On this blog yesterday I had a little fun with the ISA/TMG support team about a KB article on the limitations of the TMG MBE in hork mode (single NIC). I commented that this wasn't an option for the TMG MBE, since the EBS installer doesn't give you the hork mode option. Since then, I found out that it was probably me who got "slap happy"
Why? Because I was equating TMG MBE with TMG EBS. I thought they were the same. Well, they are the same, sort of. The TMG MBE is a standalone version of the TMG MBE while the TMG EBS is the TMG MBE that's included with the EBS product suite. So while the TMG MBE is the same regardless of whether or not it's part of the EBS product suite, the deployment of the firewall is different.
Or is it? It's true that the TMG EBS installer doesn't give you the option to install it in hork mode, but it's also true that you can break your EBS network security posture by reconfiguring it to a hork mode network configuration. I'm not sure if such a reconfiguration would break anything in terms of monitoring the EBS configuration, but the setup is entirely possible.
Thus, it looks like it was "my bad" on yesterday's post. :)
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING documentation | integration | virtualization
MVP — Forefront Edge Security (ISA/TMG/IAG)