| Author |
 Topic  |
|
|
Seth
Seasoned But Casual Onlooker
34 Posts
Status: offline |
 Posted - 06/20/2012 : 10:36:56 AM
|
We were planning on moving to TMG from ISA2004. Since it's being discontinued we are now looking for other options.
How are folks publishing OWA now that TMG is going away? in the past I always heard ISA was the only way to do it securely. Have things changed?
|
Edited by - Seth on 06/20/2012 1:41:34 PM |
|
|
ledson
Major Contributor
USA
1196 Posts
Status: offline |
|
|
Seth
Seasoned But Casual Onlooker
34 Posts
Status: offline |
Posted - 06/20/2012 : 12:45:38 PM
|
I didn't realize the extended support ran that long. Still development has stopped on the product if I'm not mistaken. And folks aren't really too happy with ISA in our environment.
Are there other fairly secure alternatives out there? What about using something like a Cisco ASA? one of the Barracuda WAF's? Forms based authentication with a hole through the firewall? |
 |
|
|
Jazzy
Administrator
Netherlands
1929 Posts
Status: offline |
Posted - 06/20/2012 : 2:37:51 PM
|
| TMG is great for Exchange and is the only product which can do pre-authentication and stuff. Upgrading from 2004 to TMG is easy so you can enjoy this great product for five or six years again. |
Jetze Mellema
Exchange specialist
Former MVP (2005-2012)
My blog: http://jetzemellema.blogspot.com (Dutch)
My company: http://www.imara-ict.nl/ |
|
|
|
aval
Honorable But Hopeless Addict
USA
3273 Posts
Status: offline |
Posted - 06/21/2012 : 1:45:10 PM
|
I searched far and wide for an alternative method of publishing OWA (other than ISA/TMG) and did not find one.
Did I just miss it?
Contrary to Seth, I would like to replace our current firewall with TMG but the future of this product does inspire some concern.
I understand that more and more mail will be hosted - Exchange Online for example - but even so, there'll probably always be onsite implementations of Exchange and best practice is to publish services (OWA first and foremost) rather than allow direct access to the mail server.
And wouldn't even hosted Exchange use a reverse proxy?
Otherwise, has the decision to discontinue TMG been made? Last I heard it ahd not been decided.
Regardless, I understand UAG will not be discontinued.
Would that be an option?
Seth: in what respect is ISA disappointing your users?
|
|
|
|
aval
Honorable But Hopeless Addict
USA
3273 Posts
Status: offline |
|
|
Jazzy
Administrator
Netherlands
1929 Posts
Status: offline |
Posted - 06/22/2012 : 03:35:29 AM
|
Those articles are talking about the positioning of both products in the market. Microsoft would like customers to use TMG for outbound and UAG for inbound connections. I would love to read where Microsoft recommends not to use TMG for publishing Exchange webservices.
The Exchange Team, more specific Greg Taylor, published a whitepaper "Publishing Exchange Server 2010 with Forefront" which describes the advantages and disadvantages of both solutions and also explains how to configure them. Download the whitepaper here: http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8946
Just to be clear, both TMG and UAG ar fully supported for publishing Exchange webservices. |
Jetze Mellema
Exchange specialist
Former MVP (2005-2012)
My blog: http://jetzemellema.blogspot.com (Dutch)
My company: http://www.imara-ict.nl/ |
|
|
|
Playwell
Honorable But Hopeless Addict
Netherlands
4819 Posts
Status: online |
Posted - 06/22/2012 : 03:41:03 AM
|
| In hindsight it seems logical David, but it's kind of an eyeopener for me. |
'People who think they know everything are a great annoyance to those of us who do. '
Quote by Isaac Asimov
|
|
|
|
JamesNT
Moderator
USA
3150 Posts
Status: offline |
|
|
Jazzy
Administrator
Netherlands
1929 Posts
Status: offline |
Posted - 06/26/2012 : 2:16:03 PM
|
| James, what are the capabilities of the Juniper for reverse proxying Exchange workloads? I looked around a bit and it seems like there's almost nothing an SRX can do for Exchange. |
Jetze Mellema
Exchange specialist
Former MVP (2005-2012)
My blog: http://jetzemellema.blogspot.com (Dutch)
My company: http://www.imara-ict.nl/ |
Edited by - Jazzy on 06/26/2012 2:20:20 PM |
|
|
|
JamesNT
Moderator
USA
3150 Posts
Status: offline |
Posted - 06/26/2012 : 9:19:28 PM
|
Reverse proxy is not yet supported on the SRX Branch series, only on the datacenter series.
JamesNT |
James Summerlin
www.jamessummerlin.com |
|
|
|
Jazzy
Administrator
Netherlands
1929 Posts
Status: offline |
|
|
JamesNT
Moderator
USA
3150 Posts
Status: offline |
Posted - 06/27/2012 : 3:32:29 PM
|
Yeah, you're right. We don't reverse proxy publish our OWA and haven't seen much of a need to. But I can see where others may wish to do so.
JamesNT |
James Summerlin
www.jamessummerlin.com |
|
|
|
JamesNT
Moderator
USA
3150 Posts
Status: offline |
Posted - 06/27/2012 : 3:34:29 PM
|
Seth,
One other thing to consider: TMG does not do IPv6. Before spending some serious cash on a TMG license, a Windows license, and a new server to run it all for the next 5 + years, you may wish to speak to your ISP about their IP migration plans.
JamesNT |
James Summerlin
www.jamessummerlin.com |
|
|
|
JSCLMEDAVE
Administrator
USA
6115 Posts
Status: online |
Posted - 06/27/2012 : 4:56:23 PM
|
| I heard some grumbling from some tech's at the Las Colinas campus that TMG may not be updated and could be dropped as a product... |
Tim-
“This too shall pass" |
|
|
|
JamesNT
Moderator
USA
3150 Posts
Status: offline |
Posted - 06/27/2012 : 9:49:14 PM
|
That rumor has been going around for a while now.
JamesNT |
James Summerlin
www.jamessummerlin.com |
|
|
|
JSCLMEDAVE
Administrator
USA
6115 Posts
Status: online |
Posted - 06/27/2012 : 10:03:12 PM
|
quote:
Originally posted by JamesNT
That rumor has been going around for a while now.
JamesNT
Well the team that is supporting it is getting a little tired of supporting it and not getting any love from the mother-ship . |
Tim-
“This too shall pass" |
|
|
|
JamesNT
Moderator
USA
3150 Posts
Status: offline |
Posted - 06/27/2012 : 10:47:53 PM
|
Products that are about to see sunset rarely get any love.
JamesNT |
James Summerlin
www.jamessummerlin.com |
|
|
| |
Topic |
|
ISA/TMG alternatives
