Solved

TMG Migration to F5

Posted on 2013-11-06
1
2,610 Views
Last Modified: 2013-11-22
we are migrating our TMG infrastructure to F5. since F5 is still a bit new for us, i am tryin to collect as much info as i can:
does anyone have experience i that? are there any recommendations and best practices how to follow up? thx for help,
0
Comment
Question by:DukewillNukem
1 Comment
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39630106
TMG typically can be deployed for forward proxy having filter traffic going into the internet while F5 is normally a reverse proxy to balance and filter the internal server(s). Having said that, it is still possible for F5 (primarily LTM) to serves as forward proxy too, but need to check TMG rule of filtering and have it implemented in F5. IRule from F5 is the last resort if there is drilled down based on HTTP header or application content inspection etc. F5 has ASM too that is HTTP aware and acts as web application FW that is a good complement to F5 LTM...In short, the important thing is to ensure rules from TMg can be maintained w/o iRule where possible to maximise the buy and gain higher security protection with flexibility to add in modules such as ASM (web security checks) or APM (user access control)

There are quite a couple of collaterals to drill into but do consult the F5 principle and definitely this is not a new thing ...but maybe the below can kickstart some ideas

Overview - Securing MS appls
http://www.f5.com/pdf/white-papers/microsoft-threat-management-gateway-alternatives-white-paper.pdf

TMG2F5 Series: Publishing Microsoft Exchange Using F5
https://devcentral.f5.com/articles/tmg2f5-series-publishing-microsoft-exchange-using-f5

TMG2F5 Series: BIG-IP LTM as the Lync Reverse Proxy
https://devcentral.f5.com/articles/tmg2f5-series-big-ip-ltm-as-the-lync-reverse-proxy

Actually F5 also load balance TMG
http://www.f5.com/pdf/deployment-guides/microsoft-forefront-tmg-dg.pdf

However, if you still open to alternative as a whole...catch this
https://www.winsec.nl/2013/01/16/securing-edge-post-tmg-world/
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ipsec tunnel comme not up 10 116
ASA - RV130 VPN tunnel, cannot pass traffic 8 79
Draytek (Site to Site VPN using IPSec) 6 36
Cisco ASA blocks some https sites. 27 42
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question