• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Multiple TMG servers in different location - Failover?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Multiple TMG servers in different location - Failover? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Multiple TMG servers in different location - Failover? - 19.Mar.2011 3:26:48 PM   
adynes

 

Posts: 7
Joined: 19.Mar.2011
Status: offline
At our main location I have TMG 2010 with a 10Mbps internet connection.  I then have branch location connected by a single point to point T1 (1.5Mbps). The branch location uses a lot of internet resources along with about 8 IP phones so right now the P2P link is almost always fully utilized.  The cost on a upgraded P2P is very expensive so I was thinking I would put in another TMG server in that location with "cheap" cable or DSL for there internet traffic and allow the VoIP and server traffic to continue using the P2P.

Here is my question....is there any automatic fall over for this setup?  Both internet connections would have dedicated IP's.  I was then thinking I could setup my MX records so the primary is my main site and the secondary is the branch site.  In this way if I lost my main internet line I could keep going with the secondary line.  Same with my other DNS entries, the branch line (which will be slow back to the main site but work) would serve in a pinch.  But is there anything that would allow the TMG in the main location to fall over to the branch site automatically.

I don't want to pay the very expensive costs of TMG Enterprise for something this simple as I don't need any other functions of it but I can't figure out how else to do it in Standard.

-Allan
Post #: 1
RE: Multiple TMG servers in different location - Failover? - 24.Mar.2011 4:31:26 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
No,..there will be no failover.

You can have completely independent TMG firewalls at each location if the routing is handled properly,...but no failover.

I dont' think you realize the complexity of what you are calling "...something this simple..."

TMG Enterprise would make no difference.

_____________________________

Phillip Windell

(in reply to adynes)
Post #: 2
RE: Multiple TMG servers in different location - Failover? - 24.Mar.2011 4:53:18 PM   
adynes

 

Posts: 7
Joined: 19.Mar.2011
Status: offline
It's not complex at all. Two TMG's, too locations connected by a point to point. One TMG fails you use the other. As I said it's pretty simple.

Hrm...thought of something. I may be able to use the ISP failover mode and assign another "WAN" network connection routed through the opposite TMG? Then if my "primary" ISP were to fail I failover to my "secondary" ISP which is actually just the other TMG server? I coudl setup a VLAN between sites just for this failover traffic and also so I could assign a unique IP address range.

(in reply to pwindell)
Post #: 3
RE: Multiple TMG servers in different location - Failover? - 24.Mar.2011 5:17:12 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
quote:

It's not complex at all. Two TMG's, too locations connected by a point to point. One TMG fails you use the other. As I said it's pretty simple.


Like I said. You don't understand how what you think it simple,...really is not simple.   It has nothing to do with the physical topology being simple or not,...it is about how things work (or in this case,...how they don't work)

quote:

Hrm...thought of something. I may be able to use the ISP failover mode and assign another "WAN" network connection routed through the opposite TMG? Then if my "primary" ISP were to fail I failover to my "secondary" ISP which is actually just the other TMG server? I coudl setup a VLAN between sites just for this failover traffic and also so I could assign a unique IP address range.


Nope.  Can't do it.  You're gonna have Asynchrous Routing issues all over the place because it won't respond down the same VPN it was initiated on and you end up backfeeding ACK packets from the External Outbound connection back into Internal LAN side of the Network through the opposite VPN

This is all based on a false premise that ISP are just failing all over the place and staying down.  They do not,...they rarely go down because ISP's have redundancy out the wazzo in their facilities and have multiple bonebones across mulitple Carriers.  The only thing that ever really goes down is the "last mile" to your facility and those are almost always brought up very quickly.

Now if you are using Home-user Internet technology (CableTV or DSL) then you just get what you pay for.  But even then outages don't last long and by the time you make a mess of your LAN with what you want to try,...and then straighten it out by putting things back the way they should be the "downed" connection would already be back up anyway.

Just spend the money for a cheap secondary Internet Connection at each location and and run it off the normal Dual-ISP configuration of each TMG.

_____________________________

Phillip Windell

(in reply to adynes)
Post #: 4
RE: Multiple TMG servers in different location - Failover? - 24.Mar.2011 8:19:34 PM   
adynes

 

Posts: 7
Joined: 19.Mar.2011
Status: offline
I don't think you understand there is more then one way to skin a cat as the saying goes.

And yes, the ISP failover idea can be done pretty simply without wasting money on a second line at each location. I'd explain exactly how I'd do it but you'd probably tell me it's still not possible and spout off some nonsense about how complicated it is.

The articles on this site have been a great help, this forum not so much.

(in reply to pwindell)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Multiple TMG servers in different location - Failover? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts