This is the first time I've implemented TMG, and I think I'm in a bit over my head. Here's my setup:

- I'm using TMG simply as a reverse proxy for publishing OWA (as well as Lync and Sharepoint, but that's not for now). It is not being used as an internet facing firewall, so we've placed it in the DMZ behind our Cisco ASA.

- I want to have an Array of TMGs load balanced, for redundancy (traffic isn't really an issue; we're not that big).

- Exchange CAS is on the Internal network (no edge roles).

So, I've got two NICs on each box, one in the DMZ and one internal. 

Current config for those NICs:

DMZ:

default gateway: yes
DNS:no
MS File Sharing: disabled

Internal:

gateway:no
DNS:yes
File Sharing: enabled

I've followed Technet docs to get a standalone array going. They are communicating configs on the DMZ Nics (I used those NICs when defining Managed Computers in the Firewall settings). 

I then enabled NLB in TMG, and set the VIP on the DMZ network. Now it's all broke. 

First question: Am I doing this correctly in the first place?

Second question: Assuming my config works, what else do I need to do to get NLB working?

Hi,

Please, define "Now it's all broke". What NLB mode do you use? enabling NLB on the TMG is pretty straightforward action. You should check if ASA requires any special settings. AFAIK, it's better to use multicast mode.

Well, I'm not really sure if it's broken. TMG says that it's working OK, but when I look in NLB, I only see one node. The VIP is pingable, so that's a good sign; I'm just not used to seeing NLB behave like that. 

I'm more concerned that my NIC setup is OK. From my Googling, it doesn't seem like a very common configuration. 

I tried Multicast, but NLB didn't seem to like it so much. I know there's some issues with doing multicast in VMs with virtual switches, so I'm playing it safe and going unicast.

what do nlb display and nlb query show you?