Hi everyone, this may have been asked before but I'm searching for this for a couple of hours and could not find a good answer.
My TMG and all servers are virtual and setup is like this:
Virtual Servers (Internal, 10.0.1.x/24) - VLAN2 ------- Hyper-v Host Virtual Switch ------- Physical Switch ------- TMG Int ------- TMG Ext ------- Internet
Virtual Clients (Internal, 10.0.0.x/24) - VLAN3 -------
I have IPv4 Routing in the switch for routing between VLAN2 and VLAN3. The servers and clients gateway are set to the physical switch.This works fine so far. I think currently the communication in the internal side is done without reaching the TMG, only
on the physical switch itself.I can tell this because when I start tracing in TMG, I only see the internet access from internal side, not any DHCP or DNS or any internal related requests.
1. Now the question is, in documents, it says to set the gateways as TMG Internal IP which makes them SecureNAT clients. If I set the gateways to TMG Internal IP, will all the internal traffic routed on the TMG server, thus leaving my IPv4
Routing on the switch redundant? Also I think I will need a bunch of rules for internal AD infrastructure to work like DNS, DHCP etc..
2. Second question is, in general if I set a servers gateway to the TMG leg, will all its communication go through the TMG like its connected to a router? Or is the TMG just a police officer here, checking the rules and if allowed, form a direct connection between the target and destination, then step aside? Can it connect two physically isolated networks like a router, or do I still need a physical direct access between the two networks?
3. Can I set the internal sides gateways to the switch (to get rid of creating infrastructure rules), and any isolated network, like a DMZ leg servers gateway to the appropriate TMG IP? Does a hybrid config like this work when accessing
between DMZ & Internal?
Thank you for your comments.
