Microsoft Certified Consultants
Forefront Threat Management Gateway Help:
Design, Support, Migration
Overview of Microsoft Forefront Threat Management Gateway 2010
Forefront Threat Management Gateway (TMG) 2010 is built on the architecture of Internet Security and Acceleration (ISA) Server to provide a
full-featured security platform that can be deployed as a web proxy, a remote access gateway, an email relay, or a single-box solution that delivers all these functions. TMG 2010 offers significant enhancements over its predecessor ISA Server 2006 through its ability to work as 64-bit application under Windows 2008 R2, its close integration with Exchange Server 2010 and SharePoint 2010, and its array of security and management features.
Forefront Threat Management Gateway 2010 is no longer available from Microsoft, and the gateway security features provided by the product are typically handled by purpose-built hardware appliances from vendors such as Cisco, Barracuda, Check Point and WatchGuard. (See Cisco ASA firewalls with Firepower Services consulting.) Progent's firewall integration experts can help you manage and troubleshoot your Forefront TMG 2010 environment or assess the business value of migrating to a more modern firewall solution. If you decide that an upgrade makes sense, Progent can help you plan and execute a smooth, cost-effective migration, validate and optimize your firewall configuration, provide custom webinar training to your support staff, and deliver ongoing remote consulting and support services.
Capabilities of Forefront TMG 2010 include a multi-layer firewall, URL filtering with support for Microsoft Reputation Services, signature-based network protocol inspection, certificate-based HTTPS inspection, and extensive VPN support. TMG 2010 includes advanced web security reporting features and streamlines authentication and policy enforcement via integration with Active Directory. Microsoft has discontinued Forefront TMG and offers no equivalent single-product solution that provides universal threat management (UTM) functionality. Many of the capabilities offered by Forefront TMG have been incorporated into current versions of Microsoft server platforms including Windows Server, Exchange, SharePoint and Lync.
Progent's Microsoft-certified firewall consultants can help your organization manage and troubleshoot your Forefront TMG 2010 deployment or help you create an equivalent security solution that utilizes the capabilities built into Microsoft's current generation of server platforms and/or third-party firewalls and load balancers from major vendors including Barracuda and Sophos.
Editions of Forefront Threat Management Gateway 2010
The Standard Edition of TMG 2010 includes all the functionality of its popular predecessor ISA Server 2006 (see Progent's ISA Server 2006 consulting services) and adds web anti-malware, HTTPS inspection, enhanced email security, a new Network Inspection System (NIS) that includes an unlimited subscription to updates from the Microsoft Malware Protection Center (MMPC), plus support for ISP redundancy.
The Enterprise Edition of TMG 2010 includes a Central Management Console for consolidated control of distributed instances or arrays of TMG 2010 SE. This leverages the management capability of the TMG Enterprise Edition by effectively extending it to lower-cost TMG 2010 SE systems installed at branch offices, remote sites, or network boundaries. The Enterprise Edition is also the only version that supports network load balancing for high availability and improved performance, Cache Array Routing Protocol (CARP) for load-balancing HTTP requests across multiple proxy cache servers, and unlimited virtualized CPUs for lower equipment costs and faster recovery.
The Medium Business Edition (MBE) of TMG 2010 is designed for use with Windows Essentials Business Server to act as a secure web gateway. Unlike ISA 2006, TMG MBE does not support arrays for load balancing and failover and does not allow a non-domain joined gateway. TMG MBE also does not offer TMG SE's support for HTTPS inspection, the Network Inspection System for signature-based protocol inspection, and ISP redundancy.
Deployment Options with Forefront Threat Management Gateway 2010
The flexible architecture and rich feature set of Forefront Threat Management Gateway 2010 supports different deployment options to match the security needs of a broad range of organizations. TMG 2010 can be deployed on multiple servers in an array that synchronize with the same configuration storage for high performance and easy management. Basic options include running TMG 2010 as a secure web gateway, a remote access gateway, a secure email relay, or a single-box unified threat management (UTM) solution that serves all these functions. Capabilities of TMG 2010 that support these deployment options include:
Secure Web Gateway
- Web proxy offering authentication and security
- Web anti-malware provided with Web Protection subscription service
- URL filtering integrated with Microsoft Reputation Services
- HTTP filtering and HTTPS traffic inspection
- Network Inspection System (NIS) for Internet protocols
- Trickling of file content during inspection to prevent web timeouts
- Centralized cache management for
- Dial-in VPN
- Site-to-site VPN
- VPN traffic inspection and quarantine
- Secure publishing of web servers, internal servers, and Terminal Services
- SSL bridging with decryption and recryption
- Interoperability with Windows Server 2008 R2 BranchCache for localized web caching
- Protection from spam and malware
- Email content filtering
- Support for Exchange Edge Transport Server (EETS) and Forefront Protection 2010 for Exchange Server (FPES)
- Single-server deployment of TMG, EETS and FPES for easy management and edge protection
- Native support for Network Load Balancing to improve speed, availability, and manageability
- Signature-based protection for SMTP, POP3, IMAP and MIME protocols
- Economical single-box security solution for mid-size businesses
- Firewall
- Intrusion Protection System (IPS)
- VPN
- Email relay
TMG 2010 is built on ISA Server 2006's core capabilities and incorporates important new features and improvements. New and enhanced features provided with the latest version of TMG 2010 include:
- Web anti-malware provided by the Web Protection subscription service scans web pages for viruses, malware, worms, and other threats.
