Here's one man's story of installing MS Essential Business Server.
"EBS is fine with installing into an existing network, and it's even OK if you want to keep your existing firewall / gateway in place, but you need to be a bit deceptive to prevent having to make changes to your existing infrastructure. If you want to keep your existing firewall / gateway, EBS wants to take it's internal IP (your default gateway address) as its' own and have you assign a new, unique IP address to your existing firewall / gateway. It kinda makes sense; EBS is trying to ensure that all of your existing clients go though the new Security Server, and by changing this one IP address on your existing firewall / gateway, you do not have to point every workstation to the new security server. Of course, EBS is built to be your network, not coexist with your network. "
We shouldn't be surprised at his problems since the Microsoft philosophy of One Server To Rule Them All has been around for quite a few years. This guy recommended:
"So for your test lab... Lie to it if you don't want to reconfigure your existing firewall / gateway. I told the tool that my firewall/gateway was at 192.168.1.1 even though it was really located at 192.168.0.1. This way, the new security server takes the IP I want it to, not my super happy existing firewall that the rest of my network depends upon."
I'm just wondering how far that strategy will work in a production environment. Suppose I'm quite happy with my existing non-Microsoft gateway and don't want to give that role to EBS. Does that mean I am disqualified from receiving technical support because my architecture does not conform to the Microsoft "standard"?
At least Lotus Foundations Server gives you the choice of whether you want it to be your gateway and it will work quite happily even if it doesn't get that responsibility.