Lync 2010 Edge and TMG (Network Steve Forum)

Lync 2010 Edge and TMG

I have an issue where a large group of users (about 2k) have been 'migrated' into my environment without first migrating their accounts in AD. Basically, accounts were created internally and they are just connecting to my Lync 2010 and Exchange 2010 environment through the internet.

Problem is, when they leave their current network, they hit my TMG 2010 servers from a single IP address. This triggered TMGs Flood Mitigation settings and their IP was blocked. I fixed this by creating an exception for their IP address and bumping up the number of allowed tcp and http connections per minute.

Now, we are still having issues with users that attempt desktop and application sharing. Their sessions close sporadically.

My primary question is, has anyone ever attempted this type of solution before, allowing thousands of users external access from a single IP address through TMG and Lync Edge? If so is it supported and what type of issues might I need to look for? Does the Edge role also have restrictions on how many connections can be made by a single IP address from the internet?

Changed type Eric_YangKModerator Monday, February 16, 2015 6:18 AM General Discussion

February 14th, 2015 1:12am

Hi Ray,

I'm pretty sure TMG is generally not the external endpoint publishing the AV/Sharing capabilities unless it is drastically different in your environment (or if TMG is your outer most firewall)

Usual setup for reverse proxy is :

Firewall1 (outer most) <---> DMZ <----> Firewall2 (TMG?) ---> Corp

Firewall 2 publishes web services.

Edge usually looks like:

Firewall1 (outer most) <---> DMZ <----> Edge Access/AV/WebConf ---> Corp

Can you confirm if TMG is your outer-most firewall? If it is then check if your edge has one or multiple IPs. Then check the publishing for those IPs and make sure they adhere to the exception you created. In addition, check the Firewall on the edge server itself.

If TMG is not your outer-most firewall (if Firewall1 is some other device) then please check the intrusion protection on the Firewall1 device and allow for exception in there as well.

Hope this helps.

Cheers,

Max

Free Windows Admin Tool Kit Click here and download it now

March 4th, 2015 11:12am

This topic is archived. No further replies will be accepted.