I'm setting up my first UAG server. I can either put it on the edge with a public side and private side but would prefer to put in my DMZ, I'm wondering if that's supported? Or even recommended? Having the DMZ subnet in there might be safer but also harder to trouble shoot.

Public >DMZ External > Internal

or

External > Internal

And if I go with DMZ is there anything special I need to do on the External NIC?

Thoughts?

• Edited by jamicon Monday, December 09, 2013 7:12 PM

Hi jamicon,

it is quite common having a UAG setup with an additional firewall in front of the UAG server. This firewall could also do a NATing of IP addresses. That is fine if you do web application publishing. If you plan for DirectAccess (I would then recommend 2012 or 2012 R2 server) then need 2 consectuive public IP addresses on the UAG server to support Teredo. (http://technet.microsoft.com/en-us/library/dd857320.aspx).

Hope that helps,

Lutz

Not sure I understand that but brings up another point. The install video http://technet.microsoft.com/en-US/video/ff832960?Category=UAG says I need 2 IP's on the External NIC.

If I stay in the DMZ I will need to route the Public IP address to the external NIC address, which one do I use??

Public IP > External NIC address(s) DMZ > Internal NIC

The 2 IPs (consecutive IPs!) are only for DirectAccess, do you plan to use DirectAccess with UAG? I am asking this because Windows Server 2012 has the same functionality builtin plus some advantages if it comes to Windows 8 client (kerberos auth, certificates option) or with the setup for HTTPS-IP. (sorry I have only very limited internet access so I cannot checkout the video.)

If you dont plan DirectAccess or you do not want use Teredo then you do not need the 2 consecutive IPs. You need then just one IP for each trunk in UAG to publish your applications (http://technet.microsoft.com/en-us/library/ee428837.aspx).

You should also see the features deprecated list http://technet.microsoft.com/en-US/library/jj878164.aspx. just case you plan to use one or all.

The current service pack level is SP4.

The public IP must be assigned on your external NIC of the UAG server.

Thanks!

Wheres the marked as answered button?

I know the Public IP gets mapped to the external NIC but since the external NIC has 2 IP addresses which one do I map to?

and can you tell me how to publish an application like MS Excel for example or something with a SQL backend. on our network through UAG?

Thanks again!

• Edited by jamicon 19 hours 38 minutes ago

Thanks!

Wheres the marked as answered button?

I know the Public IP gets mapped to the external NIC but since the external NIC has 2 IP addresses which one do I map to?

and can you tell me how to publish an application like MS Excel for example or something with a SQL backend. on our network through UAG?

Thanks again!

• Edited by jamicon Tuesday, December 10, 2013 4:15 PM