hi everyone i have what i think is a simple question but i don't know if i'm missing something in all the tutorials about standalone arrays i've read.

i'm working with 2 tmg enterprise editions in 2008R2 in a test environment. both are on sp2 fully updated and a single 20 Mbit connection. i would like for this two tmg's to work for high availability using that connection only and i was able to join both in a standalone array. here's how they're configured:

tmg01
internal nic ip range: 192.168.1.1/24
second internal nic: not connected at the moment, considering for intra-array network if needed later on (if anyone suggest is absolutely necessary)
external nic ip: dhcp supplied by isp.

tmg02
internal nic ip range: 192.168.1.2/24
second internal nic: not connected at the moment.
external nic: not connected. (where do i connect this one if i only have one modem for that 20 Mbit connection??)

i have read that the intra-array network is not absolutely necessary so im leaving those unplugged.

now, heres my question, since theyre both already on an array, if tmg01 fails to deliver (lets assume it has a hardware malfunction), how is tmg02 going to take over and connect to the external network if by definition my modem only accepts one cable? will i have to be near the server and change the cable to the other nic in tmg02 for it to work or do i have to add something in between the modem and the two tmgs?

is there something im missing? will i be needing 2 connections? maybe its too obvious or stupid and it just went passed me. im open to criticism and opinions.

thanks

Hi

Let follow the best practice.

In Production Normal setup for Full redundant Architecture, we need three servers, one for Array and other two servers for TMG for HA.

1 . TMG Array Server Subnet Routable with Internal TMG Subnet ( You can also have this in any one TMG but best practice is to separate it )

2.  TMG 1 Two NIC, Internal / External

3.  TMG 2 Two NIC, Internal / External

Second Internal NIC is not required in your setup. So you can go with two NIC. External and Internal on two TMG

Join TMG 1 and TMG 2 to Single Array which is server 1. By this all the configuration you make on one TMG will sync with other TMG.

How TMG will handle in case of Server failure

• You need to Create two NLB in TMG
• One for Internal and one for External

Internal NLB

• You need to create an Internal NLB, Since you are using 192.168.1.0 / 24 Network for Internal, assign an internal NLB as 192.168.1.3
• If you want to use TMG as gateway for all internet connection, then you need to have default Route from internal network pointing to 192.168.1.3 which is TMG NLB internal IP address

External NLB

Since you have not mentioned  External Network, lets assume you are using 10.10.10.0 / 24 and External Interface of TMG 1 is 10.10.10.1 and TMG 2 is 10.10.10.2, Then create an External NLB and assign an IP address 10.10.10.3

• You need to have a Switch in between your Router and TMG servers,
• Connect TMG -1 and TMG 2 External Interface NIC to Switch
• On external NIC Set gateway as Modem IP address of Both TMG
• Connect an internet cable from modem to the same switch
• Ensure that, you have a route to 10.10.10.0 /24  from Modem to External NLB IP address Ie 10.10.10.3

Now you dont have to switch cables to Modem,

Good Luck !!

• Edited by S Guna 9 hours 43 minutes ago

Hi

Let follow the best practice.

In Production Normal setup for Full redundant Architecture, we need three servers, one for Array and other two servers for TMG for HA.

1 . TMG Array Server Subnet Routable with Internal TMG Subnet ( You can also have this in any one TMG but best practice is to separate it )

2.  TMG 1 Two NIC, Internal / External

3.  TMG 2 Two NIC, Internal / External

Second Internal NIC is not required in your setup. So you can go with two NIC. External and Internal on two TMG

Join TMG 1 and TMG 2 to Single Array which is server 1. By this all the configuration you make on one TMG will sync with other TMG.

How TMG will handle in case of Server failure

• You need to Create two NLB in TMG
• One for Internal and one for External

Internal NLB

• You need to create an Internal NLB, Since you are using 192.168.1.0 / 24 Network for Internal, assign an internal NLB as 192.168.1.3
• If you want to use TMG as gateway for all internet connection, then you need to have default Route from internal network pointing to 192.168.1.3 which is TMG NLB internal IP address

External NLB

Since you have not mentioned  External Network, lets assume you are using 10.10.10.0 / 24 and External Interface of TMG 1 is 10.10.10.1 and TMG 2 is 10.10.10.2, Then create an External NLB and assign an IP address 10.10.10.3

• You need to have a Switch in between your Router and TMG servers,
• Connect TMG -1 and TMG 2 External Interface NIC to Switch
• On external NIC Set gateway as Modem IP address of Both TMG
• Connect an internet cable from modem to the same switch
• Ensure that, you have a route to 10.10.10.0 /24  from Modem to External NLB IP address Ie 10.10.10.3

Now you dont have to switch cables to Modem,

Good Luck !!

• Edited by S Guna Sunday, June 15, 2014 1:06 AM

Hi

Let follow the best practice.

