• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

multiple isp - failover q

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> multiple isp - failover q Page: [1]
Login
Message << Older Topic   Newer Topic >>
multiple isp - failover q - 12.Jan.2011 3:40:19 PM   
jrink

 

Posts: 57
Joined: 22.Jul.2002
From: Wisconsin
Status: offline
With TMG's ability to do fail over for multiple ISPs and also load balancing, is it possible to setup 2 ISPs with TMG and create firewall rules that force certain traffic (or firewall rule) through a specific ISP -- unless that ISP fails, then use the other ISP?

For example, if I have an access rule that allows my Internal network to RDP outbound to the internet, can I force that RDP traffic (for that rule) to default to using ISP2? While all my other rules default to use ISP1?

I'd still want failover to occur as well however...
Post #: 1
RE: multiple isp - failover q - 12.Jan.2011 4:25:04 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

you can not accomplish it with TMG.
quote:


Protocol based enhanced NAT is not supported

Issue: Forefront TMG cannot assign NAT IP addresses based on the protocol used (for example, HTTP traffic is assigned one IP address and SMTP another).
Cause: Protocol based enhanced NAT is not supported.
Solution: No workaround.

Source: http://technet.microsoft.com/en-gb/library/ee796231.aspx#l1k2j3h
Regards,Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to jrink)
Post #: 2
RE: multiple isp - failover q - 12.Jan.2011 6:03:53 PM   
jrink

 

Posts: 57
Joined: 22.Jul.2002
From: Wisconsin
Status: offline
What if its not based on protocol but just based on a range of destination ip addresses? for example.... send outbound traffic destined to 64.x.x.x/24 range of ip addresses through ISP2... ?

JR

(in reply to paulo.oliveira)
Post #: 3
RE: multiple isp - failover q - 12.Jan.2011 8:18:54 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi JR,

You can do it based upon Source IP with TMG ENAT. See the  Diverting traffic to a specific ISP Link by using NAT rules section from here: http://blogs.technet.com/b/isablog/archive/2009/02/16/keeping-high-availability-with-forefront-tmg-s-isp-redundancy-feature.aspx

Does this help?

Cheers

JJ 

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to jrink)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> multiple isp - failover q Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts