Microsoft Forefront TMG ISP Redundancy Mode
Keep in mind that the information in this article are based on a beta version of Microsoft Forefront TMG and are subject to change.
A few months ago, Microsoft released Beta 3 of Microsoft Forefront TMG (Threat Management Gateway), which has a lot of new exiting features.
One of the great new features of Microsoft Forefront TMG is ISP Redundancy. With the help of this feature it is now possible to load balance the network traffic between two different ISPs (Internet Service Providers). One other configuration mode is the ability to configure Microsoft Forefront TMG for ISP Failover. In this case, Forefront TMG will use one ISP link as the primary connection, and if this link gets broken, TMG will automatically failover to the second configured ISP.
Configuration of ISP Redundancy
Let us start with the configuration of the ISP Redundancy Mode. Start the Forefront TMG Management Console, navigate to the Networking node and select the ISP Redundancy tab and in the Task pane click Configure ISP Redundancy.
Figure 1: ISP Redundancy window
The ISP Redundancy Wizard gets started and will guide you through the configuration process.
Figure 2: ISP Redundancy Configuration Wizard
First you have to choose between two modes for the ISP Redundancy behavior.
- ISP Load Balancing
- ISP Failover
ISP Load Balancing is used to balance the network traffic between the two configured ISP links.
ISP Failover is used to provide an alternative method for a connection to the Internet if the primary ISP link is down due to problems or maintenance reasons. ISP Failover is s great feature for small and medium sized businesses with a simplier network infrastructure which wants to provide failover capabilities for two ISP links. The primary ISP link is often the fastest and cheaper connection and when this connection becomes unavailable TMG will failover to the backup ISP.
Figure 3: Select ISP Redundancy Behavior
ISP Load Balancing
In our first example we chose Load Balancing between two ISP links. You must specify the Network Adapter used for the ISP. First select a name for the ISP and the network adapter which is used to connect to that ISP.
Figure 4: Select Network Adapters for ISP Redundancy
After selecting the first ISP link, the following configuration dialog allows us to configure ISP connection properties like the Gateway IP address and the DNS Server used by this connection.
Figure 5: Connection Properties of ISP
The TMG wizard automatically creates TMG computer objects which can be used as a list of Servers which should route through this ISP.
Figure 6: ISP DNS Server properties
After the configuration of the first ISP has finished you have to configure the second ISP in the same manner as the first ISP. After both ISP connections are configured, you have the choice to balance the load between the two configured ISP. If your ISP bandwidth is the same for both links, what is normally done is to configure an even load between both ISPs. If one ISP has a lower bandwidth than the other ISP, move the slider to set the percentage of traffic this ISP link should handle.
Figure 7: ISP Load Balancing Factor
Click Finish to end the ISP configuration wizard and after that click Apply to save the configuration changes.
Monitor ISP Redundancy
Microsoft Forefront TMG has some capabilities to monitor the ISP Redundancy feature. If you want to see the load and the status of each configured ISP, you can use the Dashboard of the Microsoft Forefront TMG Management Console. The Dashboard function allows you to see the uptime of each ISP and the actually transmitted Bytes per second through each ISP link as you can see in the following screenshot.
Figure 8: Monitoring ISP Redundancy
After successfully configuring the ISP Load Balancing feature, I will now show you how to configure the ISP failover feature of Forefront TMG. To change the TMG behavior from Load Balancing to Failover, click the ISP Failover link in the task pane of the ISP Redundancy feature tab.
Figure 9: Display ISP Redundancy Mode
ISP Connection Test
The ISP Redundancy configuration has also the option of simulating a broken link or forcing Forefront TMG to mark another ISP connection as active. This can be useful for simulating a broken link or to test the functionality.
Figure 10: ISP Failover Connection Role
It is possible to choose between three Test options:
- Always On
- Always Off
Figure 11: ISP Load Balancing Ratio
ISP Failover Alerting
Microsoft Forefront TMG has some builtin capabilities for alerting the TMG Administrator if there are any problems with the ISP Redundancy feature. TMG comes with five new alert options which are:
- ISP link is available – Monitors when the ISP link is (again) available
- ISP Link address missing – No IP address is configured on a network adapter of the TMG Server which can be associated with the ISP Link
- ISP Link is active – This alert is triggered when an ISP link is active and network traffic passes through this adapter
- ISP Link is unavailable – Alerts when the ISP link is unavailable or not connected
- Both ISP Links are unavailable – Both ISP links are unavailable and unusable
If one condition reachs this status the Forefront TMG Administrator has many options to get informtion by sending an e-mail or a network message. It is also possible to execute custom commands or to start/stop/restart some services.
Figure 12: ISP Load Balancing / Failover alerting
In this article, I tried to show you how to configure Microsoft Forefront TMG for ISP Load Balancing to failover between different ISPs. This new feature is excellent for small and medium business who want to share multiple ISP connections or want to have a way of failover between a primary and most powerful ISP link and a lower bandwidth link for backup purposes.
- Forefront Threat Management Gateway Beta 3
- Forefront TMG Beta 3 is released
- What’s new in Forefront TMG Beta 2 (Part 1)
- Installing and configuring Microsoft Forefront TMG Beta 2
- Keeping High Availability with Forefront TMG’s ISP Redundancy Feature
- Forefront TMG Feature Deepdive – ISP Redundancy