Loadbalancing an internal webserver behind two Microsoft TMG 2010 servers at layer4 using DR mode

We were looking at Microsoft’s new TMG server and loadbalancing and after a search of the web found there was not really any Guide on how to loadbalance incoming web connections via two TMG servers to an internal NAT’ed web sever at layer4.
The TMG servers are effectivley acting as WAFs (Web Application Firewalls) for the incomming traffic.
They require the traffic to be transparent (so they can inspect the client source IP address), so layer 4  DR mode is a logical choice.

The main problems were getting the required loopback adapter on the TMG servers to function correctly

So this is how we got it to work.

Please note this is not a guide on how to loadbalance your firewalls for outbound connections where the TMG servers are acting as a reverse proxy / web filter aka. squid (allthough it would be very similar and that can be discussed in another blog)

The Network we will build will look like the following where we are loadbalancing the connections between the two TMG servers via a loadbalancer, this is then sent from the TMG Server to the WebServer via a NAT rule.

Continue reading

NTLM Authenticating Proxy Check Script

We do quite a bit of work with web proxy vendors, loadbalancing multiple web filters/proxies with one of our appliances and our customers have requested a way of health checking through the proxy when they have NTLM authentication enabled. Always happy to help where we can I have created a script that will retrieve a web page via your proxy (logging in first of course) if it retrieves it successfully then the program exits with a code 0, if it fails it exits with a code 1. Simple!!

Continue reading