TMG 2010, Exchange Edge 2010 & Forefront Protection For Exchange 2010 – All In The Same Box…

Microsoft had released the latest version of ISA server couple of months ago and it has undergone a name change. The new release is named Forefront Threat Management Gateway (TMG) 2010. This version supports running Exchange Edge 2010 and Forefront Protection For Exchange 2010 along with it in the same box. I bet you know…

Microsoft had released the latest version of ISA server couple of months ago and it has undergone a name change. The new release is named Forefront Threat Management Gateway (TMG) 2010. This version supports running Exchange Edge 2010 and Forefront Protection For Exchange 2010 along with it in the same box.

I bet you know where I am heading! You don’t need different servers like in the old times. You can have a couple of servers in the DMZ with all three components. The same box will publish Exchange services like OWA, OA & ActiveSync and at the same time act as the first layer of defence for incoming emails.

TMG provides central management for Exchange Edge and Forefront Protection 2010 for Exchange when located on the same server. It does not include either Exchange or Forefront Protection 2010 for Exchange. Both must be purchased and installed separately. TMG 2010 also comes with a long list of new features.

Install TMG, Edge 2010 & then Forefront Protection. Make sure you update the scanning engines & enable all antispam & antivirus filters before connecting it to production network.

Check this article for installation steps.

5 Comments

  1. Sarbjit Singh says:

    You can combine all 3 roles (TMG, FPE and Exchange Edge) on a single server and it works. Also you only need to NIC on the TMG box. i have done it a few times. My only issues is management is a pain especially when updating one of them and a restart bring the firewall done. Also the managed control service is a very sensitive component. The transport service which needs to be started for some anti-spam settings, can cause the TMG service to restart or hang.

    i eventually moved the TMG to another box, created a a 3 legged configuration, and another box was for FPE and Exchange. i have more peaceful nights.

    1. Rajith Enchiparambil says:

      Hi Sarbjit,

      You are right. Though the combination works and is supported, it is a pain to manage.

      Thanks.

  2. Anonymous says:

    Same problem here. On startup it takes forever for services to start/fail before i can RDP. Read a blog saying it was down to install proceedure. Need to install exchange, then Forefront and last TMG.
    I did that, but then TMG completely messed up the edgesync transport, so had to start all over again. Still no joy7.
    Also TMG steals the rules from forefront, so forefront isnt doing the filtering.

  3. Anonymous says:

    I've installed UAG with Edge Transport. Needed to open up some ports within the TMG component of UAG to get the Edge Sync and SMTP traffic flowing though.

    However when I install Forefront Protection for Exchange, the server takes 15 minutes before I can RDP back in, and UAG console runs slow, sometimes complaining it can't connect to TMG Storage.

    Seems there's some issues with UAG+Edge Transport+Forefront Protection for Exchange…

  4. Can the same be done with UAG?

Leave a Reply

Your email address will not be published. Required fields are marked *