I'm an intern at a medium size business. Currently they are using a Cisco 1941 Router for gateway router and contract out to have any work done on this device. This includes virtually everything that would need to be done as far as router configuration and maintenance goes. While I'm not very well versed in the language of Cisco, I have a decent amount of experience with ISA 2006 and Forefront TMG 2010. The company is looking at offering a SaaS solution to customers and will have redundant ISPs. For this network they would like to have two separate networks, their corporate network and the SaaS network. To accomplish this, they were going to spend about $10,000 on one router, one switch and the configuration that would go along with it. My suggestion was to use Forefront TMG in a three-legged perimeter configuration with the corporate network on the "internal" network and the SaaS network configured on the "perimeter" network but locked down. My boss asked me why I would used Forefront rather than Cisco and I told him initially that I saw it as a waste to pay an outside contractor thousands a year to configure a device when products exist that the current staff could configure. I also added that while it is not an "all in one solution" we would be able to get rid of our aging RRAS server that is currently running Windows 2000 Advanced server. (This would remain in place after the 1941 was implemented). He told me that the reason why they would like to stay with Cisco is because, as he said: "Remember the old saying, 'No one ever got fired for buying IBM', well the same thing goes here, too. No one gets fired buying Cisco." Further rationale for decidign on TMG is as follows: it can be configured as the VPN server, authenticating users who access the SaaS network with out requiring a RADIUS or other server, can perform ISP redunancy without the purchase of an add-on card like the Cisco device does, better logging and other information that can be used to see who, when and where network activity is coming from, content filtering for protection of internal network clients, no need to pay a thrid-party to configure the device like the Cisco device does. Am I totally off the mark here and we should stick with paying an outside contractor to service our network hardware? Are there significant advantages to using TMG over the Cisco 1941? Any assistance would be appreciated.

On Wed, 25 May 2011 02:43:07 +0000, jasguer wrote: Further?rationale for?decidign on TMG is as follows: Questions regarding TMG should be posted here: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/threads Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca System going down at 5 pm to install scheduler bug.