Microsoft had released the latest version of ISA server couple of months ago and it has undergone a name change. The new release is named Forefront Threat Management Gateway (TMG) 2010. This version supports running Exchange Edge 2010 and Forefront Protection For Exchange 2010 along with it in the same box.
I bet you know where I am heading! You don’t need different servers like in the old times. You can have a couple of servers in the DMZ with all three components. The same box will publish Exchange services like OWA, OA & ActiveSync and at the same time act as the first layer of defence for incoming emails.
TMG provides central management for Exchange Edge and Forefront Protection 2010 for Exchange when located on the same server. It does not include either Exchange or Forefront Protection 2010 for Exchange. Both must be purchased and installed separately. TMG 2010 also comes with a long list of new features.
Install TMG, Edge 2010 & then Forefront Protection. Make sure you update the scanning engines & enable all antispam & antivirus filters before connecting it to production network.
Check this article for installation steps.
3 comments:
Can the same be done with UAG?
I've installed UAG with Edge Transport. Needed to open up some ports within the TMG component of UAG to get the Edge Sync and SMTP traffic flowing though.
However when I install Forefront Protection for Exchange, the server takes 15 minutes before I can RDP back in, and UAG console runs slow, sometimes complaining it can't connect to TMG Storage.
Seems there's some issues with UAG+Edge Transport+Forefront Protection for Exchange...
Same problem here. On startup it takes forever for services to start/fail before i can RDP. Read a blog saying it was down to install proceedure. Need to install exchange, then Forefront and last TMG.
I did that, but then TMG completely messed up the edgesync transport, so had to start all over again. Still no joy7.
Also TMG steals the rules from forefront, so forefront isnt doing the filtering.
Post a Comment