Microsoft Forefront TMG ISP Redundancy Mode

by [Published on 15 Sept. 2009 / Last Updated on 20 May 2013]

How to use the Internet Service Provider (ISP) Load Balancing feature in Microsoft Forefront TMG.

Note:
Keep in mind that the information in this article are based on a beta version of Microsoft Forefront TMG and are subject to change.

Introduction

A few months ago, Microsoft released Beta 3 of Microsoft Forefront TMG (Threat Management Gateway), which has a lot of new exiting features.

One of the great new features of Microsoft Forefront TMG is ISP Redundancy. With the help of this feature it is now possible to load balance the network traffic between two different ISPs (Internet Service Providers). One other configuration mode is the ability to configure Microsoft Forefront TMG for ISP Failover. In this case, Forefront TMG will use one ISP link as the primary connection, and if this link gets broken, TMG will automatically failover to the second configured ISP.


Get your copy of the German language "Microsoft ISA Server 2006 - Das Handbuch"

Configuration of ISP Redundancy

Let us start with the configuration of the ISP Redundancy Mode. Start the Forefront TMG Management Console, navigate to the Networking node and select the ISP Redundancy tab and in the Task pane click Configure ISP Redundancy.


Figure 1: ISP Redundancy window

The ISP Redundancy Wizard gets started and will guide you through the configuration process.


Figure 2: ISP Redundancy Configuration Wizard

First you have to choose between two modes for the ISP Redundancy behavior.

  • ISP Load Balancing
  • ISP Failover

ISP Load Balancing is used to balance the network traffic between the two configured ISP links.

ISP Failover is used to provide an alternative method for a connection to the Internet if the primary ISP link is down due to problems or maintenance reasons. ISP Failover is s great feature for small and medium sized businesses with a simplier network infrastructure which wants to provide failover capabilities for two ISP links. The primary ISP link is often the fastest and cheaper connection and when this connection becomes unavailable TMG will failover to the backup ISP.


Figure 3: Select ISP Redundancy Behavior

ISP Load Balancing

In our first example we chose Load Balancing between two ISP links. You must specify the Network Adapter used for the ISP. First select a name for the ISP and the network adapter which is used to connect to that ISP.


Figure 4: Select Network Adapters for ISP Redundancy

After selecting the first ISP link, the following configuration dialog allows us to configure ISP connection properties like the Gateway IP address and the DNS Server used by this connection.


Figure 5: Connection Properties of ISP

The TMG wizard automatically creates TMG computer objects which can be used as a list of Servers which should route through this ISP.


Figure 6: ISP DNS Server properties

After the configuration of the first ISP has finished you have to configure the second ISP in the same manner as the first ISP. After both ISP connections are configured, you have the choice to balance the load between the two configured ISP. If your ISP bandwidth is the same for both links, what is normally done is to configure an even load between both ISPs. If one ISP has a lower bandwidth than the other ISP, move the slider to set the percentage of traffic this ISP link should handle.


Figure 7: ISP Load Balancing Factor

Click Finish to end the ISP configuration wizard and after that click Apply to save the configuration changes.

Monitor ISP Redundancy

Microsoft Forefront TMG has some capabilities to monitor the ISP Redundancy feature. If you want to see the load and the status of each configured ISP, you can use the Dashboard of the Microsoft Forefront TMG Management Console. The Dashboard function allows you to see the uptime of each ISP and the actually transmitted Bytes per second through each ISP link as you can see in the following screenshot.


Figure 8: Monitoring ISP Redundancy

ISP Failover

After successfully configuring the ISP Load Balancing feature, I will now show you how to configure the ISP failover feature of Forefront TMG. To change the TMG behavior from Load Balancing to Failover, click the ISP Failover link in the task pane of the ISP Redundancy feature tab.


Figure 9: Display ISP Redundancy Mode

ISP Connection Test

The ISP Redundancy configuration has also the option of simulating a broken link or forcing Forefront TMG to mark another ISP connection as active. This can be useful for simulating a broken link or to test the functionality.


Figure 10: ISP Failover Connection Role

It is possible to choose between three Test options:

  • Automatic
  • Always On
  • Always Off


Figure 11: ISP Load Balancing Ratio

ISP Failover Alerting

Microsoft Forefront TMG has some builtin capabilities for alerting the TMG Administrator if there are any problems with the ISP Redundancy feature. TMG comes with five new alert options which are:

  • ISP link is available – Monitors when the ISP link is (again) available
  • ISP Link address missing – No IP address is configured on a network adapter of the TMG Server which can be associated with the ISP Link
  • ISP Link is active – This alert is triggered when an ISP link is active and network traffic passes through this adapter
  • ISP Link is unavailable – Alerts when the ISP link is unavailable or not connected
  • Both ISP Links are unavailable – Both ISP links are unavailable and unusable

If one condition reachs this status the Forefront TMG Administrator has many options to get informtion by sending an e-mail or a network message. It is also possible to execute custom commands or to start/stop/restart some services.


Figure 12: ISP Load Balancing / Failover alerting

Conclusion

In this article, I tried to show you how to configure Microsoft Forefront TMG for ISP Load Balancing to failover between different ISPs. This new feature is excellent for small and medium business who want to share multiple ISP connections or want to have a way of failover between a primary and most powerful ISP link and a lower bandwidth link for backup purposes.

Related links

The Author — Marc Grote

Marc Grote avatar

Marc Grote is an MCSA/MCSE Messaging & Security, MCSE Private Cloud and Server Virtualization, an MCTS/MCITP and a Microsoft Certified Trainer and MCLC. He is a freelance Consultant and IT Trainer in the north of Germany near Hanover. He specializes in System Center, TMG/UAG Server, Exchange, Security for Windows Server 2012 R2 and Windows Server 2012 R2 designs, migrations and implementations. His efforts have earned him recognition as a Microsoft MVP for ISA Server since 2004 until 2014. Starting in 2014 he has been awarded as an MVP for Hyper-V.

Latest Contributions

Featured Links