Forefront Threat Management Gateway (TMG) :Part 1 (the design)
TMG where do I put it and why ? two of the most common questions I got ,of Couse there is more than one answer for that question but let us work with two of the most common installation of TMG
- Secure Gateway (Edge Firewall )
- Web Proxy
so which do you choose ?
secure gateway
we usually use secure gateway when there is no firewall other than TMG or we want TMG to be unaware of the next or previous firewalls (Like DMZ) so we install TMG at the Far End of our network (like the diagram below )
Design benefits
- all traffic pass through TMG so that we can apply all our rules on all traffic
- easy to setup ,configure
- easy to troubleshoot
Design downside
you must size the TMG correctly or otherwise you will face performance issues
Web proxy
we usually use the web proxy when we need only the proxy features like
- Caching
- URL filtering
- content filtering
Design benefit
- the firewall is being handled by other TMG or third party firewall which will increase the performance
- the server can handle much more connections
- few rules to create
Design downside
- Hard to troubleshoot
- not easy to Setup -needs additional configuration outside the TMG box –
Two of the less common designs but you might need them are
- 3-Leg perimeter
- Back firewall
for more information please visit
http://technet.microsoft.com/en-us/library/dd896975.aspx
you May also want to view other parts
Forefront Threat Management Gateway (TMG) : Part 2 (the installation)
