Let’s start this post about Exchange with a common question: Now that Microsoft has stopped selling TMG, should I rip it out and find something else to publish Exchange with? I have occasionall...
Updated Jul 01, 2019
Version 2.0
Blog Post
There are too many false assumptions to rebut here. First, and probably most importantly, load balancers are not hardened devices. Of course, they act to proxy tcp ports to another device (such as Exchange) but they aren't necessarily hardened to protect themselves from attack. Should they be? Of course. Why aren't they then? Most likely, it is the usual excuse. Developers spend their time coding in new functionality and not necessarily security. I don't know ANY load balancer that recommends running it directly on the internet. Second, comparing a firewall to a car is completely insane. Sure, your car might keep running after the warranty expires. Your firewall, however, requires constant updates to secure against the latest threats. Even thought we will continue to use our TMG firewall for the foreseeable future, the lack of any code updates such as service packs or even any more rollups definitely causes concern.