In June, Microsoft released a Beta 3 version of Microsoft Forefront TMG (Threat Management Gateway), a Secure Web Gateway tool that helps protect users from Internet dangers, in addition to providing it. provide some security solutions, VPN, malware detection tool, URL filtering tool, . with many new features.
You can download Microsoft Forefront TMG Beta 3 here.
One of the most notable features of Microsoft Forefront TMG is ISP Redundancy, which balances the load of network traffic between two different ISPs (Internet service providers). Another configuration mode is the ability to configure Microsoft Forefront TMG for ISP Failover. In this case Forefront TMG will use an ISP link as the primary connection, and if the link is broken, TMG will automatically switch to using the preconfigured second ISP link.
Configure ISP Redundancy
To configure the ISP Redundancy Mode, first open the Forefront TMG Management Console , switch to the Networking node and select the ISP Redundancy tab. Then click Configure ISP Redundancy .
Figure 1: Redundancy window.
The ISP Redundancy Wizard appears, we will then configure the ISP Redundancy Mode according to the instructions on this Wizard.
Figure 2: ISP Redundancy configuration wizard.
First we will have to choose one of two modes for ISP Redundancy, including:
- Load between balancing to ISP links.
- Failover dùng một chính sách và sao lưu link.
Failover using a primary and backup link (ISP Failover) is used to provide another solution to connect to the Internet if the primary ISP link collapses due to a problem or maintenance. ISP Failover is a very useful feature for small companies with simple network systems that want to apply the switching capabilities for two ISP links. The primary ISP link is usually faster and faster, when this connection is broken, TMG will automatically backup the ISP.
Figure 3: Select operating mode for ISP Redundancy.
ISP Load Balancing
In this first example we will select the first option. We will then have to specify the Network Adapter used for that ISP. First select the name for the ISP and Network Adapter used to connect to the ISP and then click Next .
Figure 4: Select Network Adapter for ISP Redundancy.
Once you have selected the first ISP link, the next configuration dialog will allow us to configure the ISP connection properties including the Gateway IP Address and this connected DNS server to use.
Figure 5: ISP connection properties.
The TMG wizard will automatically create the TMG computer object that can be used as a list of servers that will redirect through this ISP.
Figure 6: ISP's DNS server properties.
After completing the configuration for the first ISP, we will perform the above steps to configure the second ISP. When both connections are configured you will have a load balancing option between the two configured ISPs. If the bandwidth of the two connections is the same, you should choose a load-balancing mode between the two ISPs. In the case of a bandwidth gap of these two ISPs, move the slider to set the flow rate that this ISP link will handle (Figure 7). Then click Next .
Figure 7: Select the download rate for ISP links.
Next click Finish to close the ISP Configuration Wizard and then click Apply to save the configuration you just made.
Manage ISP Redundancy
Microsoft Forefront TMG has several ISP Redundancy tool management tools. If you want to see the download process and the status of each ISP already configured, you can use Dashboard in the Microsoft Forefront TMG Management Console . Dashboard will allow you to check each ISP's uptime and Byte transfer rate per second of each ISP link (Figure 8).
Figure 8: ISP Redundancy Management.
ISP Failover
After successfully configuring ISP Load Balancing, we will configure ISP Failover of Forefront TMG. To switch the TM Bal Load Balancing task to the Failover, click on the ISP Failover link in the ISP Redundancy tab.
Figure 9: ISP Redundancy Mode Tab.
Check the ISP connection
The ISP Redundancy configuration process can also fix a broken link or force Forefront TMG to activate another ISP connection. This operation can be useful in fixing broken links or checking functions.
Figure 10: ISP Failover Connection Role.
You can choose three options for ISP Connection Test one by one to check. These options include:
- Automatic (automatic).
- Always On (always on).
- Always Off (always off).
Figure 11: ISP load balancing ratio.
ISP Failover Notice
Microsoft Forefront TMG is able to notify Admin TMG if there is a problem with ISP Redundancy. TMG includes the following 5 new sale options:
- ISP Link is available - Displays on the screen every time an ISP connection is active.
- ISP Link address missing - There are no IP addresses configured on the TMG server's Network Adapter compatible with the ISP link.
- ISP Link is active - This message will appear when an ISP link is activated and the network traffic is switched too.
- ISP Link is unavailable - This message will appear when the ISP link is not connected.
- Both ISP Links are unavailable - Indicates that both ISP links are not active.
Figure 12: ISP Load Balancing and Failover Notice.
Conclude
We have configured Microsoft Forefront TMG to switch between ISP Load Balancing to Failover between ISP links. This feature is suitable for small and medium-sized companies that want to share multiple ISP connections or want to switch between a master ISP connection and a narrow bandwidth connection to perform backups.