Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
2
Replies

WSA Deployment with existing MS TMG Proxy Server

ngtransge
Level 1
Level 1

‎06-30-2013 02:01 PM

Hello,

I am interesting if it is possible to deploy WSA in front on MS TMG server.  So from user perspective first will be TMG server and second will be WSA. USER LAN ---à TMG --à WSA---à.INTERNET.

If it is possible, how authentication will be handled ?

Labels:
0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎07-02-2013 12:04 PM

I don't know if TMG and deal with an upstream proxy, but presumably, the TMG would auth the user, then the request would be handled by the WSA, and you wouldn't require the TMG to auth to the WSA...

I do know that the WSA can be configured to use an upstream proxy, from the menu Network>Upstream Proxy.  In that case, have the users auth to the WSA and then have the TMG trust any connections from the WSA...

Trying to do auth on both just sounds like you're looking for a world of complications...

0 Helpful

Luis Silva Benavides
Cisco Employee
Cisco Employee

‎07-02-2013 12:10 PM

Hi,

It seems that that MS server does FW/IPS and other features.. so why don't you place the WSA between the MS server and the end users? I think it will work better since I also noticed that this server can also persom NAT.

HTH,

Luis Silva

"If you need PDI (Planning, Design, Implement) assistance feel free to reach"

http://www.cisco.com/web/partners/tools/pdihd.html

Luis Silva
0 Helpful
Customers Also Viewed These Support Documents