+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
Internet Related/Filtering/Firewall Thread, Microsoft Forefront Gateway in Technical; Originally Posted by SYNACK Keep it on a physical box though as it seems to have issues when virtualised. Hi ...
  1. #16
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    Quote Originally Posted by SYNACK View Post
    Keep it on a physical box though as it seems to have issues when virtualised.
    Hi SYNACK,

    I was wondering what problems you have with TMG on a VM ? we have 2 overhere so i might learn something here

    bio..

  2. #17

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    Quote Originally Posted by bio View Post
    Hi SYNACK,

    I was wondering what problems you have with TMG on a VM ? we have 2 overhere so i might learn something here

    bio..
    Not 100% sure that it is to do with the VM environment or a conflict with SEP, the issue that I am having under Hyper-V SP1 is that over time it looses its console connection for mouse clicks and every so often it starts dropping outbound packets for 30 seconds or so. Really weird and I will be reinstalling it from scratch to isolate it out. The BPA also flags using it in a VM as a warning event that it may not provide as much protection as it could do.

    Usage wise appart from the little chop outs it is much better than the last solution and some of the new features like the safe search enforcer are quite good especially considering the rather rudementry filtering upstream.

  3. #18
    mthomas08's Avatar
    Join Date
    Jun 2008
    Posts
    1,608
    Thank Post
    132
    Thanked 165 Times in 146 Posts
    Rep Power
    62
    You say you have Hyper-V working with TMG installed on to an image?

    We have just purchased TMG and awaiting for it to turn up (Frog VLE Installation) and I did try and get it working on an image but strangely enough it caused a Loop on our network...
    I since then have not tried to get it working. How did you get it working?

  4. #19

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    Quote Originally Posted by mthomas08 View Post
    You say you have Hyper-V working with TMG installed on to an image?

    We have just purchased TMG and awaiting for it to turn up (Frog VLE Installation) and I did try and get it working on an image but strangely enough it caused a Loop on our network...
    I since then have not tried to get it working. How did you get it working?
    Image? It is installed on a VHD and run as a Hyper-V VM, I did nothing special to get it going, just installed a fresh copy of 2k8r2 SP1 Enterprise on the VM, joined it to the domain and installed TMG. My initial setup was a little convaluded as I had to wait for an managed ISP to get off their collective sitting appendages and actually make the changes required but other than that getting it running was just a matter of installing it. Installing its updates does make it better though and adds a few features.

  5. #20
    mthomas08's Avatar
    Join Date
    Jun 2008
    Posts
    1,608
    Thank Post
    132
    Thanked 165 Times in 146 Posts
    Rep Power
    62
    Did you have to create the network bridge on the VM? (Sorry far too used to saying images).

    That is where I struggled, EIS have told me it needs to be setup as a network bridge.

  6. #21

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    Ffffff, Just looked this up propperly and it looks like there is a fix for the console glitch:
    Hyper-V Update to Improve Network Stability - Forefront TMG (ISA Server) Product Team Blog - Site Home - TechNet Blogs
    The network connection of a running Hyper-V virtual machine is lost under heavy outgoing network traffic on a Windows Server 2008 R2-based computer

    So thats one down, just need to see if it is SEP causing the minor drops now. Sorry to the OP for derailing the thread.

  7. #22

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    Quote Originally Posted by mthomas08 View Post
    Did you have to create the network bridge on the VM? (Sorry far too used to saying images).

    That is where I struggled, EIS have told me it needs to be setup as a network bridge.
    EIS?

    That may be implementation specific, I have it setup as a gateway firewall/Cache/router that isolates the internal network from the external internet and makes sure we don't waste any of our limited and expencive bandwidth on things we don't need to.

    If it is set up as a bridge with no routing then this could be causing some of the issues, I do question the idea of bridged traffic for a WAN though as it effectivly means spewing all your internal broadcast and possibly multicast traffic over your WAN link saturating it unnessisarily.

    The way I have it set up is (for simplicity) a couple of physical NICs in the Hyper-V host, Each of these is assigned to its own Network in hyper-v manager and then there are two virtual adapters on the VM, one connected to each network. Then the internet router is physicly connected to one of the ports (which only goes to ISA) and the other is connected to the internal network.

    This looks interesting: http://technet.microsoft.com/en-us/edge/Video/ff710552
    Last edited by SYNACK; 1st April 2011 at 02:14 PM.

  8. #23
    mthomas08's Avatar
    Join Date
    Jun 2008
    Posts
    1,608
    Thank Post
    132
    Thanked 165 Times in 146 Posts
    Rep Power
    62
    Sorry EIS are our service provider.

    Our TMG box is for linking through our service provider (Frog VLE onsite server) to access it all externally in replace for our current website (currently hosted by EIS).
    I was told it just needed to be setup as a network bridge, not so sure about creating that when you need two network adapters on a virtual box. When I created two, thats when it seems to cause me issues and the moment I got it working was the moment a loop back occured.

  9. #24

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,034
    Thank Post
    852
    Thanked 2,662 Times in 2,260 Posts
    Blog Entries
    9
    Rep Power
    766
    Sounds like both adapters are on the same network, they need to be on seporate networks if you are running it as a gateway. It needs to sit between your internal network and your ISP. You can install it with a single adapter and just have it filtering and proxying stuff but you loose most of its compelling security features.

  10. Thanks to SYNACK from:

    mthomas08 (4th April 2011)

  11. #25
    mthomas08's Avatar
    Join Date
    Jun 2008
    Posts
    1,608
    Thank Post
    132
    Thanked 165 Times in 146 Posts
    Rep Power
    62
    Quote Originally Posted by SYNACK View Post
    Sounds like both adapters are on the same network, they need to be on seporate networks if you are running it as a gateway. It needs to sit between your internal network and your ISP. You can install it with a single adapter and just have it filtering and proxying stuff but you loose most of its compelling security features.
    There we go that's it, I did actually create the network bridge before I even got the software and had both adapters on my network. Network bridges is some thing I have had little experience with and it sounds like that was the problem.

    Thanks

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Forefront Threat Management Gateway 2010 - User web proxy logging
    By jamesfed in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 20th June 2011, 01:55 PM
  2. Forefront Threat Gateway
    By wesleyw in forum Windows
    Replies: 5
    Last Post: 14th October 2010, 07:17 AM
  3. Forefront TMG Default Gateway
    By teejay in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 26th January 2010, 02:34 PM
  4. Anyone using Microsoft Forefront?
    By GlennT in forum Wireless Networks
    Replies: 4
    Last Post: 9th September 2008, 11:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •