?
Solved

TMG Migration to F5

Posted on 2013-11-06
1
Medium Priority
?
2,764 Views
Last Modified: 2013-11-22
we are migrating our TMG infrastructure to F5. since F5 is still a bit new for us, i am tryin to collect as much info as i can:
does anyone have experience i that? are there any recommendations and best practices how to follow up? thx for help,
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 64

Accepted Solution

by:
btan earned 1500 total points
ID: 39630106
TMG typically can be deployed for forward proxy having filter traffic going into the internet while F5 is normally a reverse proxy to balance and filter the internal server(s). Having said that, it is still possible for F5 (primarily LTM) to serves as forward proxy too, but need to check TMG rule of filtering and have it implemented in F5. IRule from F5 is the last resort if there is drilled down based on HTTP header or application content inspection etc. F5 has ASM too that is HTTP aware and acts as web application FW that is a good complement to F5 LTM...In short, the important thing is to ensure rules from TMg can be maintained w/o iRule where possible to maximise the buy and gain higher security protection with flexibility to add in modules such as ASM (web security checks) or APM (user access control)

There are quite a couple of collaterals to drill into but do consult the F5 principle and definitely this is not a new thing ...but maybe the below can kickstart some ideas

Overview - Securing MS appls
http://www.f5.com/pdf/white-papers/microsoft-threat-management-gateway-alternatives-white-paper.pdf

TMG2F5 Series: Publishing Microsoft Exchange Using F5
https://devcentral.f5.com/articles/tmg2f5-series-publishing-microsoft-exchange-using-f5

TMG2F5 Series: BIG-IP LTM as the Lync Reverse Proxy
https://devcentral.f5.com/articles/tmg2f5-series-big-ip-ltm-as-the-lync-reverse-proxy

Actually F5 also load balance TMG
http://www.f5.com/pdf/deployment-guides/microsoft-forefront-tmg-dg.pdf

However, if you still open to alternative as a whole...catch this
https://www.winsec.nl/2013/01/16/securing-edge-post-tmg-world/
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month10 days, 22 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question