Publish Exchange 2010 with TMG (cont)

Walkthrough on publishing all roles through TMG. (Part 4/4 SMTP)

This assumes:

  1. you have a MX record pointed to a name that points to the external IP of your TMG
  2. You have already configure your exchange to allow anonymous access on the receive connector

Configure SMTP rule on TMG

  1. Open Forefront TMG
  2. Click on  image_thumb51_thumb1[1]
  3. In the Action Pane under Task click image
  4. image
  5. image
  6. Enter your Transport Server internal IP
  7. image
  8. image
  9. image
  10. You should now be able to send mail through your TMG to your Exchange.

Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) Series:

1. OWA
2. EWS\Outlook anywhere
3. Active sync


13 thoughts on “Publish Exchange 2010 with TMG (cont)

  1. Pingback: Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) « Troubleshooting Exchange

  2. Pingback: Publish Exchange 2010 with TMG (cont) « Troubleshooting Exchange

  3. Hi,

    Nice step by step howto here.

    Would you have the same for a back to back TMG config.

    I’m looking for that since Exchange 2010 is available but cannot find any. My server can send and receive emails but OWA nor ActiveSync are working since the Exchange 2007/ISA 2006 to Exchange 2010/TMG migration.


    • So you would like a walkthrough on a config like
      Excha2010 -> TMG-BE->TMG-FE->internet ?

      yeah I can work on that and get it out, probably wont have it done this week but I can publish that.

  4. Hi,

    Yes, that’s exactly it.

    Publishing Rules and Authentications for the rules, the listeners and IIS if you don’t mind.

    On a side note, I noticed that you have two listeners with a different authentication.

    With B2B ISA 2006/Exchange 2k7, I used to have only one listener per firewall.
    Is that a TMG change or Exchange 2010?

    Finally, I have only one public address, is that not going to be an issue if 2 listeners have to be used? Obviously, I need to add an external NIC so I guess the routing has to be changed on TMG as well…

    Thanks for your upcomming howto.


    • The 2 listeners are for the purpose of having 2 authentication methods, if you are content to use basic auth then 1 listener is adiquate.

      If you want multiple auth methods you need multiple listeners an IPs to go with it

      I will get that posted as soon as i can. Cheers

  5. I have been out of pocket this last week, I will get started on this next module next week (no promise on compleation, I do still have to do my day job 😉 but I will get started)

  6. Pingback: Walkthrough Series: Threat Management Gateway Exchange publishing « Troubleshooting Exchange

  7. If you are using multiple IP’s at the perimeter, how are you setting up DNS or getting traffic routed to two different IPs for owa on one and OA/EAS on the other?
    I assume autodiscover would use the same listener as OA/EAS?

    • Its all about name space, example for autodiscover, activesync and ewe you can use a or and then use webmail or for owa.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s