If the TMG server is going to be domain joined, then I think the 1 leg in the DMZ and 1 leg in the internal network makes sense.
However some places do prefer existing firewall infrastructure to be the sole point where traffic is allowed; and if the TMG box isn't domain joined there may be a good case for it to sit solely in the DMZ, using Radius (for example) to authenticate to the back-end infrastructure and limit the number of ports open from the DMZ>Internal network at the firewall layer. Steve From: Heaton, Joseph@DFG [mailto:jhea...@dfg.ca.gov] Sent: 12 March 2012 16:28 To: MS-Exchange Admin Issues Subject: RE: TMG configuration We have ours in the DMZ, with 2 NICs; 1 internal, 1 external. I also just recently setup the OWA/Activesync rules, if you need any info. Joe Heaton ITB - Windows Server Support From: Henry Shih [mailto:hms...@ci.livermore.ca.us]<mailto:[mailto:hms...@ci.livermore.ca.us]> Sent: Sunday, March 11, 2012 11:11 PM To: Heaton, Joseph@DFG; MS-Exchange Admin Issues Subject: TMG configuration We are in process of implementing Exchange 2010 and plan to use Microsoft TMG for OWA/Active Sync access. We are using a Checkpoint firewall between Internet and internal network. The Checkpoint firewall has three interfaces (one in DMZ, one in internal network, and one connecting to Internet). Where should we add the TMG server? At DMZ with one single NIC? At DMZ with one NIC in DMZ and a second NIC in internal network? What is the best way to add the TMG to our current network configuration? Thanks. Henry Shih System Administrator --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
