Overview of Microsoft Forefront Threat Management Gateway 2010
Forefront Threat Management Gateway (TMG) 2010 is built on the architecture of Internet Security and Acceleration (ISA) Server to provide a
full-featured security platform that can be deployed as a web proxy, a remote access gateway, an email relay, or a single-box solution that delivers all these functions. TMG 2010 offers significant enhancements over its predecessor ISA Server 2006 through its ability to work as 64-bit application under Windows 2008 R2, its close integration with Exchange Server 2010 and SharePoint 2010, and its array of security and management features.
Forefront Threat Management Gateway 2010 is no longer available from Microsoft, and the gateway security features provided by the product are typically handled by purpose-built hardware appliances from vendors such as Cisco, Barracuda, Check Point and WatchGuard. (See Cisco ASA firewalls with Firepower Services consulting.) Progent's firewall integration experts can help you manage and troubleshoot your Forefront TMG 2010 environment or assess the business value of migrating to a more modern firewall solution. If you decide that an upgrade makes sense, Progent can help you plan and execute a smooth, cost-effective migration, validate and optimize your firewall configuration, provide custom webinar training to your support staff, and deliver ongoing remote consulting and support services.
Capabilities of Forefront TMG 2010 include a multi-layer firewall, URL filtering with support for Microsoft Reputation Services, signature-based network protocol inspection, certificate-based HTTPS inspection, and extensive VPN support. TMG 2010 includes advanced web security reporting features and streamlines authentication and policy enforcement via integration with Active Directory. Microsoft has discontinued Forefront TMG and offers no equivalent single-product solution that provides universal threat management (UTM) functionality. Many of the capabilities offered by Forefront TMG have been incorporated into current versions of Microsoft server platforms including Windows Server, Exchange, SharePoint and Lync.
Progent's Microsoft-certified firewall consultants can help your organization manage and troubleshoot your Forefront TMG 2010 deployment or help you create an equivalent security solution that utilizes the capabilities built into Microsoft's current generation of server platforms and/or third-party firewalls and load balancers from major vendors including Barracuda and Sophos.
Editions of Forefront Threat Management Gateway 2010
The Standard Edition of TMG 2010 includes all the functionality of its popular predecessor ISA Server 2006 (see Progent's ISA Server 2006 consulting services) and adds web anti-malware, HTTPS inspection, enhanced email security, a new Network Inspection System (NIS) that includes an unlimited subscription to updates from the Microsoft Malware Protection Center (MMPC), plus support for ISP redundancy.
The Enterprise Edition of TMG 2010 includes a Central Management Console for consolidated control of distributed instances or arrays of TMG 2010 SE. This leverages the management capability of the TMG Enterprise Edition by effectively extending it to lower-cost TMG 2010 SE systems installed at branch offices, remote sites, or network boundaries. The Enterprise Edition is also the only version that supports network load balancing for high availability and improved performance, Cache Array Routing Protocol (CARP) for load-balancing HTTP requests across multiple proxy cache servers, and unlimited virtualized CPUs for lower equipment costs and faster recovery.
The Medium Business Edition (MBE) of TMG 2010 is designed for use with Windows Essentials Business Server to act as a secure web gateway. Unlike ISA 2006, TMG MBE does not support arrays for load balancing and failover and does not allow a non-domain joined gateway. TMG MBE also does not offer TMG SE's support for HTTPS inspection, the Network Inspection System for signature-based protocol inspection, and ISP redundancy.
Deployment Options with Forefront Threat Management Gateway 2010
The flexible architecture and rich feature set of Forefront Threat Management Gateway 2010 supports different deployment options to match the security needs of a broad range of organizations. TMG 2010 can be deployed on multiple servers in an array that synchronize with the same configuration storage for high performance and easy management. Basic options include running TMG 2010 as a secure web gateway, a remote access gateway, a secure email relay, or a single-box unified threat management (UTM) solution that serves all these functions. Capabilities of TMG 2010 that support these deployment options include:
Secure Web Gateway
Forefront TMG provides HTTPS security by standing between the client computer initializing the HTTPS connection and the secure web site. TMG intercepts the client request and creates an SSL tunnel to the target site to validate the site's server certificate. TMG uses the details of the secure site's certificate to create a new SSL certificate and signs it with TMG's HTTPS inspection certificate. TMG then presents the new certificate to the client and uses the certificate to establish a separate rate SSL tunnel. The client will already have the HTTPS inspection certificate in its Trusted Root Certification Authorities certificate store and will trust any certificate signed by this certificate. TMG allows you to exclude designated sites from HTTPS inspection. This is useful, for example, for banking sites or sites that use self-signed certificates. Forefront TMG can also notify users automatically that HTTPS traffic is being inspected.
How Progent Can Help You with Forefront Threat Management Gateway 2010
Progent offers efficient online expertise for all aspects of managing and troubleshooting Forefront Threat Management Gateway 2010 and can help you follow industry best practices with tasks that include:
Progent's certified network security engineers can show you how to design an enterprise-wide security strategy that incorporates disaster recovery planning and periodic network vulnerability scanning. Progent's Microsoft System Center Operations Manager (SCOM) network monitoring experts can assist you to protect your IT environment by proactively detecting and resolving potential network problems before they can disrupt productivity. Progent maintains a team of online Cisco CCIE-certified network engineers who offer cost-effective expertise to troubleshoot challenging problems with your network infrastructure.
Contact Progent for Microsoft Forefront Threat Management Gateway 2010 Solutions
For more information about how Progent can help you with Forefront TMG, call
Progent's Consulting and Support Services for Microsoft Server Products
For small businesses throughout the United States, Progent's Microsoft-authorized consultants can provide network assistance and IT consulting support for the entire array of Microsoft .NET servers and Microsoft Windows Servers. Progent's migration, integration, update, and consulting services include network architecture, configuration, and administration outsourcing for
project analysis and documentation, on-site and remote
technical support and network repair,
Standard Help Desk Support or Shared Call Center Support, comprehensive
security expertise, full-service
outsourcing, and
ProSight Virtual Hosting services.
If your company is looking for fast remote help from a Microsoft certified consultant, refer to Progent's Emergency Remote Computer Support.
Find out more information about Progent's Consulting Services for Microsoft Server Products.