?
Solved

Single NIC for http web publish rule - TMG

Posted on 2015-01-13
2
Medium Priority
?
315 Views
Last Modified: 2015-02-11
Hi discussion at work.

I suggest just 1 NIC for TMG  in DMZ is the most secure - We have an ASA firewall

Im been told that its more secure with 2 x NICs  - 1 dmz and 1 internal (im presuming internal means that (internal LAN) - then a NAT on the TMG

How is this more secure - is not "MORE" secure with just 1 NIC in the DMZ? - then publishing rule proxies the connection to inside LAN?
0
Comment
Question by:philb19
2 Comments
 
LVL 28

Assisted Solution

by:asavener
asavener earned 1000 total points
ID: 40547290
I'm not sure exactly what your setup is, or how you're trying to leverage the TMG server.  Can you provide a diagram?

Is the "DMZ" just an interface off of the ASA, and you also have an inside and an outside interface?

Internet
   |
ASA--DMZ
   |
Inside


Traditionally, I had the ISA/TMG server as a second firewall:

Internet
   |
ASA
   |
DMZ  (Considered the "inside" interface on the ASA)
   |
TMG
   |
Inside

IMO, the second topology provides additional security, because any internet traffic has to traverse two different firewall platforms to reach the inside network.  You also get to use the TMG as a proxy server for your internal clients.
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 1000 total points
ID: 40580918
You can't use TMG as a firewall with a single NIC, only proxy server.... so 2 NICs is more secure.
0

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question