Welcome to the Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion. This book was written over the course of more than a year to help you design, deploy, and maintain TMG in multiple scenarios as well as to help you understand the history and design goals of TMG. The functionality descriptions and examples in this book are based on actual deployment and testing in the authors’ labs, so you can rest assured that what we describe is a demonstrated fact, not simply a “feature description.”
[...]...Part IV TMG as Your Firewall Chapter 11 Configuring TMG Networks 20 9 Understanding Network Relationships 20 9 Basic IP Routing 21 0 Route Relationships 21 5 NAT Relationships 21 5 NAT Address Selection 21 8 Network Rules 22 0 Creating Networks 22 2 Built-In Networks 22 2 Creating a New Network 22 4 Creating a Network Rule 22 6 Configuring... 26 3 What Is ISP Redundancy? 26 3 How ISP Redundancy Works 26 5 Link Availability Testing 26 5 Implementing ISP Redundancy 26 7 Planning for ISP-R 26 7 ISP-R Constraints 26 8 Enabling ISP-R 26 9 Failover Mode 26 9 Load-Balancing Mode 27 6 Understanding and Implementing NLB 28 4 NLB Architecture 28 5 Considerations When Enabling NLB on TMG 28 8 Configuring... Enforcement 25 0 Exemptions in Policy Enforcement 25 2 Policy Enforcement in Certain Scenarios 25 3 Troubleshooting Access Rules 25 3 Basic Internet Access 25 4 Authentication 25 6 Name Resolution 25 9 Using the Traffic Simulator 25 9 Summary .26 2 Contents xi Chapter 13 Configuring Load-Balancing Capabilities 26 3 Multiple... 820 Troubleshooting Enhanced NAT 826 Summary . 828 Contents xix Chapter 30 Scripting TMG 829 Understanding the TMG Component Object Model (COM) 829 Forefront TMG COM hierarchy 830 New COM Elements in TMG 831 Administering TMG with VBScript or JScript 834 TMG Scripting... 23 1 Authenticating Traffic from Protected Networks 23 3 Summary .24 0 Chapter 12 Understanding Access Rules 24 1 Traffic Policy Behavior 24 1 Policy Engine Rule Basics 24 1 Ping Access Rule Example 24 2 CERN Proxy HTTP Example 24 5 Understanding Policy Re-Evaluation 24 9 Policy... discussions on TMG features, design goals, and their relationship to the Microsoft Forefront Edge product line Chapter 1 What’s New in TMG Chapter 1 summarizes the design goals and scenarios for TMG in comparison to ISA Server, Internet Access Gateway (IAG), and Universal Access Gateway (UAG) Chapter 2 What Are the Differences Between TMG and UAG? Chapter 2 details the design goals and scenarios for TMG in... and TMG 20 10 and provides an introduction to the new management console Chapter 8 Installing TMG Chapter 8 covers installing TMG MBE separately from Windows Essential Business Server as well as installing TMG 20 10 This chapter provides checklists that refer to concepts provided in the planning chapters Chapter 9 Troubleshooting TMG Setup Chapter 9 discusses the methodology for troubleshooting TMG. .. Monitoring NIS 319 NIS Update 322 IPS Compared to IDS 322 Implementing Intrusion Detection 323 Configuring Intrusion Detection 324 Configuring DNS Attack Detection xii Contents 326 Configuring IP Preferences 327 Configuring Flood Mitigation 330 TMG Preconfigured Attack Protection 337 Summary .341 Part V TMG as Your Caching Proxy... discusses the threat landscape presented by e-mail and how TMG works with Exchange Edge and Forefront Protection 20 10 for Exchange Server to minimize the threats presented to your organization Chapter 20 HTTP and HTTPS Inspection Chapter 20 discusses how TMG handles inspection for HTTP traffic and how the new HTTPS Inspection (HTTPSi) feature helps to improve this functionality Part 7 TMG Publishing... being great friends Acknowledgments xxix Introduction W elcome to the Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion This book was written over the course of more than a year to help you design, deploy, and maintain TMG in multiple scenarios as well as to help you understand the history and design goals of TMG The unctionality descriptions and examples in this book are . 20 3 The Connect to Forefront Protection Manager 20 10 Wizard (TMG 20 10 only) 20 4 The Configure SIP Wizard (TMG 20 10 only) 20 5 The Configure E-Mail Policy Wizard (TMG 20 10 only) 20 5 The Enable ISP. Wizard 20 0 The Network Setup Wizard 20 1 The System Configuration Wizard 20 2 The Deployment Wizard 20 2 The Web Access Policy Wizard 20 3 The Join Array and Disjoin Array Wizards (TMG 20 10 only) 20 3 The. . . . . .22 2 Built-In Networks 22 2 Creating a New Network 22 4 Creating a Network Rule 22 6 Configuring Your Protected Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 1 Authenticating