This topic is designed to help the Forefront TMG administrator ensure uninterrupted connection to the Internet, in organizations where:
- Forefront TMG is deployed at the network
edge, thus serving as the organization’s gateway to the
Internet.
- Connection to the Internet is provided by two
Internet Service Providers (ISPs).
Uninterrupted Internet connectivity is enabled by the Forefront TMG ISP redundancy feature, as described in Enabling Internet Service Provider (ISP) redundancy.
 Note: |
|---|
| ISP redundancy does not apply to traffic originating from Forefront TMG, except for traffic that is handled by the Web proxy filter. |
The following sections describe:
Traffic distribution methods
You can configure Forefront TMG to distribute outbound traffic between two ISP connections by one of the following methods:
- Load balancing with failover
capabilities—High availability between the two connections,
including the following capabilities:
- Load balancing—Distribute traffic among the
connections according to the ratio you define. For example, you can
allocate 80% of traffic to one connection and the remaining 20% to
the second connection.
- Failover—If one connection becomes
unavailable, traffic is handled by the other connection. Internet
connection is uninterrupted and end users are unaffected.
- Load balancing—Distribute traffic among the
connections according to the ratio you define. For example, you can
allocate 80% of traffic to one connection and the remaining 20% to
the second connection.
- Failover only—One connection is defined as
the primary connection for all traffic, while the other connection
serves only as the backup connection. If the primary connection
becomes unavailable, traffic is routed to the backup connection and
Internet service is uninterrupted.
Use this option when you want to use the secondary connection only when the primary connection is unavailable.
Requirements for enabling ISP redundancy
Following are the requirements for enabling ISP redundancy in Forefront TMG:
- All internal and perimeter networks connected
to Forefront TMG must have a Network Address Translation (NAT)
relationship with the default external network.
- Each ISP connection must be configured with a
unique IP subnet and a unique default gateway.
Note:Windows Server 2008 does not support multiple default gateways in DHCP-assigned links. If your ISPs support only DHCP-assigned addressing, you must manually add both default gateways to the routing table on Forefront TMG. - If you select to associate one or both ISP
connections with a network adapter, the connections must be
associated with the default external network adapter; you must not
associate an ISP connection with any other external
network.
- It is recommended that network offload
processing configuration is identical on both the adapters that are
connected to the ISPs. If the settings are not identical, network
offload processing is disabled on both adapters.