Accessing TMG cluster through pfSense…



  • Hi,

    Does anyone have any experience placing a Microsoft TMG cluster behind a pfSense device?

    The TMG cluster, using Microsoft NLB, will be advertising a VIP on it's NLB interfaces as a unicast IP but with a multicast MAC address. Based on previous experience, I know most vendors require some additional configuration to get it working (for example Cisco needs a static ARP entry on it's routers, and without it either won't forward traffic or it only relays to one device even if it fails until the ARP table is updated).

    Is anything similar required on pfSense to have it working properly?

    Regards,
    Anders


  • Banned

    Og du kan ikke løse det med ping af Master i dit CARP cluster?



  • @Supermule:

    Og du kan ikke løse det med ping af Master i dit CARP cluster?

    Let's keep things in English. so others may benefit from whatever conclusion there is…

    But to answer your question, there is no "master" in a TMG cluster in the sense of receiving and sending traffic, as there is in a pfSense CARP array. All nodes in a TMG cluster run as active, which is where the MAC address spoofing comes into the picture. Each node spoofs the MAC address of the NLB interface onto their own network interface, but as stated I've seens problems with other vendors.

    Before beginning on this project I wanted to see if anyone else had any prior experience. If not, I will post whatever conclusion I reach once the project is done.

    Regards,
    Anders



  • AFAIK that should work without any additional considerations. Though I haven't tried it, nor recall of anyone trying it. Give it a shot and let us know what you find.



  • @cmb:

    AFAIK that should work without any additional considerations. Though I haven't tried it, nor recall of anyone trying it. Give it a shot and let us know what you find.

    That's the plan, once I get to it.


Log in to reply