In Production Normal setup for Full redundant Architecture, we need three servers, one for Array and other two servers for TMG for HA.

1 . TMG Array Server Subnet Routable with Internal TMG Subnet ( You can also have this in any one TMG but best practice is to separate it )

2.  TMG 1 Two NIC, Internal / External

3.  TMG 2 Two NIC, Internal / External

Second Internal NIC is not required in your setup. So you can go with two NIC. External and Internal on two TMG

Join TMG 1 and TMG 2 to Single Array which is server 1. By this all the configuration you make on one TMG will sync with other TMG.

How TMG will handle in case of Server failure

• You need to Create two NLB in TMG
• One for Internal and one for External

Internal NLB

• You need to create an Internal NLB, Since you are using 192.168.1.0 / 24 Network for Internal, assign an internal NLB as 192.168.1.3
• If you want to use TMG as gateway for all internet connection, then you need to have default Route from internal network pointing to 192.168.1.3 which is TMG NLB internal IP address

External NLB

Since you have not mentioned  External Network, lets assume you are using 10.10.10.0 / 24 and External Interface of TMG 1 is 10.10.10.1 and TMG 2 is 10.10.10.2, Then create an External NLB and assign an IP address 10.10.10.3

• You need to have a Switch in between your Router and TMG servers,
• Connect TMG -1 and TMG 2 External Interface NIC to Switch
• On external NIC Set gateway as Modem IP address of Both TMG
• Connect an internet cable from modem to the same switch
• Ensure that, you have a route to 10.10.10.0 /24  from Modem to External NLB IP address Ie 10.10.10.3

Now you dont have to switch cables to Modem,

Good Luck !!

• Edited by S Guna Sunday, June 15, 2014 1:06 AM
• Marked as answer by Pepe le pu 21 hours 44 minutes ago

Hi

Let follow the best practice.

In Production Normal setup for Full redundant Architecture, we need three servers, one for Array and other two servers for TMG for HA.

1 . TMG Array Server Subnet Routable with Internal TMG Subnet ( You can also have this in any one TMG but best practice is to separate it )

2.  TMG 1 Two NIC, Internal / External

3.  TMG 2 Two NIC, Internal / External

Second Internal NIC is not required in your setup. So you can go with two NIC. External and Internal on two TMG

Join TMG 1 and TMG 2 to Single Array which is server 1. By this all the configuration you make on one TMG will sync with other TMG.

How TMG will handle in case of Server failure

• You need to Create two NLB in TMG
• One for Internal and one for External

Internal NLB

• You need to create an Internal NLB, Since you are using 192.168.1.0 / 24 Network for Internal, assign an internal NLB as 192.168.1.3
• If you want to use TMG as gateway for all internet connection, then you need to have default Route from internal network pointing to 192.168.1.3 which is TMG NLB internal IP address

External NLB

Since you have not mentioned  External Network, lets assume you are using 10.10.10.0 / 24 and External Interface of TMG 1 is 10.10.10.1 and TMG 2 is 10.10.10.2, Then create an External NLB and assign an IP address 10.10.10.3

• You need to have a Switch in between your Router and TMG servers,
• Connect TMG -1 and TMG 2 External Interface NIC to Switch
• On external NIC Set gateway as Modem IP address of Both TMG
• Connect an internet cable from modem to the same switch
• Ensure that, you have a route to 10.10.10.0 /24  from Modem to External NLB IP address Ie 10.10.10.3

Now you dont have to switch cables to Modem,

Good Luck !!

• Edited by S Guna Sunday, June 15, 2014 1:06 AM
• Marked as answer by Pepe le pu Wednesday, June 18, 2014 1:05 PM

thank you very much for your response!

like i suspected i needed a switch between the modem and the 2 tmgs.

i have a few questions though

1. the default network route when i configure the nlb in the internal should be defined in NETWORKING / ROUTING? or i can set it up in a dhcp server as the default gateway?

2. my isp gives me an ip through dhcp, when i create the nlb for the external network, which vip should i setup? the one you suggested, i have a doubt how will the modem route that subnet...

thank you very much for taking the time to answer my questions!

HI First question If all clients are able to reach TMG network then just change the gateway all client in DHCP to NLB. Second Assign a static IP address on the same DHCP range. Ensure the new IP address is excluded from DHCP

HI First question If all clients are able to reach TMG network then just change the gateway all client in DHCP to NLB. Second Assign a static IP address on the same DHCP range. Ensure the new IP address is excluded from DHCP

• Marked as answer by Pepe le pu 21 hours 44 minutes ago

HI First question If all clients are able to reach TMG network then just change the gateway all client in DHCP to NLB. Second Assign a static IP address on the same DHCP range. Ensure the new IP address is excluded from DHCP

• Marked as answer by Pepe le pu Wednesday, June 18, 2014 1:05 PM