- URL filtering provided by the Web Protection subscription service controls web site access according to URL categories, allowing you to block sites with dangerous, objectionable, or distracting content.
- E-mail protection subscription service based on FPES allows TMG 2010 to act as a secure relay for SMTP traffic, scanning for viruses, malware, spam and content (e.g., executable or encrypted files)
- HTTPS inspection examines HTTPS-encrypted web traffic for malware and exploits or to enforce the corporate policy.
- Network Inspection System (NIS) protects Microsoft applications from threats embedded in common network protocols including HTTP, DNS, SMB, RPC, and SMTP. TMG 2010 includes an unlimited subscription to the signature library maintained by Microsoft's MMPC team.
- Enhanced Network Address Translation (NAT) allows you to designate e-mail servers to be published on a 1-to-1 NAT basis to avoid address incompatibility issues.
- SIP traversal allows easier configuration of Voice over IP services inside the network.
- Installation on Windows Server 2008 gives Forefront TMG 2010 64-bit support with more memory space and scalability.
- New User Activity report documents and categorizes web surfing activity for specified users and time periods.
- BranchCache can reduce bandwidth use and improve web performance when TMG 2010 is the Hosted Cache server at the branch office on a Windows 2008 R2 Server.
- Secure SharePoint 2010 publishing is now supported on Forefront TMG 2010.
- SafeSearch, enforceable on specified groups or company wide, can block objectionable search results including text, images, and videos found by popular search engines.
TMG 2010's ability to inspect encrypted HTTPS traffic is a significant enhancement over ISA Server 2006 because HTTPS sessions typically represent 10-15% of total web traffic. With HTTPS inspection, Forefront TMG is able to examine web traffic that has been encrypted within Secure Socket Layer (SSL) tunnels. HTTPS inspection can police inbound and outbound traffic to block viruses and other malware, prevent access to sites with expired certificates, or to thwart attempts to circumvent web access policies by using encrypted tunneling applications over a secure channel.
Forefront TMG provides HTTPS security by standing between the client computer initializing the HTTPS connection and the secure web site. TMG intercepts the client request and creates an SSL tunnel to the target site to validate the site's server certificate. TMG uses the details of the secure site's certificate to create a new SSL certificate and signs it with TMG's HTTPS inspection certificate. TMG then presents the new certificate to the client and uses the certificate to establish a separate rate SSL tunnel. The client will already have the HTTPS inspection certificate in its Trusted Root Certification Authorities certificate store and will trust any certificate signed by this certificate. TMG allows you to exclude designated sites from HTTPS inspection. This is useful, for example, for banking sites or sites that use self-signed certificates. Forefront TMG can also notify users automatically that HTTPS traffic is being inspected.
How Progent Can Help You with Forefront Threat Management Gateway 2010
Progent offers efficient online expertise for all aspects of managing and troubleshooting Forefront Threat Management Gateway 2010 and can help you follow industry best practices with tasks that include:
- Supporting Forefront TMG on Windows Server 2008
- Supporting TMG on a Headquarters Domain Controller or Remote Office Domain Controller
- Configuring networks, routing, roles, and permissions
- Configuring virtual TMG servers and arrays of TMG servers
- Configuring client computers and authentication servers
- Creating and configuring firewall policy, access rules, and VoIP settings
- Installing BranchCache in TMG
- Configuring VPN access and enforcing VPN client health
- Publishing Microsoft applications and server roles including Exchange, SharePoint, OWA, and web servers
- Enabling malware inspection, exceptions, and definition updates
- Configuring HTTPS inspection, exclusions, and certificate updates
- Configuring email protection with spam, virus, and content filtering
- Administering, monitoring, and backing up TMG
- Setting up load balancing and establishing redundant ISPs for high availability and performance
- Creating standard and custom management reports
Progent's certified network security engineers can show you how to design an enterprise-wide security strategy that incorporates disaster recovery planning and periodic network vulnerability scanning. Progent's Microsoft System Center Operations Manager (SCOM) network monitoring experts can assist you to protect your IT environment by proactively detecting and resolving potential network problems before they can disrupt productivity. Progent maintains a team of online Cisco CCIE-certified network engineers who offer cost-effective expertise to troubleshoot challenging problems with your network infrastructure.
Contact Progent for Microsoft Forefront Threat Management Gateway 2010 Solutions
For more information about how Progent can help you with Forefront TMG, call
Progent's Consulting and Support Services for Microsoft .NET Servers
For small and mid-sized businesses anywhere in the United States, Progent's Microsoft-authorized experts can provide computer help and IT consulting support for the whole array of Microsoft .NET servers and Microsoft Windows Servers. Progent's migration, installation, update, and support services include network design, configuration, and administration outsourcing for
project management and documentation, local and off-site
technical support and system repair,
Standard Help Desk Call Center Services or Co-managed Help Desk Call Center Services, certified
security consulting, full-service
outsourcing, and
ProSight Virtual Hosting services.
If your organization needs immediate online help from a certified consultant, go to Progent's Emergency Online Technical Support.
Find out more information concerning Progent's Consulting Services for Microsoft .NET Servers.
An index of content::
Professional Email Virus Fingerprint
ProSight Email Virus Filtering Technology Professional
Progent's ProSight Email Guard uses the technology of top data security vendors to deliver web-based control and world-class security for your email traffic. The powerful architecture of Email Guard integrates a Cloud Protection Layer with a local gateway appliance to provide advanced protection against spam, viruses, Denial of Service Attacks, DHAs, and other email-based threats. The cloud filter acts as a preliminary barricade and keeps most unwanted email from making it to your security perimeter. This decreases your exposure to external attacks and conserves system bandwidth and storage. ProSight Email Guard's on-premises gateway appliance adds a deeper layer of inspection for incoming email. For outgoing email, the onsite security gateway provides anti-virus and anti-spam filtering, policy-based Data Loss Prevention, and encryption. The on-premises security gateway can also help Microsoft Exchange Server to track and safeguard internal email traffic that originates and ends within your security perimeter.
Microsoft Windows Support Firms
Microsoft Office System Repair Installation
Progent’s IT outsourcing services provide economical computer consulting for small companies. Whether it includes designing network infrastructure, setting up an internal Help Desk or outsourcing a one, deploying a new e-mail platform, monitoring your system, or building a web-based business solution, outsourcing your IT technical services can reduce costs and eliminate risks, allowing IT service expenses to grow in a more linear and manageable fashion than is feasible by building up a bulky, knowledgeable internal IT staff. Progent’s Outsourcing White Paper and datasheets show how Progent can enable you to create a secure and robust network architecture for your critical business software based on Microsoft Windows such as Microsoft Office XP, Office 2003, and Office 2000.
Cybersecurity Team Stealth Penetration Testing
Security Penetration Testing Network Consultants
Stealth penetration testing is an important component of any comprehensive network security strategy. Progent’s security professionals can perform extensive intrusion tests without the knowledge of your company's in-house IT resources. Stealth penetration testing uncovers whether current security monitoring systems such as intrusion detection warnings and event history monitoring are correctly set up and actively monitored.
Solaris Remote Technology Professional
Solaris Online Computer Network Providers
Progent offers nationwide urgent help and consulting services for companies who run Sun Solaris environments or whose information systems include a combination of Sun Solaris and Microsoft technology. Online IT help offers optimum leverage for your information technology dollar by protecting user productivity and shortening the time billed for network analysis and repair. Advanced online support utilities and experienced service specialists and engineers allow Progent to handle the majority of IT problems without wasting time and money by going to your site. In the vast majority of cases your IT issues can be remediated by telephone or through a combination of telephone support and remote connectivity. Progent can make available Cisco CCIE network experts and CISSP and ISSAP certified security professionals to help you with the most challenging network issues.
Microsoft 365 Yammer Integration Computer Consulting
Office 365 Excel Integration Integration Services
Progent can help you to understand the many subscription options available with Microsoft 365, formerly called Office 365, and integrate your information network with Microsoft 365 in a way that delivers top business value. Progent supports cross-platform networks that include Windows, macOS or OS X, and Linux technology. Progent can also assist you to build and manage hybrid networks that seamlessly combine local and cloud resources.
CRISC Certified Risk and Information Systems Control Architect Professional
CRISC Risk and Information Systems Control Consult
Progent can provide the guidance of a CRISC-certified risk management expert to help you to plan and deploy an enterprise risk management strategy following best practices promoted by CRISC and geared to align with your organization's risk appetite, business goals, and budgetary guidelines.
Cisco CCIE Online Phone Support Services
Help Cisco CCIE Remote
Progent's Cisco certified network infrastructure experts have extensive experience assisting Internet Service Providers to design, deploy, manage, tune, and troubleshoot fault-tolerant, extensible network environments suitable for public networks.
Windows 10 Migration Support Team
Windows 10 Microsoft Deployment Toolkit Consultant Services
Progent's Windows consulting experts can help organizations of all sizes to evaluate Windows 10 or to upgrade to Windows 10 from an earlier version of Windows. Online and onsite assessment and migration services for Microsoft Windows 10 offered by Progent's experts include Return on Investment analysis, project supervision, application compatibility testing, test lab systems, virtualization strategies, Cloud and hybrid solutions, mobile management and synchronization, teleworker access, security and compliance, automated provisioning and administration, network infrastructure optimization, wired/wireless convergence, business continuity planning, custom training for network management staff and end users, and post-migration technical help.
IT Service Provider Consultant Rates
Consultant Cost Software Recovery
Progent's pricing policy is to charge for online service and on-premises visits by the minute. As a result, you owe exclusively for received support. Progent does not impose a higher rate for after-hours or urgent service, and within California or in regions where Progent provides on-premises support, Progent does not charge for travel except for emergency support where on-site time is less than four hours. Also, Progent applies no minimum fee and requires no monthly commitment for services delivered during regular working hours. Many support organizations impose large minimum payments or charge for every quarter hour or longer. Progent's small granularity eliminates big invoices for fast solutions so you will not be forced to permit less critical problems to fester.
Nagios Remote Troubleshooting
Linux Network Monitoring, Nagios and MRTG Consultant Services
Network monitoring typically consists of observing a system's resource usage to help identify data traffic backups or troubleshoot hardware or program issues. Nagios and Multi Router Traffic Grapher (MRTG) are powerful, license-free network monitoring tools that run under Linux and can be used to observe multi-OS networks where Linux and Windows coexist. Progent's system support engineers can help you take advantage of both these programs to tune and repair your network. Progent's UNIX consulting services provide small companies and developers assistance with administering and supporting UNIX and Linux systems that work with Windows-based technology.
Online Troubleshooting Exchange 2003 Server Upgrade
Microsoft Exchange 2003 Upgrade Online Support Services
Progent's Microsoft certified consultants can help you define and implement a smooth in-place Microsoft Exchange 2003 upgrade plan that minimizes productivity downtime, reduces long-term service demands, and makes your Exchange Server 2003 easy to manage. For complicated multi-server or multi-site migrations, Progent has the experience to complete your project quickly and economically. Progent's Exchange 2003 help, repair, and consulting services include expertise with the integration of third-party add-ons to Microsoft Exchange 2003 Server that are in keeping with your business needs.
Microsoft 365 Excel Reporting Design
Excel 2019 Consulting
Progent's certified Office Excel and Office 365 Excel application consultants offer a wide range of online services to help you to design, develop, test, deploy, manage, and troubleshoot business applications powered by any release of Microsoft Excel, including Excel Online and Microsoft Office 365 Excel. Progent can help you to upgrade your legacy Excel applications to the newest releases of Excel, support Excel on iOS-based iPhones and iPads and Android phones and tablets, and identify and fix compatibility problems between different versions of Office Excel. Progent can provide on-demand support to organizations looking for a quick fix to a stubborn issue related to Office Excel and Progent can also provide comprehensive project management support for migrating or creating line-of-business applications based on Office Excel. Progent's affordable webinar training for Excel can be customized to meet the needs of individual users or groups.
Exchange Server 2003 Upgrade Consultant Services
Exchange 2003 Onsite Technical Support
Progent's expert support team can help you define and implement an efficient in-place Exchange Server 2003 migration strategy that minimizes network downtime, simplifies long-term support requirements, and makes your Microsoft Exchange Server 2003 easy to administer. For complicated multiple server or multi-site upgrades, Progent offers the experience to finish your move rapidly and economically. Progent's Microsoft Exchange Server 2003 help, repair, and consulting offerings include expertise with the integration of third-party enhancements of Microsoft Exchange 2003 Server that are best aligned to your business goals.
Professionals Meraki Wi-Fi 6 AP Migration
Meraki MR84 Access Point Technology Consulting Services
Progent's Cisco-certified wireless networking consultants offer remote and on-premises consulting and troubleshooting services to help you to design, configure, administer, optimize, and repair Wi-Fi networks that incorporate Cisco's Meraki APs. Progent's consultants can also assist your organization to design and implement hybrid networks that integrate on-premises and cloud-hosted resources and that provide easy access, enhanced security and compliance, unified management, and dependable operation for all your mobile and desktop devices.
Select Topic: