Announcement

Collapse
No announcement yet.

Forefront TMG vs hardware firewalls

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Forefront TMG vs hardware firewalls

    Hello all,

    I am trying to make a comparison between different firewall solution. I need a setup that can handle a faillure of the uplink switches, the firewall itself, and the internet connection. Currently we are running a Cisco Layer 3 switch stack to connect to servers. This can handle a switch failure. We also have multiple internet connections and providers. The only question is the firewall.

    We need to handle about 1 Gb/s of firewall traffic and 500Mb/s of Site to Site VPN traffic.

    We would like to be able to control bandwidth, qos and routing based on the Active Directory groups.

    I think TMG can do this, probably a Palo Alto will also do this, but are there other options, or am a wrong in my assumptions.
    Currently TMG comes for free in our MS license, but we do not use it. A the moment we are using a ASA firewall.

    Thank you all for your input.
    gerth

    MCITP sa, ea & va, [email protected]

  • #2
    Re: Forefront TMG vs hardware firewalls

    Controlling bandwidth nor QOS are natively supported on TMG unless you want to call Diffserv QOS: http://technet.microsoft.com/en-us/l.../cc984470.aspx
    Route based on AD groups neither but you can control who are allows to go where using Firewall policies.
    Multiple ISP's can become tricky too. TMG supports 2 ISP's and that's it.

    If the ASA is doing its job, why replacing it?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Forefront TMG vs hardware firewalls

      ASA is doing fine, but has no routing based on AD group.
      gerth

      MCITP sa, ea & va, [email protected]

      Comment


      • #4
        Re: Forefront TMG vs hardware firewalls

        When you use RADIUS or TACACS it could work.
        Or setup TMG as a backend firewall.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment

        Working...
        X