TMG 2010 ISP Redundancy Fail Over Guide

Scenario: I have 2 WAN Internet Connections, and I want that if primary link fails (or looses its connectivity with the ISP/internet)TMG should automatically switch over to secondary link, and when primary link gets back online, TMG should switch back to Primary Link.

But first let’s discuss some theoretical introduction of TMG new feature called ISP Redundancy

Forefront TMG 2010 is the latest proxy/firewall server from Microsoft. It have many new exciting features which makes it very good , reliable and rich feature application.

One of the greatest (and most demanding) new features of Microsoft Forefront TMG is ISP Redundancy. With the help of this feature it is now possible to load balance the network traffic between two different ISPs . One other configuration mode is the ability to configure Microsoft Forefront TMG for ISP Failover (Which is discussed later in this article). In this case, Forefront TMG will use oneISP link as the primary connection, and if this link gets broken, TMG will automatically failover to the second configured ISP.

ISP redundancy feature utilizes multiple ISP links and provide high-availability with load balancing and failover or just failover capability to the corporate Internet. The common functionality of ISP redundancy are:

•     Designate primary and secondary link for internet connections
•     Balance traffic load based on percentage of total traffic per link
•     Automatic fail over to secondary link if primary link fails

Ok Let’s Start 

Requirements:

1) Two Separate WAN connections connected with TMG , both should be fully configured with there respective IP , gateway and DNS.

2) Static Route defined via ip route command for ISP’s DNS Server (Or any other WAN IP, to let TMG decide if the specific link unable to reach isp dns or any other wan ip defined)

In this example , we have 3 Interfaces card in TMG as following

LAN = Connected with Users Switch
WAN1 = PTCL DSL Link (Primary)
WAN2 = FIBER Optics Backup Link (Secondary)

(As shown in the image below . . .)

Open TMG console,
Goto Networking  >> ISP Redundancy
and click on Configure ISP Redundancy

(As shown in the image below . . .)

In the below example, I am using FAILOVER only mode, (But you can select Load balancing with failover capability, you can also change the mode later)

Now type the ISP1 name and select the Network adapter (After selecting the network adapter , Subnet field will auto fill up )

In next screen, it will show you the ISP1 ip scheming info like gateway , subnet , dns etc

Now type the ISP2 name and select the Network adapter (After selecting the network adapter , Subnet field will auto fill up )

In next screen, it will show you the ISP1 ip scheming info like gateway , subnet , dns etc

Now it will ask you which ISP link will act as PRIMARY ISP Connection, select your desired link

All done, It will show the final config on your screen, just select FINISH.

Now the Important Part. We Must add static route to tell TMG via route that if specific WAN link looses its connectivity , it should switch over to secondary link.

First you have to see what network interface have which code, this code will be used in route command to tell which interface rule would be applied.

open command prompt on TMG, and type
ROUTE PRINT

Now Open Network Connections , and take properties of your First ISP Interface Adapter. and you will see the interface name, like below

Now check in the route PRINT command and find the number of your first isp interface card number which name is “Microsoft Virtual Machine Bus Network Adapter #2” which in this example is 12 (it is showed in starting)

Repeat the above step and find the number of secondary ISP link, which in this example is 29

Now issue following command To add a persistent static route

route -p ADD 221.132.112.8 MASK 255.255.255.255 192.168.30.1 METRIC 1 IF 12
route -p ADD 221.132.112.9 MASK 255.255.255.255 192.168.20.1 METRIC 2 IF 29

the above command will tell TMG to go through Specific link for DNS Server status, so if primary link looses it connectivity with the internet(connectivity with the 221.132.112.8 via ISP1, ) it will switch over to ISP2 , it will periodically check primary link connectivity, as soon it restores, it will switch back to primary link.

ROUTE Command Syntax

route [-p] ADD [destination] MASK [netmask] [gateway] METRIC [metric] IF [interface]

• P—-Makes the route persistent
• METRIC---specifies the priority for this route. the route with the lowest metric has the highest priority.
• IF---Specifies the interface number

TIP:

Howto Bind User to Go through Specific Link Only in TMG

If you want to bind specific user or group to go through specific link only,use the following logic

# First create user/ip/ip range entry in FIREWALL POLICY > TOOL BOX / NETWORK OBJECTS  >> computer / computer sets or address range

# Then goto  NETWORKING / NETWORK RULES and create new NETWORK RULE with following data

Network Name Rule : WAN2 Users
FROM: Your Specific Computer IP / User / IP Range
TO : External
Network Relationship : Network Address Translator (NAT)
NAT Address Selection : Use the Specified IP and then select your desired WAN link ip
Click FINISH and APPLY.

Note: As shown in the images below

Now hit APPLY button to make changes.

To test, Goto your client, and open http://www.whatismyip.com
It will show you new ip of secondary link. 

BEFORE NETWORK RULE:  User request is routing through Default First WAN link (PTCL).

AFTER NETWORK RULE:  User request is now routing through second WAN link (FIBER).

Some Considerations and Info

To determine the availability of a particular ISP connection, TMG performs dead link detection by randomly polling one of the thirteen Internet root DNS servers on TCP port 53 (when TMG is deployed as a back firewall, make certain that TCP port 53 is open to the Internet). If the selected root DNS server responds, TMG considers the connection available. If it does not respond, TMG will poll additional root DNS servers at one minute intervals. If no replies are received after three consecutive attempts, TMG considers the connection unavailable and raises an alert. Once TMG identifies a connection as unavailable, it will wait for five minutes before attempting to poll again. Once it receives a response, TMG will continue polling at one minute intervals. When three consecutive responses have been received, TMG will consider the connection available.

In the default setting, TMG checks the status of the ISP link by trying to establish a TCP connection on port 53 (DNS zone transfer) to a list* of root DNS server on a round robin basis. If a connection can be established, TMG will consider the link active.

* Default destination addresses in TMG RC:
192.58.128.30,193.0.14.129,198.32.64.12,202.12.27.33,198.41.0.4,192.228.79.201,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17

TMG will wait at least 3 minutes until a link is considered down

•  A link will be considered down for at least 7 minutes (min failed time with 300 seconds + 2x OK interval with 60 seconds each)
• A link has to be stable for at least 3 minutes once TMG will bring the link up again.

You can modify those default values by using VBS Script (mentioned in the below links)

I took help from following websites for this article , I copied some text from following websites for general information. You can find Some Good Reference for more detailed and step by step guides.

http://www.isaserver.org/tutorials/Exploring-ISP-Redundancy-Forefront-Threat-Management-Gateway-TMG-2010.html
http://www.isaserver.org/tutorials/microsoft-forefront-tmg-isp-redundancy-mode.html
http://microsoftguru.com.au/2011/04/26/ff-tmg-2010-configure-isp-redundancy-step-by-step/

adobe photoshop 7.0 with serial key

WINDOWS XP INSTALLATION STEP BY STEP WITH SCREEN SHOTS

WINDOWS XP INSTALLATION STEP BY STEP WITH SCREEN SHOTS

IN A PREVIOUS POST WE HAVE COME TO KNOW HOW TO INSTALL WINDOWS 7.
IN THIS POST WE LEARN HOW TO INSTALL WINDOWS XP IN A COMPUTER.

SO FIRST OF ALL INSERT THE WIN XP CD INTO THE CD ROM AND BOOT YOUR COMPUTER FROM CD ROM.
THE FOLLOWING SCREEN APPEAR


HOLD ON FOR SOME TIME WHEN THE FOLLOWING SCREEN APPEAR PRESS THE ENTER KEY.


ON THE NEXT SCREEN LICENCE AFREEMENT APPEAR PRESS F8 KEY TO ACCEPT IT.


