+ Post New Thread
Results 1 to 12 of 12
Internet Related/Filtering/Firewall Thread, well I took the finger off the pulse, TMG 2010 EOLd in Technical; Licence renewal time comes around and I submit my usual request (no change to hardware, software or FTE staff so ...
  1. #1

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    well I took the finger off the pulse, TMG 2010 EOLd

    Licence renewal time comes around and I submit my usual request (no change to hardware, software or FTE staff so an easy one) only to find out no licensing for TMG any more as it is EOL.

    uh oh.

    So with a couple of months to go I am not quite in full panic mode yet. Anyone ideas on alternatives? I use TMG for VPN, multiple website publishing (OWA, outlook anywhere, intranet, moodle) spread over 2 ips in reverse proxy. Internally it load balances 2 ISPs on an active failover (with a static route on TMG sending SMTP over the "backup" ISP line permanently). Quite a few rules for letting a guest VLAN use internet and route certain web servers (we dont have an L3 router).

    Are there any alternatives that will leverage the above with (presumably) AD integration? Will MS UAG cover my existing TMG usage (since it installs TMG I believe). Will UAG cost me an arm and a leg?

    Ta
    Last edited by KK20; 19th April 2013 at 04:19 PM.

  2. #2
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,505
    Thank Post
    10
    Thanked 508 Times in 445 Posts
    Rep Power
    116
    The problem with the TMG part of UAG is that it's controlled by UAG and you aren't supposed to change anything with the config itself, it gets updated by the UAG side so they may get removed. It also needs CALs...

    It's also vile.

  3. #3

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    and I now see forefront CALS removed from EES.

    Great.

    so begins my migration from MS then.

  4. #4

    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,842
    Thank Post
    219
    Thanked 271 Times in 219 Posts
    Rep Power
    70
    I'm still using isa 2006 I usually buy a TMG server licence. Don't think I need a cal for it though.

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,505
    Thank Post
    10
    Thanked 508 Times in 445 Posts
    Rep Power
    116
    FYI Support boundaries info about how you can use TMG as part of UAG

  6. #6


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    As long as you're not doing forms based auth the smoothie UTM should cover those bases...

  7. #7

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    oops OWA is forms based on TMG atm. can smoothwall pass the forms based auth back to exchange and let exchange reject as appropriate? I'll need to look at the security implications of that first (hence the reason you normally let TMG be a firewall and do the AUTH). That being said, it is no different from letting IIS auth my webdav etc. Tom, ive posted in teh smoothwall direct support with a few more smoothwall questions. In reality I will probably email smoothwall directly after monday (ICT practical iGCSEs on monday so i'm on call for those in case of issues....)

    Chazzy, thats the point. I cannot GET a TMG licence any longer, you cant buy one since they have EOLd with no replacement (unlike when they EOLd ISA you could "downgrade" a TMG licence)
    Last edited by KK20; 19th April 2013 at 04:45 PM.

  8. #8

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    In the end ive decided sonicwall for the firewall but keep my existing dansguardian filter. I'll decomission the TMG server and setup an MS VPN server on the network to handle VPN from clients.
    Last edited by KK20; 29th April 2013 at 04:00 PM.

  9. #9
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    Quote Originally Posted by KK20 View Post
    In the end ive decided sonicwall for the firewall but keep my existing dansguardian filter. I'll decomission the TMG server and setup an MS VPN server on the network to handle VPN from clients.
    Or you could setup pfsense with squid and dansguardian port over your configs and then setup OpenVPN, you can have as many VPN's on there as the system will cope with. You get a nice Web GUI that way.

  10. #10

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    I had thought of pfsense or even a clearos installation (was thinking pound or just squid3 with dansguardian either bolted on or under a dual squid option). Unfortunately time is against me so for this one i'm going for an off-the-shelf option.

  11. #11
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,605
    Thank Post
    544
    Thanked 301 Times in 277 Posts
    Rep Power
    85
    Time... Is what it all boils down to in the end. Good Luck!

  12. #12

    Join Date
    Oct 2008
    Posts
    226
    Thank Post
    2
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    Just an update, the sonicwall is probably expensive for what it does but it works for me. A few VLAN issues that ive had to work around but overall it has worked perfectly.

    If I had to do it again then yes, pfsense will do the same (loaded up with NICs of course). I went for an NSA 2400 in the end. MS VPN using SSTP only as we only use windows devices. Stuff the ipads... (sonicwall wanted money for VPN clients, I dont think so.)



SHARE:
+ Post New Thread

Similar Threads

  1. Why does Java turn the screen off
    By ITWombat in forum *nix
    Replies: 6
    Last Post: 22nd November 2010, 10:34 AM
  2. Totally Off-The-Wall ICT Ideas Wanted!
    By tech_guy in forum General Chat
    Replies: 53
    Last Post: 14th November 2007, 02:26 AM
  3. Moving video off the camera onto the computer.
    By beast_gts in forum How do you do....it?
    Replies: 7
    Last Post: 8th June 2007, 11:47 AM
  4. "well you have the whole of the summer to sort it"
    By Benji1 in forum General Chat
    Replies: 16
    Last Post: 14th July 2006, 09:17 AM
  5. PCs dropping off the network
    By SpuffMonkey in forum Windows
    Replies: 11
    Last Post: 2nd March 2006, 11:10 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •