Microsoft Certified Consulting
Microsoft Forefront Threat Management Gateway Help:
Consulting, Support, Problem Solving
Overview of Microsoft Forefront Threat Management Gateway 2010
Forefront Threat Management Gateway (TMG) 2010 is built on the architecture of Internet Security and Acceleration (ISA) Server to provide a
full-featured security platform that can be deployed as a web proxy, a remote access gateway, an email relay, or a single-box solution that delivers all these functions. TMG 2010 offers significant enhancements over its predecessor ISA Server 2006 through its ability to work as 64-bit application under Windows 2008 R2, its close integration with Exchange Server 2010 and SharePoint 2010, and its array of security and management features.
Forefront Threat Management Gateway 2010 is no longer available from Microsoft, and the gateway security features provided by the product are typically handled by purpose-built hardware appliances from vendors such as Cisco, Barracuda, Check Point and WatchGuard. (See Cisco ASA firewalls with Firepower Services consulting.) Progent's firewall integration experts can help you manage and troubleshoot your Forefront TMG 2010 environment or assess the business value of migrating to a more modern firewall solution. If you decide that an upgrade makes sense, Progent can help you plan and execute a smooth, cost-effective migration, validate and optimize your firewall configuration, provide custom webinar training to your support staff, and deliver ongoing remote consulting and support services.
Capabilities of Forefront TMG 2010 include a multi-layer firewall, URL filtering with support for Microsoft Reputation Services, signature-based network protocol inspection, certificate-based HTTPS inspection, and extensive VPN support. TMG 2010 includes advanced web security reporting features and streamlines authentication and policy enforcement via integration with Active Directory. Microsoft has discontinued Forefront TMG and offers no equivalent single-product solution that provides universal threat management (UTM) functionality. Many of the capabilities offered by Forefront TMG have been incorporated into current versions of Microsoft server platforms including Windows Server, Exchange, SharePoint and Lync.
Progent's Microsoft-certified firewall consultants can help your organization manage and troubleshoot your Forefront TMG 2010 deployment or help you create an equivalent security solution that utilizes the capabilities built into Microsoft's current generation of server platforms and/or third-party firewalls and load balancers from major vendors including Barracuda and Sophos.
Editions of Forefront Threat Management Gateway 2010
The Standard Edition of TMG 2010 includes all the functionality of its popular predecessor ISA Server 2006 (see Progent's ISA Server 2006 consulting services) and adds web anti-malware, HTTPS inspection, enhanced email security, a new Network Inspection System (NIS) that includes an unlimited subscription to updates from the Microsoft Malware Protection Center (MMPC), plus support for ISP redundancy.
The Enterprise Edition of TMG 2010 includes a Central Management Console for consolidated control of distributed instances or arrays of TMG 2010 SE. This leverages the management capability of the TMG Enterprise Edition by effectively extending it to lower-cost TMG 2010 SE systems installed at branch offices, remote sites, or network boundaries. The Enterprise Edition is also the only version that supports network load balancing for high availability and improved performance, Cache Array Routing Protocol (CARP) for load-balancing HTTP requests across multiple proxy cache servers, and unlimited virtualized CPUs for lower equipment costs and faster recovery.
The Medium Business Edition (MBE) of TMG 2010 is designed for use with Windows Essentials Business Server to act as a secure web gateway. Unlike ISA 2006, TMG MBE does not support arrays for load balancing and failover and does not allow a non-domain joined gateway. TMG MBE also does not offer TMG SE's support for HTTPS inspection, the Network Inspection System for signature-based protocol inspection, and ISP redundancy.
Deployment Options with Forefront Threat Management Gateway 2010
The flexible architecture and rich feature set of Forefront Threat Management Gateway 2010 supports different deployment options to match the security needs of a broad range of organizations. TMG 2010 can be deployed on multiple servers in an array that synchronize with the same configuration storage for high performance and easy management. Basic options include running TMG 2010 as a secure web gateway, a remote access gateway, a secure email relay, or a single-box unified threat management (UTM) solution that serves all these functions. Capabilities of TMG 2010 that support these deployment options include:
Secure Web Gateway
- Web proxy offering authentication and security
- Web anti-malware provided with Web Protection subscription service
- URL filtering integrated with Microsoft Reputation Services
- HTTP filtering and HTTPS traffic inspection
- Network Inspection System (NIS) for Internet protocols
- Trickling of file content during inspection to prevent web timeouts
- Centralized cache management for
- Dial-in VPN
- Site-to-site VPN
- VPN traffic inspection and quarantine
- Secure publishing of web servers, internal servers, and Terminal Services
- SSL bridging with decryption and recryption
- Interoperability with Windows Server 2008 R2 BranchCache for localized web caching
- Protection from spam and malware
- Email content filtering
- Support for Exchange Edge Transport Server (EETS) and Forefront Protection 2010 for Exchange Server (FPES)
- Single-server deployment of TMG, EETS and FPES for easy management and edge protection
- Native support for Network Load Balancing to improve speed, availability, and manageability
- Signature-based protection for SMTP, POP3, IMAP and MIME protocols
- Economical single-box security solution for mid-size businesses
- Firewall
- Intrusion Protection System (IPS)
- VPN
- Email relay
TMG 2010 is built on ISA Server 2006's core capabilities and incorporates important new features and improvements. New and enhanced features provided with the latest version of TMG 2010 include:
- Web anti-malware provided by the Web Protection subscription service scans web pages for viruses, malware, worms, and other threats.
