.0.52
That way, if some externally requests sandbox1.domain.com, the site is up and available.
I'm looking for a new way of solving #4 above.