Internet Related/Filtering/Firewall Thread, well I took the finger off the pulse, TMG 2010 EOLd in Technical; Licence renewal time comes around and I submit my usual request (no change to hardware, software or FTE staff so ...
19th April 2013, 04:12 PM #1
well I took the finger off the pulse, TMG 2010 EOLd
Licence renewal time comes around and I submit my usual request (no change to hardware, software or FTE staff so an easy one) only to find out no licensing for TMG any more as it is EOL.
So with a couple of months to go I am not quite in full panic mode yet. Anyone ideas on alternatives? I use TMG for VPN, multiple website publishing (OWA, outlook anywhere, intranet, moodle) spread over 2 ips in reverse proxy. Internally it load balances 2 ISPs on an active failover (with a static route on TMG sending SMTP over the "backup" ISP line permanently). Quite a few rules for letting a guest VLAN use internet and route certain web servers (we dont have an L3 router).
Are there any alternatives that will leverage the above with (presumably) AD integration? Will MS UAG cover my existing TMG usage (since it installs TMG I believe). Will UAG cost me an arm and a leg?
Last edited by KK20; 19th April 2013 at 04:19 PM.
19th April 2013, 04:19 PM #2
The problem with the TMG part of UAG is that it's controlled by UAG and you aren't supposed to change anything with the config itself, it gets updated by the UAG side so they may get removed. It also needs CALs...
It's also vile.
19th April 2013, 04:22 PM #3
and I now see forefront CALS removed from EES.
so begins my migration from MS then.
19th April 2013, 04:28 PM #4
I'm still using isa 2006 I usually buy a TMG server licence. Don't think I need a cal for it though.
19th April 2013, 04:28 PM #5
FYI Support boundaries info about how you can use TMG as part of UAG
19th April 2013, 04:35 PM #6
As long as you're not doing forms based auth the smoothie UTM should cover those bases...
19th April 2013, 04:38 PM #7
oops OWA is forms based on TMG atm. can smoothwall pass the forms based auth back to exchange and let exchange reject as appropriate? I'll need to look at the security implications of that first (hence the reason you normally let TMG be a firewall and do the AUTH). That being said, it is no different from letting IIS auth my webdav etc. Tom, ive posted in teh smoothwall direct support with a few more smoothwall questions. In reality I will probably email smoothwall directly after monday (ICT practical iGCSEs on monday so i'm on call for those in case of issues....)
Chazzy, thats the point. I cannot GET a TMG licence any longer, you cant buy one since they have EOLd with no replacement (unlike when they EOLd ISA you could "downgrade" a TMG licence)
Last edited by KK20; 19th April 2013 at 04:45 PM.
29th April 2013, 03:59 PM #8
In the end ive decided sonicwall for the firewall but keep my existing dansguardian filter. I'll decomission the TMG server and setup an MS VPN server on the network to handle VPN from clients.
Last edited by KK20; 29th April 2013 at 04:00 PM.
29th April 2013, 04:13 PM #9
Or you could setup pfsense with squid and dansguardian port over your configs and then setup OpenVPN, you can have as many VPN's on there as the system will cope with. You get a nice Web GUI that way.
Originally Posted by KK20
29th April 2013, 04:16 PM #10
I had thought of pfsense or even a clearos installation (was thinking pound or just squid3 with dansguardian either bolted on or under a dual squid option). Unfortunately time is against me so for this one i'm going for an off-the-shelf option.
29th April 2013, 04:30 PM #11
Time... Is what it all boils down to in the end. Good Luck!
19th September 2013, 05:57 PM #12
Just an update, the sonicwall is probably expensive for what it does but it works for me. A few VLAN issues that ive had to work around but overall it has worked perfectly.
If I had to do it again then yes, pfsense will do the same (loaded up with NICs of course). I went for an NSA 2400 in the end. MS VPN using SSTP only as we only use windows devices. Stuff the ipads... (sonicwall wanted money for VPN clients, I dont think so.)
By ITWombat in forum *nix
Last Post: 22nd November 2010, 10:34 AM
By tech_guy in forum General Chat
Last Post: 14th November 2007, 02:26 AM
By beast_gts in forum How do you do....it?
Last Post: 8th June 2007, 11:47 AM
By Benji1 in forum General Chat
Last Post: 14th July 2006, 09:17 AM
By SpuffMonkey in forum Windows
Last Post: 2nd March 2006, 11:10 AM
Users Browsing this Thread
There are currently 2 users browsing this thread. (1 members and 1 guests)