- URL filtering provided by the Web Protection subscription service controls web site access according to URL categories, allowing you to block sites with dangerous, objectionable, or distracting content.
- E-mail protection subscription service based on FPES allows TMG 2010 to act as a secure relay for SMTP traffic, scanning for viruses, malware, spam and content (e.g., executable or encrypted files)
- HTTPS inspection examines HTTPS-encrypted web traffic for malware and exploits or to enforce the corporate policy.
- Network Inspection System (NIS) protects Microsoft applications from threats embedded in common network protocols including HTTP, DNS, SMB, RPC, and SMTP. TMG 2010 includes an unlimited subscription to the signature library maintained by Microsoft's MMPC team.
- Enhanced Network Address Translation (NAT) allows you to designate e-mail servers to be published on a 1-to-1 NAT basis to avoid address incompatibility issues.
- SIP traversal allows easier configuration of Voice over IP services inside the network.
- Installation on Windows Server 2008 gives Forefront TMG 2010 64-bit support with more memory space and scalability.
- New User Activity report documents and categorizes web surfing activity for specified users and time periods.
- BranchCache can reduce bandwidth use and improve web performance when TMG 2010 is the Hosted Cache server at the branch office on a Windows 2008 R2 Server.
- Secure SharePoint 2010 publishing is now supported on Forefront TMG 2010.
- SafeSearch, enforceable on specified groups or company wide, can block objectionable search results including text, images, and videos found by popular search engines.
TMG 2010's ability to inspect encrypted HTTPS traffic is a significant enhancement over ISA Server 2006 because HTTPS sessions typically represent 10-15% of total web traffic. With HTTPS inspection, Forefront TMG is able to examine web traffic that has been encrypted within Secure Socket Layer (SSL) tunnels. HTTPS inspection can police inbound and outbound traffic to block viruses and other malware, prevent access to sites with expired certificates, or to thwart attempts to circumvent web access policies by using encrypted tunneling applications over a secure channel.
Forefront TMG provides HTTPS security by standing between the client computer initializing the HTTPS connection and the secure web site. TMG intercepts the client request and creates an SSL tunnel to the target site to validate the site's server certificate. TMG uses the details of the secure site's certificate to create a new SSL certificate and signs it with TMG's HTTPS inspection certificate. TMG then presents the new certificate to the client and uses the certificate to establish a separate rate SSL tunnel. The client will already have the HTTPS inspection certificate in its Trusted Root Certification Authorities certificate store and will trust any certificate signed by this certificate. TMG allows you to exclude designated sites from HTTPS inspection. This is useful, for example, for banking sites or sites that use self-signed certificates. Forefront TMG can also notify users automatically that HTTPS traffic is being inspected.
How Progent Can Help You with Forefront Threat Management Gateway 2010
Progent offers efficient online expertise for all aspects of managing and troubleshooting Forefront Threat Management Gateway 2010 and can help you follow industry best practices with tasks that include:
- Supporting Forefront TMG on Windows Server 2008
- Supporting TMG on a Headquarters Domain Controller or Remote Office Domain Controller
- Configuring networks, routing, roles, and permissions
- Configuring virtual TMG servers and arrays of TMG servers
- Configuring client computers and authentication servers
- Creating and configuring firewall policy, access rules, and VoIP settings
- Installing BranchCache in TMG
- Configuring VPN access and enforcing VPN client health
- Publishing Microsoft applications and server roles including Exchange, SharePoint, OWA, and web servers
- Enabling malware inspection, exceptions, and definition updates
- Configuring HTTPS inspection, exclusions, and certificate updates
- Configuring email protection with spam, virus, and content filtering
- Administering, monitoring, and backing up TMG
- Setting up load balancing and establishing redundant ISPs for high availability and performance
- Creating standard and custom management reports
Progent's certified network security engineers can show you how to design an enterprise-wide security strategy that incorporates disaster recovery planning and periodic network vulnerability scanning. Progent's Microsoft System Center Operations Manager (SCOM) network monitoring experts can assist you to protect your IT environment by proactively detecting and resolving potential network problems before they can disrupt productivity. Progent maintains a team of online Cisco CCIE-certified network engineers who offer cost-effective expertise to troubleshoot challenging problems with your network infrastructure.
