Network Load Balancing and TMG Firewall Clients

First, I have to say that I LOVE that Richard Hicks calls the “TMG Client” the TMG Firewall Client. There was absolutely no reason to change the name of the Firewall Client to the “TMG client”. If they wanted to change the name, they should have been technically honest and just renamed the client to it’s previous name, the “Winsock Proxy Client” and be done with it. But to rename the Firewall Client to TMG client just didn’t seem right.

Nice to see Richard continue to fight the good fight under the radar 🙂

Now to the main subject. Over the years there have been a lot of discussion on how to deal with load balancing for different client types. Well, the answer is always the same:

  • SecureNAT client fully support NLB for outbound connections
  • Web proxy clients can be configured to use a name that maps to a VIP
  • Firewall clients must be configured to use a specific DIP – you can balance the load using DNS round robin

Richard calls this out again in his blog post at  and he also includes some nice links to work Jim Harrison has done regarding the Firewall client.



MVP (Enterprise Security)
[email protected]

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top