TO CREATE PARTITION ON THE NEXT PAGE FIRST DELETE ALL PARTITION BY PRESSING D KEY AND THEN ENTER ONE BY ONE.


THEN PRESS C KEY TO CREATE PARTITION AND SELECT THE PARTITION SIZE.
CREATE AS MANY AS PARTITION YOU WANT.


THEN SELECT A PARTITION TO INSTALL WIN XP IN IT AND PRESS ENTER
CHOOSE A FILE SYSTEM TO FORMAT THE DRIVE.

WAIT FOR SOME TIME THE SETUP COPY FILES INTO THE DRIVE AND THEN SYSTEM WILL RESTART AFTER COPY PROCESS WILL COMPLETE.

KEEP BOOTING SYSTEM FROM HARD DISK. WIN XP INSTALLATION PROCESS WILL START.

WHEN 32 MINUTES REMAINING IN SETUP IT ASK FOR SYSTEM NAME, PRODUCT KEY AND TIME ZONE. AND AFTER 3 MINTUES IT ASK FOR WORKGROUP SETTING. PROVIDE THE REQUIRED INFO AND PRESS NEXT OR ENTER KEY.






AFTER THAT WIN XP INSTALLATION PROCESS GO ON.

WHEN INSTALLATION COMPLETES SYSTEM WILL RESTART.

Accept Automatic Display Settings Adjustment

After the Windows XP start up splash screen appeared in the last step, a window titled Display Settings will appear.

Click OK to allow Windows XP to automatically adjust the screen resolution.

Begin Final Set Up of Windows XP

The Welcome to Microsoft Windows screen appears next, informing you that the next few minutes will be spent setting up your computer.

Click Next ->.

Wait for Internet Connectivity Check

The Checking your Internet connectivity screen appears next, informing you that Windows is checking to see if your computer is connected to the Internet.

If you'd like to skip this step, click Skip ->.

 Choose an Internet Connection Method

In this step, Windows XP wants to know whether your computer connects to the Internet through a network or if it connects to the Internet directly.

If you have high speed internet like DSL or Cable Internet and are using a router or if you're on a home or business network, choose Yes, this computer will connect through a local area network or home network.

If you are connecting directly to the Internet via a modem (dial-up or broadband like DSL or Cable), choose No, this computer will connect directly to the Internet.

Windows XP will see most modern Internet connection setups, even those involving only a single PC, as on a network so the first option is probably the most likely choice for most users. If you're really not sure though, choose No, this computer will connect directly to the Internet or click Skip ->.

After making a choice, click Next ->.

Optionally Register Windows XP with Microsoft

Registration with Microsoft is optional, but if you'd like to do that now, choose Yes, I'd like to register with Microsoft now, click Next -> and follow the instructions to register.

Otherwise, choose No, not at this time and click Next ->.

Create Initial User Accounts

In this step, setup wants to know the names of the users who will use Windows XP so it can setup individual accounts for each user. You must enter at least one name but can enter up to 5 here. More users can be entered from within Windows XP after installation is complete.

After entering the account name(s), click Next -> to continue.

Finish Final Setup of Windows XP

We're almost there! All of the necessary files are installed and all of the necessary settings are configured.

Click Finish -> to proceed to Windows XP.

NOW WIN INSTALLATION PROCESS COMPLETED.
DESKTOP WILL APPEAR AFTER THIS.

WIN 7 Installation

WIN 7 Installation

~*Windows Seven*~

This is a step-by-step guide to installing a fresh copy of Windows 7. It includes screenshots of all the major elements and specific instructions on what choices to make when asked. This is as easy as it gets. If you want to install a fresh copy of Windows 7 and are looking for a step-by-step guide, complete with screenshots, you’re in the right place. Many Windows users have been waiting for Windows 7 for a while now but not everyone welcomes the installation process, however easy it may seem. So here is a step-by-step walkthrough of the installation process complete with descriptions of each step and screenshots so you can keep your bearings during the installation.


