We were looking at Microsoft’s new TMG server and loadbalancing and after a search of the web found there was not really any Guide on how to loadbalance incoming web connections via two TMG servers to an internal NAT’ed web sever at layer4.
The TMG servers are effectivley acting as WAFs (Web Application Firewalls) for the incomming traffic.
They require the traffic to be transparent (so they can inspect the client source IP address), so layer 4 DR mode is a logical choice.
The main problems were getting the required loopback adapter on the TMG servers to function correctly
So this is how we got it to work.
Please note this is not a guide on how to loadbalance your firewalls for outbound connections where the TMG servers are acting as a reverse proxy / web filter aka. squid (allthough it would be very similar and that can be discussed in another blog)
The Network we will build will look like the following where we are loadbalancing the connections between the two TMG servers via a loadbalancer, this is then sent from the TMG Server to the WebServer via a NAT rule.