• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TMG 2010 KB 980674 when to apply?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG 2010 KB 980674 when to apply? Page: [1]
Login
Message << Older Topic   Newer Topic >>
TMG 2010 KB 980674 when to apply? - 16.Jun.2010 8:53:20 AM   
mjgraves@tisecurity.

 

Posts: 73
Joined: 19.Jun.2006
Status: offline
I am implementing 2 TMGs in a standalone array.  I am having some NLB issues that have been discussed in other posts (RPC errors in NLB manager and connections failing afer adding second TMG). It appears KB980674 is designed to address some NLB intergration issues, even beyond VPN (which I am not using).

Since I just got started with testing these, I am going to remove and re-install TMG.  Should I apply this before or after installling TMG, or does it not matter?

Thanks,

_____________________________

Mark
Post #: 1
RE: TMG 2010 KB 980674 when to apply? - 16.Jun.2010 10:00:48 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Apply to all TMG deployments that will use NLB.

Apply the update once TMG has been installed...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to mjgraves@tisecurity.)
Post #: 2
RE: TMG 2010 KB 980674 when to apply? - 16.Jun.2010 10:30:16 AM   
mjgraves@tisecurity.

 

Posts: 73
Joined: 19.Jun.2006
Status: offline
Hi Jason,
Thanks for the quick reply. I will do that shortly.  Your "Closer to the Edge" blog has been a big help.

Regards,
Mark

(in reply to Jason Jones)
Post #: 3
RE: TMG 2010 KB 980674 when to apply? - 16.Jun.2010 10:46:33 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Cool

Thanks for the feedback...you like the new look? ;)

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to mjgraves@tisecurity.)
Post #: 4
RE: TMG 2010 KB 980674 when to apply? - 16.Jun.2010 12:10:04 PM   
mjgraves@tisecurity.

 

Posts: 73
Joined: 19.Jun.2006
Status: offline
Jason,
Yes, it is nice. I have also acquired a copy of  the Microsoft book "Forefront Management Gateway Administrator's Companion" to which Tom Shinder is a contributor. It has been helpful, as well.

Regards,
Mark

(in reply to Jason Jones)
Post #: 5
RE: TMG 2010 KB 980674 when to apply? - 16.Jun.2010 12:12:59 PM   
mjgraves@tisecurity.

 

Posts: 73
Joined: 19.Jun.2006
Status: offline
To start clean on this new install, I am going to uninstall TMG on each server, reboot servers, install TMG on server1, apply patch, configure TMG on server 1, test a couple of publishing rules.

Then install TMG on server2, apply patch, finish configuring server2, join to array with server1.

I also plan to configure the intra-array communication to use the private network between servers (as you described in another post).

Thanks,
Mark

(in reply to Jason Jones)
Post #: 6
RE: TMG 2010 KB 980674 when to apply? - 16.Jun.2010 2:38:47 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Cool, good luck!

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to mjgraves@tisecurity.)
Post #: 7
RE: TMG 2010 KB 980674 when to apply? - 17.Jun.2010 8:00:26 AM   
mjgraves@tisecurity.

 

Posts: 73
Joined: 19.Jun.2006
Status: offline
Jason,
I have a couple more quick questions.
1. Should I configure the intra-array network on TMG01 before I install TMG on TMG02 and attempt to join it to the array? I want the intra-arrya communication to use the private network between TMGs. I am following your blog article on the how to.
2. I see a warning when enabling NLB that if a network is not truly "external" NLB should not be enabled.  My ISA 2006 array is doing this on the DMZ interface behind a border firewall. Can I also do this with the TMG?  The interface into which come connections from the Internet is on my DMZ, but needs to use NLB. Again, this works fine on my ISA 2006 array and I wish to do the same on the TMG array.

Thanks for your help.

Regards,
Mark

(in reply to Jason Jones)
Post #: 8
RE: TMG 2010 KB 980674 when to apply? - 18.Jun.2010 5:58:23 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
A1: I think you can do it either way around, but doing the array join first, then creating the intra-array network now seems a bit more logical. You can then define the intra-array IP addresses for each node, from the array manager.

A2: Not quite sure what error you mean, but yep, NLB is fine on an external interface that is not actually directly Internet connected.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to mjgraves@tisecurity.)
Post #: 9
RE: TMG 2010 KB 980674 when to apply? - 22.Jun.2010 3:24:13 PM   
mjgraves@tisecurity.

 

Posts: 73
Joined: 19.Jun.2006
Status: offline
Hi Jason,
I just finished doing the steps I asked you about, and the TMGs are stable and working.  Your input was key along with reading most of the TMG Administrator's Companion (excellent source).

I also disabled IPV6 on the NICs as I was concerned about unneeded services running on them.

Netmon 3.3 has also been helpful to verify communication.

Now that the TMG array is stable and connections are working, I can do further testing for securing the applications.

Thanks again for your gracious and timely help.

Regards,
Mark

(in reply to Jason Jones)
Post #: 10
RE: TMG 2010 KB 980674 when to apply? - 23.Jun.2010 3:49:39 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
No problem.

Be aware that disabling IPv6 will impact TMG VPN services as there is a current known issue with RRAS when IPv6 is disabled...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to mjgraves@tisecurity.)
Post #: 11

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG 2010 KB 980674 when to apply? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts