This topic is designed to help the Forefront TMG administrator ensure uninterrupted connection to the Internet, in organizations where:

Uninterrupted Internet connectivity is enabled by the Forefront TMG ISP redundancy feature, as described in Enabling Internet Service Provider (ISP) redundancy.

ISP redundancy does not apply to traffic originating from Forefront TMG, except for traffic that is handled by the Web proxy filter.

The following sections describe:

Traffic distribution methods

You can configure Forefront TMG to distribute outbound traffic between two ISP connections by one of the following methods:

  • Load balancing with failover capabilities—High availability between the two connections, including the following capabilities:

    • Load balancing—Distribute traffic among the connections according to the ratio you define. For example, you can allocate 80% of traffic to one connection and the remaining 20% to the second connection.

    • Failover—If one connection becomes unavailable, traffic is handled by the other connection. Internet connection is uninterrupted and end users are unaffected.

    Use this option when you want to use both connections simultaneously.

  • Failover only—One connection is defined as the primary connection for all traffic, while the other connection serves only as the backup connection. If the primary connection becomes unavailable, traffic is routed to the backup connection and Internet service is uninterrupted.

    Use this option when you want to use the secondary connection only when the primary connection is unavailable.

Requirements for enabling ISP redundancy

Following are the requirements for enabling ISP redundancy in Forefront TMG:

  • All internal and perimeter networks connected to Forefront TMG must have a Network Address Translation (NAT) relationship with the default external network.

  • Each ISP connection must be configured with a unique IP subnet and a unique default gateway.

    Windows Server 2008 does not support multiple default gateways in DHCP-assigned links. If your ISPs support only DHCP-assigned addressing, you must manually add both default gateways to the routing table on Forefront TMG.
  • If you select to associate one or both ISP connections with a network adapter, the connections must be associated with the default external network adapter; you must not associate an ISP connection with any other external network. 

  • It is recommended that network offload processing configuration is identical on both the adapters that are connected to the ISPs. If the settings are not identical, network offload processing is disabled on both adapters.

Related Topics