1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TMG Alternative

Discussion in 'Software' started by Gav, Mar 3, 2013.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. Gav

    Gav Kilobyte Poster

    If you didn't know already, Microsoft have decided to discontinue their excellent Forefront TMG (previously ISA) server product. We use ISA/TMG heavily to publish large scale Exchange/SharePoint/Lync platforms, and it has always done the job perfectly. The decision is baffling, but it's very unlikely Microsoft is going to change its mind now.

    I was wondering, what do the good people of CF use to publish the aforementioned products to the internet? I'm aware of the alternatives, but have only ever personally used ISA/TMG.


  2. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    Question, do you really need to ditch TMG at the moment? MS will continue to support it until 2020 (mainstream 2015, extended 2020).

    I guess it really depends on what you actually use TMG for, we used it at our place as a firewall as well as publishing things like Exchange and Sharepoint (we don't have Lync). We now use a FortiGate-100D Network Security box that we got from our new ISP, it also handles our wireless access points.

    Well, I hope this will start to give you an idea...
    Last edited: Mar 3, 2013
    Certifications: CITP, PGDip, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: MSc in Tech Management
  3. Theprof

    Theprof Petabyte Poster Premium Member

    We use hardware appliances like F5 BigIP, they work as reverse proxy and load balancers... We use them with Exchange, Lync, and other third party products. I've used ISA/TMG in the past, but not enough to really play with them and see their full functionality.
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    Must admit I was like "WTF?" when microsoft did this. I spent lots of time getting my head around ISA and rolled it out for some big projects :(
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Office 365, Server 2016, CEH
  5. Gav

    Gav Kilobyte Poster

    We won't be ditching it just yet, but there are licensing implications which means we can't (easily) acquire additional licenses for it.

    I can only imagine they pulled it because of the difficulty in supporting it? There's pretty much nothing that a 'first line' response could cover, so calls would have to very quickly be passed to someone competent both in the product itself and 'networking' as a whole (i.e. someone quite expensive).

    We're currently looking at KEMP's range of virtual load balancers (The KEMP ESP). The interface has a 'basic but functional' feel, and their initial pre-sales support seems to be excellent, so they may be the solution we go for.

    It would be interesting to hear if anyone has had much experience with KEMP?

    The last set of load balancers we purchased (to publish POP/IMAP/SMTP) have proved to be unreliable. We have twelve in production, handling various levels of traffic, and they all seem to be extremely unreliable, they randomly stop responding (requiring a power cycle) for no apparent reason and occasionally lose their configuration altogether. Their support team also managed to cause a MSO, despite written confirmation that their support access would be read only... *sigh*

    - Gavin
  6. Shinigami

    Shinigami Megabyte Poster

    It wasn't a question of supporting it, but rather a question of aligning Microsoft to be a "security" company, or a "security focused" company. Apparently the first option didn't really play to Microsoft's favor and thus several 'Forefront' suites are being discontinued.

    Shame really, many customers are happy with TMG and the TMG pros in my team need to focus their experience on other technologies now. For those of us with home labs, TMG was also a good (free) alternative for us to publish Exchange or Lync in a secure manner. I can't see myself buying a Kemp or F5 to for my fiddling :(
    Certifications: MCSE, MCITP, MCDST, MOS, CIW, Comptia
    WIP: Win7/Lync2010/MCM

Share This Page