Step 1: Boot the computer from the Windows 7 installation DVD of your choice. Picking either the 32bit or 64bit depends on whether your hardware can support 

Step 2: Press any key when prompted.

Step 3 : Choose your preferred language from the drop-down menu.

Step 4: Click on the Install Now button unless you want to explore the other options.

Step 5: Check “I accept the license terms” box.

Step 6: Select the Custom (advanced) install option. The upgrade path is for those who want to upgrade an existing copy of Windows. You are of course free to do this, but it is much better to install a fresh copy, especially if using Windows 7 for the first time.

Step 7: So this is what you get after you click Custom on the previous screen. I suppose this could be a little confusing for the non geek installer, especially if there is a list of multiple partitions. Though by now I'm sure a lot of casual users have gotten somewhat of a grasp on what a hard drive is. I hope so anyway. I didn't go to the Advanced tab to do any partitioning or formatting, as I had one partition on this test I just clicked next.

Step 8: Alright, let the installation begin! Here setup copies archives over for extraction and installation on the hard drive.Step 9:The files copied over pretty fast, now on to the extraction process. This didn't take long at all, about 6 minutes.Step 10: OK, so files were extracted, now setup needs a restart to continue. No big deal, this part of the process went by quickly. Cue the boot images from the start of this blog.Step 11: OK, so here we are, after the reboot and right back at it. Windows 7 starts services to continue installation.Step 12: A quick glance back over to Windows 7's installation progress bar. I think really just to see the "Completing Installation" text. Cute.Step 13: Alright, if my new Windows 7 wants a restart before it shows me my desktop goodness, then a restart it gets! Cue the boot screen shots again...

Step 14: Right to action! I love it, at this point I can almost feel Windows 7 running through all 4GB of RAM and both cores. So here we go, lets pick a username! (and password if you want, Windows 7 is good like that)Step 15: A change from Vista, here on the Windows 7 installation it asks for the product after Windows is installed, for both systems though you can hit next without putting in a product key, this will install Windows 7 in a 30 day trial mode.Step 16: It's always good to set the clock! Windows 7 needs to know what time it is! You can really leave this as anything, just set your time zone and date. Once Windows 7 loads you can click on the clock and update from the Internet. Though I'm sure most people have previously set the time on their PCs, so Windows 7 should have that here already - just might need to change the timezone.Step 17: Picking the network location. Just as in Windows Vista, Windows 7 wants to know where you are, this determines how the OS will set file sharing and network discovery settings.Step 18: And here Windows 7 sets those settings for file sharing and network discovery. If you can remember the misery of setting up a network adapter in Windows 3.x or Windows 95, you might get a feeling of satisfaction at this screen. I know I did.Step 19: Cool new feature for a Home group. This feels like setting up a Media Extender. I like the idea, even more security for your networked files, and with an 1-2-3 setup like just entering a network code in to Windows 7 to automatically join together it's even easier than setting up Windows shares and editing network properties, like a workgroup.Step 20: At this point - I can taste it! It just feels like it's almost done and I can't wait. Windows 7 here we come!Step 21: Yes, Windows 7 welcomes me! I can feel it, I'm only seconds away from my full glory of Windows 7 beta 1 installed and running!Step 22: Nice, Thanks Windows 7 - I always like having a nice prepared desktop! (Curious though, as after Vista they did away with all the desktop icons - though most OEMs put them back. Really folks, try to get rid of the icons, you're using your desktop and don't need to minimize a window to get to something you access from the start menu - think intuitively)Step 23: And I'm in! Windows 7 sets up a few things super fast and...Final Step: My Windows 7 beta 1 desktop is here! Ready to go! Overall a pretty easy installation really. This would be a breeze to walk someone over the phone with, and most some-what savvy computer people can surely do this on their own. I didn't need any special computer knowledge, or really any knowledge beyond reading to understand this. A good installation in my book, even installing Linux these days is just as simple, as is OS X.