TMG 2010 Exchange 2010 Security

S

SKiTLz

2[H]4U
Joined
Aug 3, 2003
Messages
2,664
Got a quick TMG 2010 related question. My current mail-flow setup is as follows.

Cloud
|
Border Router
|
Cisco ASA
|
Server 1 - Exchange 2010 Edge / ForeFront Protection for Exchange
|
Server 2 - Exchange 2010 Hub

I also have another server that is our TMG 2010 back end firewall I use to publish certain internal websites. I'm considering directing mail flow through that also. What I'm not clear on is will the standalone TMG offer any benefits as far as SPAM/Malware detection or is that all done by FPE on the Edge? I don't know if there is any advantage or if it is just redundant.

So the proposed new setup

Cloud
|
Border Router
|
Cisco ASA
|
TMG Back-end Firewall
|
Server 1 - Exchange 2010 Edge / ForeFront Protection for Exchange
|
Server 2 - Exchange 2010 Hub
 
well in my experience FPE is pretty damn good, even if it is a huge resource hog.
IMO unless your having issues with spam etc getting through it seems like it would be redundant
But unless your getting a lot of false postives, you can never have too much filtering?
 
You want to know whats funny? The Spam filtering on TMG IS FPE! So basically if you have it on your exchange server already running FPE you aren't going to add anything by adding a second FPE server. Microsoft is (eventually? our SPLA rep didn't really have answers) going to add other engines (Norton, Mcafee, and Avast if I remember) so that if you have a setup like the one described you don't have redundant spam filtering but I don't really know the details on when or even if that is coming, MS just said they were looking into it.

If you need some extra spam protection I highly recommend Logsat Spamfilter ISP. We switched our environment from GFI mail essentials for spam filtering and the difference is night and day.
 
C7J0yc3 said:
You want to know whats funny? The Spam filtering on TMG IS FPE! So basically if you have it on your exchange server already running FPE you aren't going to add anything by adding a second FPE server. Microsoft is (eventually? our SPLA rep didn't really have answers) going to add other engines (Norton, Mcafee, and Avast if I remember) so that if you have a setup like the one described you don't have redundant spam filtering but I don't really know the details on when or even if that is coming, MS just said they were looking into it.

If you need some extra spam protection I highly recommend Logsat Spamfilter ISP. We switched our environment from GFI mail essentials for spam filtering and the difference is night and day.
Click to expand...

This is what I suspected and why I was thinking it would be a waste of time. Thanks for confirming. Couldn't find a definitive answer anywhere online.

I know TMG/FPE/Exchange Edge can all be run on one box these days but I still like to split off my Edge server on its own box.
 
You must log in or register to reply here.
Back
Top