Contact Progent for Microsoft Forefront Threat Management Gateway 2010 Solutions
For more information about how Progent can help you with Forefront TMG, call
Progent's Consulting Services for Microsoft .NET Server Technology
For small companies throughout the U.S., Progent's Microsoft-certified experts offer computer assistance and IT consulting support for the entire family of Microsoft .NET Enterprise Servers and Windows Servers. Progent's migration, installation, optimization, and consulting capabilities include network architecture, configuration, and administration outsourcing for
project management and documentation, on-site and off-site
technical help and system diagnosis,
Standard Help Desk Services or Co-managed Help Desk Call Center Services, certified
security consulting, turn-key
outsourcing, and
ProSight Virtual Hosting services.
In case your company is looking for immediate remote support from a certified consultant, visit Progent's Urgent Remote Technical Support.
Find out more details concerning Progent's Consulting Services for Microsoft .NET Servers.
An index of content::
Cisco CCDA Home Based Jobs
Cisco Engineers Freelancing Jobs
Progent is hiring a variety of on-staff employees including motivated Microsoft Certified Systems Engineers; network experts with Cisco CCDP or CCIE credentials; and specialists in advanced system architecture with backgrounds in mobile access, wireless networking, non-stop systems, business continuity solutions, data preservation, and VMware technology. Progent is also looking for workstation support experts, off-site service professionals, and CISSP or CISM certified security consultants. We are also hiring experienced managers able to operate efficiently in our dynamic, virtual office model. Progent works with independent professionals who have in-depth knowledge and field background in crucial information technology topics outside Progent's primary service focus. Progent's Experts Team includes freelance consultants who offer advice and programming services for mission-critical solutions such as Manufacturing Resource Planning, Enterprise Resource Planning, or Customer Relationship Management; possess deep expertise with popular platforms such as Linux derivatives, Apple OS, or Sun, or offer expert help in technologies such as telecommunications, web site development, EDI, eCommerce, or dbm programming. Independent contractors certified by Progent cooperate with Progent's staff engineers to deliver end-to-end IT services for small business networks.
Online Wireless Site Survey IT Consulting
Wi-Fi Site Survey Setup and Support
Progent's Wi-Fi site survey and predictive modeling make it easy to plan, deploy and debug a Wi-Fi LAN adapted to your facilities, providing your business a WLAN that delivers the reception, performance, density, Quality of Service, security, and roaming ability your company requires. Wireless site survey services from Progent include online predictive analysis for planning a Wi-Fi network and on-premises site survey services for confirming, tuning, and troubleshooting an operational wireless network.
Check Point 3000 Firewalls Forensics Services
Check Point 23000 Firewalls Security Tech Services
Progent's Check Point experts can show you how to choose and deploy Check Point Software Firewall/VPN utilities and appliances powered by Check Point's technology to provide an economical and effective security defense for your business network. Progent can also help you configure other Check Point technologies such as ZoneAlarm and Check Point Power-1 firewalls with security solutions from other suppliers and provide a central source for continuing network support, maintenance, training, and design expertise.
Microsoft Experts Windows Server 2012 R2 Data Deduplication Online Support Services
Troubleshooting Windows Server 2012 R2 Hyper-V Virtual Switch
Progent's certified professionals can assist you to assess the business value of Windows Server 2012 R2 for your organization, develop test environments and rollout plans, tune your network infrastructure for on-premises, multi-location, private or public cloud-based, and partial-cloud datacenters, educate your IT support staff, develop an enterprise-wide security plan, streamline IT administration, help with creating applications, and generate and test a DR/BC plan.
5520 wireless controller Consulting
Cisco Expert wireless LAN controller Computer Engineer
Cisco's {Catalyst Wi-Fi controllers simplify the administration of wireless LANs by unifying the provisioning and control of wireless access points, optimizing wireless throughput by limiting the impact of RF congestion, improving Wi-Fi uptime with fast auto-failover, and hardening security by identifying cyber threats and analyzing traffic content based on user class and location. Progent can assist your business to configure Cisco Wi-Fi controller appliances to manage wireless networks of all sizes. Progent can assist you to administer and troubleshoot your current Cisco-based Wi-Fi solution or implement an efficient transition to Cisco's modern Wi-Fi controller technology.
Onsite Support Mid-size Business
Top Ranked Tech Support For Small Business Midsize Business
Progent offers IT support for medium size businesses who have 100 to 250 network users. The mid-size company or office has traditionally been an overlooked part of the market for IT support services. The cost structures and support delivery models of major third-party service firms make them excessively costly for the ordinary mid-size company or small medium business (SMB), which commonly has a minimal IT budget with which to maintain an IT network whose advanced technology and capability are often similar to the information systems of much bigger enterprises. Progent's service delivery model, which takes great advantage of online support, virtual network technology and 24x7 network monitoring, dramatically reduces the IT support expenses of a small-medium business while offering the mid-size company with enterprise-level service from certified, world-class experts with background in a wide array of midsized business network solutions. If your medium size company or small business is looking for the quality of network support needed for a medium size office without budgeting big-company costs, contact Progent.
Biggest Solaris with Windows Consultant
Immediate Windows and UNIX Engineers
Progent's UNIX platform support services offer small and mid-size companies and developers help with administering and supporting UNIX, Linux or Solaris systems that run with Microsoft-based technology. Progent offers your organization access to UNIX consultants, consulting professionals premier by Microsoft and Cisco, and security experts with CISSP certification. This broad array of expertise provides you with an easy single source to show you how to build and maintain a secure and reliable cross-platform connectivity and communications solution that allows UNIX and Microsoft interoperability by integrating Microsoft Windows with popular variants of UNIX including Mac OS X, Solaris, IBM AIX, HP-UX, BSD, SCO, and SGI/Irix or major Linux platforms such as RedHat Linux, SUSE, CentOS, Ubuntu Linux, PCLinuxOS, fedora, Gentoo, Mandrake/Mandriva, Debian-GNU, and Slackware.
SharePoint 2019 and SQL Server Remote Consulting
24x7 SharePoint Backup and Recovery Remote Support Services
Progent's Microsoft-certified SharePoint 2019 and SharePoint Online consultants offer affordable remote and on-premises expertise, software development, and troubleshooting services for organizations of all sizes who want to migrate to SharePoint Server 2019 or SharePoint Online from prior versions of SharePoint. Progent can help you design and execute a cost-effective upgrade to SharePoint 2019 on prem, SharePoint Online, or a hybrid environment that incorporates onsite and cloud infrastructure into a seamless intranet system.
Operating System Training
Knowledge Transfer Operating System
Progent practices information transfer from Progent's consultants to clients. By teaching clients to handle problems that are within their comfort zone, Progent can focus on providing hard-to-find services where Progent has little competition. Medium-size companies who work with familiar freelance consultants or who maintain internal IT staffs benefit when Progent passes on knowledge about critical technology and proven processes to make their networks more reliable, secure, and productive.
ransomware protection assessment Specialists
ransomware vulnerability evaluation Consultancy
Progent's ProSight Ransomware Preparedness Report service is a low-cost service built around a phone interview with a Progent backup/recovery expert. The fact-finding interview is intended to help evaluate your organization's preparedness either to block ransomware or recover quickly from a ransomware attack. Progent will consult with you directly to gather information concerning your current antivirus tools and backup procedures, and Progent will then deliver a custom Basic Security and Best Practices Report describing how you can apply best practices to deploy an efficient AV and backup/recovery environment that minimizes your exposure to ransomware and meets your company's needs.
Cybersecurity Audit Consultant Services
Top Ranked Consult Cybersecurity Audit
The CISA credential is an important achievement that indicates expertise in network security audit and control. Accredited by the American National Standards Institute, the CISA credential has consultants pass a comprehensive test given by the ISACA professional association. Progent offers the services of a CISA-Premier network security audit consultant trained to help businesses in the areas of IS audit process, information technology administration, network assets and infrastructure ROI, IT support, protection of information assets, and disaster recovery planning.
Wi-Fi RF Coverage Maps Support
Wi-Fi RF Spectrum Analysis for Wi-Fi Help and Support
Progent's wireless site survey and predictive modeling make it easy to design, deploy and troubleshoot a Wi-Fi LAN adapted to your environment, offering you a wireless solution that has the reception, speed, capacity, Quality of Service, security, and roaming capability your business needs. Wireless site survey services from Progent include remote predictive modeling for designing a wireless network and onsite site survey services for validating, optimizing, and troubleshooting an operational wireless LAN.
Juniper SA700 SSL VPN Consultant
Juniper SA4500 SSL VPN Cybersecurity Organizations
SSL VPN makes it possible to establish a secure Internet connection between an enterprise network and virtually any remote computer without the need for pre-installed client software. Progent's Juniper-certified consultants can help you design, manage, and troubleshoot SSL VPN solutions based on Juniper's AS Series of remote access appliances.
Remote Consulting Catalyst 4500 Switch
Catalyst Switch IOS-XR Support and Setup
Progent's Cisco-certified CCIE networking experts can help you to configure, manage, update, optimize and troubleshoot Catalyst switches. Progent can also help you to harden the security and compliance of Catalyst switches and migrate smoothly from legacy switches to modern devices.
Select Topic: