• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2006 to TMG layout

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> Installation >> ISA 2006 to TMG layout Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2006 to TMG layout - 9.Jan.2013 5:34:08 PM   
Sunny.C

 

Posts: 801
Joined: 5.Apr.2005
From: sydney
Status: offline
Hey people,

Just after recommendations on how i should upgrade our old ISA 2006 box with the new TMG.Currently our structure is as follows.

We have about 10 branch sites all connected in a private cloud which is going straight out the cloud for internet access.All sites come back to HO for mail,vpn access.
Most sites have DC's which point back to HO DNS.
My aim is not only to upgrade to TMG but also make some improvements to the layout.

1. Main internet pipe ---> Straight out IP Cloud (Private cloud(vpn) and internet access)

2. Secondary connect ---> ISA ---> Internet (3 NIC ISA mail/VPN/ftp etc.)
---> DMZ

It is a straight forward upgrade however i am considering using a caching dns and maybe even use TMG as a backend firewall for the main internet pipe.....

Any recommendations or ideas...?
Post #: 1
RE: ISA 2006 to TMG layout - 11.Jan.2013 3:17:03 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
A private cloud cannot go "straight out" to the Internet because it is a private network,...therefore the service provider has a Firewall (either NATing or Proxying) at the Public Edge where the private network and the public network meet. So,...in my opinion,...there is no reason for the ISA or the TMG to even exist.

But in answer to your specific question,...my only recommendation is to never ever let the ISA or TMG be involved in DNS in any way for any reason,...all it will do is get in the way,..slow things down,...and create another "point of failure".

I have no other recommendation for any of the rest of it. In a private network situation you are in, the network provider controls everything and is the "go to" for security because it is their firewall that provides your security. Basically you are "inside" someone else's private network and everything is controlled by them.

_____________________________

Phillip Windell

(in reply to Sunny.C)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> Installation >> ISA 2006 to TMG layout Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts