• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

Single NIC for http web publish rule - TMG

Hi discussion at work.

I suggest just 1 NIC for TMG  in DMZ is the most secure - We have an ASA firewall

Im been told that its more secure with 2 x NICs  - 1 dmz and 1 internal (im presuming internal means that (internal LAN) - then a NAT on the TMG

How is this more secure - is not "MORE" secure with just 1 NIC in the DMZ? - then publishing rule proxies the connection to inside LAN?
0
philb19
Asked:
philb19
2 Solutions
 
asavenerCommented:
I'm not sure exactly what your setup is, or how you're trying to leverage the TMG server.  Can you provide a diagram?

Is the "DMZ" just an interface off of the ASA, and you also have an inside and an outside interface?

Internet
   |
ASA--DMZ
   |
Inside


Traditionally, I had the ISA/TMG server as a second firewall:

Internet
   |
ASA
   |
DMZ  (Considered the "inside" interface on the ASA)
   |
TMG
   |
Inside

IMO, the second topology provides additional security, because any internet traffic has to traverse two different firewall platforms to reach the inside network.  You also get to use the TMG as a proxy server for your internal clients.
0
 
Suliman Abu KharroubIT Consultant Commented:
You can't use TMG as a firewall with a single NIC, only proxy server.... so 2 NICs is more secure.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now