While Windows Essential Business Server 2008 (Windows EBS) Security Server can be installed as the single perimeter security solution it is common to have it coexist with existing security solutions like hardware firewall on perimeter. In this configuration, Forefront TMG is the “back end firewall” to existing “front end” firewall, providing a defense in depth setup. In this case, there’re few choices available – this blog post calls out decision points and provides an outline of activity for each decision: 1. Configuring network to support two security devices for defense in depth – The introduction of a backend firewall requires front end firewall to be on a separate subnet than rest of local network. There’re two ways to easily achieve this. The selection’ll be driven by your knowledge of existing firewall and number of devices in your network.
Full Article: EBS blog