Thanks Jamie. In our case we wouldn't be looking at changing outbound traffic flow since our current box is absolutely to our requirements.
I wouldn't say there's an issue or anything forcing us to look at TMG. I'm simply aware that it exists and may be a better (by which I mean safer) way to make Exchange available. At the same time I've no wish to keep adding boxes and VM's for little gain. Paul From: Jamie Morales [mailto:jmora...@reliancecloud.com] Sent: 09 October 2011 15:50 To: MS-Exchange Admin Issues Subject: RE: Using Forefront TMG to protect Exchange 2010? Hi Paul, We use TMG in our environment, once it's all setup it works fine. I think the main benefit is as you mentioned it will authenticated against your DC before letting any traffic in as per your rules. We've had issues in environments with over 2000 users (memory issues) where the firewall policies wouldn't go into effect and we'd need to restart the services. I guess the answer is it really depends on what you're trying to do. What's your primary reason for considering another solution? Is your current firewall not meeting some requirements? Thanks, Jamie Morales Reliance Cloud Services www.relianceCloud.com<http://www.relianceCloud.com> From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk]<mailto:[mailto:paul.hutchi...@mira.co.uk]> Sent: Saturday, October 08, 2011 1:17 PM To: MS-Exchange Admin Issues Subject: Using Forefront TMG to protect Exchange 2010? I wondered what peoples thoughts are on using TMG to proxy Exchange 2010 OWA/RPC/ActiveSync access? We already use a firewall that does SSL inspection and only allows access to the Exchange virtual directory URL's so I'm not entirely sure what benefits using TMG (solely for Exchange) would give us? If I understand correctly, the primary one seems to be that as you're authenticating to the TMG gateway, and if you don't authenticate you simply cannot throw exploit attempts at the IIS that's sitting on the Exchange boxes? Thanks, Paul ________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist