Overview of Microsoft Forefront Threat Management Gateway 2010
Microsoft offers a broad selection of security products and services within the Forefront family. Forefront Threat Management Gateway (TMG) 2010 builds on the proven security technologies of ISA Server 2006, which it is designed to replace and for which it includes downgrade rights. TMG 2010 runs on a 64-bit server and provides a centrally managed Internet gateway that offers a single-server solution for a variety of security functions including an application layer and network layer firewall, URL filtering, malware inspection, reputation services, intrusion protection (IP), application proxy, VPN management, and HTTP/HTTPS inspection. TMG provides comprehensive web security logging and reporting capabilities, allows custom reporting powered by Microsoft SQL Server, integrates with Active Directory to simplify authentication and policy enforcement, and can be deployed as a virtual machine to cut costs and improve availability.
Microsoft has discontinued Forefront TMG 2010. The firewall capabilities offered by the product are commonly handled by hardware appliances from providers like Cisco, Barracuda, Check Point and WatchGuard. (Visit Cisco ASA firewalls with Firepower Services consulting.) Progent's firewall integration consultants can help you maintain and troubleshoot your Forefront TMG 2010 environment or help migrate to a modern solution. If you decide to upgrade, Progent can help you design and implement an efficient migration, integrate your on-premises firewall solution with cloud-based resources, train your IT staff, and provide as-needed expertise.
Progent's Microsoft-certified consultants can help you evaluate the business case for TMG 2010 in your environment; plan and carry out test and production deployments; integrate Forefront TMG 2010 with Windows 2008, Active Directory, SQL Server, Exchange Server 2010, and SharePoint 2010; set up TMG 2010 to run on a virtual machine with Windows Hyper-V; assist you to create custom reports; train your IT management staff; and provide ongoing consulting and troubleshooting support. Progent can also help you migrate smoothly and economically to Forefront TMG 2010 from ISA Server 2006 or ISA Server 2004 so you maximize your return on investment in Microsoft's Forefront technology.
Enhancements of Forefront Threat Management Gateway over Microsoft ISA Server 2006
Forefront Threat Management Gateway 2010 builds on the protection technology incorporated in ISA Server 2006 and offers significant improvements over the platform it replaces. TMG 2010 provides a secure web gateway for protecting users within the security perimeter from web-based threats by integrating anti-virus, anti-phishing, and anti-malware technology with advanced URL filtering and by extending these protections to SSL-encrypted traffic through HTTPS inspection. The powerful Network Inspection System (NIS) integrated with Forefront TMG 2010 is a signature-based network Intrusion Prevention System (IPS) that can provide continually updated application-layer protection for vulnerabilities discovered in Microsoft products and protocols.
TMG 2010 offers improved connectivity through the ability designate email servers to be published on a 1-to-1 NAT basis. Through its new ability to recognize SIP traffic and provide a method to traverse the firewall, Forefront TMG 2010 simplifies the implementation of Voice-over-IP solutions within the network. Support for ISP redundancy enhances availability and facilitates disaster recovery. In the area of VPN connectivity, TMG 2010 can be configured for tunnel-mode IPsec for compatibility with third-party devices, provides termination of L2TP/IPsec and PPTP-VPN sessions using native Windows VPN services, and can be used to publish internal Windows Servers as VPN servers.
The Enterprise Edition of Forefront Threat Management Gateway 2010 delivers improved expandability, availability, speed, management, and virtualization. This high-end edition supports network load balancing and Cache Array Routing Protocol (CARP) to provide fail over and enhance performance, allows access to Microsoft's Enterprise Management Console for centralized administration, and accommodates unlimited virtual CPUs.
The SP1 version of Forefront Threat Management Gateway introduces additional features and enhancements including a new User Activity report that displays web surfing data over a specified period based on websites and URL categories users have requested, simplified deployment of BranchCache at a remote office by using Forefront TMG as the Hosted Cache server when installed on a computer running Windows Server 2008 R2, the ability to run Forefront TMG and a read-only domain controller on the same server to save on IT costs at a branch office, and support for the securely publishing SharePoint 2010.
Network Inspection System for Enhanced Application Layer Inspection
A key part of Forefront TMG's IPS architecture is the Network Inspection System (NIS), a traffic analysis solution based on protocol decoding that uses signatures of known vulnerabilities to detect and block attacks and exploits aimed at Microsoft operating systems and applications. NIS involves a combination of services and software designed to reduce the time gap between when a network-based vulnerability is first discovered by Microsoft and when protective patches are installed on customers' production systems. Ordinarily, this gap can be measured in weeks. NIS can often reduce it to hours, providing zero-day response.
The protection strategy of NIS is based on signatures, code that detects attempts embedded within various network protocols to carry out attacks, as opposed to file-based attacks. Protocols commonly used as attack vectors which NIS can intercept include HTTP, DNS, SMB, SMB2, NetBIOS, and MSRPC, as well as the common email protocols SMTP, POP3, IMAP and MIME. NIS security begins with the Microsoft Malware Protection Center (MMPC). This organization has research facilities in five countries on three continents and works 24 hours a day monitoring global malware trends by analyzing data collected from a broad array of sources, including 600 million Windows computers. The MMPC, which also publishes responses to file-based threats for use by the malware inspection feature of Forefront TMG, develops and distributes the signature definitions used by NIS to defend against network-based attacks.
When a new vulnerability or exploit surfaces, MMPC researchers develop and test a signature which the MMPC response team publishes for efficient distribution via Microsoft Update Service. Forefront TMG can be configured to download and install all new signatures automatically, or the signature library can be updated manually and selectively. You can also select which protocols you want TMG to monitor if, for example, you don't want to waste bandwidth testing for protocols that are already blocked. The NIS feature, including access to updates, is included with the basic Forefront TMG license.
How Progent Can Help You with Forefront Threat Management Gateway 2010
In the field of firewalls and IT security policy, there is always a tradeoff between protection and productivity. Progent's Microsoft engineers and certified security consultants can show you to find the appropriate balance for your environment and can help you configure Forefront Threat Management Gateway 2010 to maximize the business value of your security infrastructure.
Progent can help you design, test, and implement a first-time installation of Microsoft's firewall and IPS technology or upgrade cost-effectively to Forefront TMG 2010 from ISA Server 2006 or ISA Server 2004. Progent can help you interface TMG with Microsoft SQL Server for customized web security reporting, with Exchange Server for secure access via the full MAPI Outlook client without requiring VPN, with SharePoint 2010 for secure publishing, and with Active Directory for consistent authentication and policy enforcement. Progent's Windows Hyper-V experts can help you save money and increase reliability by deploying Forefront TMG 2010 as a virtual server, and Progent's disaster recovery engineers can show you how to take advantage of TMG's network load balancing support to maximize availability.
Progent's certified network security engineers can help you create a company-wide security solution that includes business continuity planning and network security vulnerability scanning. Progent's Microsoft System Center Operations Manager (SCOM) consultants can help you monitor your network proactively to spot and remediate issues before they grow into serious problems. Progent offers the services of one of the country's largest teams of Cisco CCIE network engineers who can provide affordable online expertise to help you build a secure and responsive network infrastructure and to troubleshoot complex problems with Cisco appliances or software. Progent can also provide webinar training to help your IT staff get up to speed quickly with Forefront TMG 2010. Because Progent specializes in delivering advanced consulting and troubleshooting services online, Progent can help you minimize support costs and speed up the completion of IT projects and repairs.
Contact Progent for Microsoft Forefront Threat Management Gateway 2010 Solutions
If you need help with Forefront TMG 2010, call 800-993-9400 or visit Contact Progent.
Progent's Consulting Services for Microsoft Server Products
For small companies anywhere in the United States, Progent's Microsoft-authorized consultants offer network assistance and professional consulting services for the entire family of Microsoft .NET servers and Microsoft Windows Servers. Progent's migration, integration, optimization, and support services cover network architecture, configuration, and management help for
project management and documentation, local and off-site
IT support and system troubleshooting,
Standard Call Center Support or Co-managed Help Desk Call Center Services, certified
security expertise, full-service
ProSight Virtual Hosting services.
In case your organization is looking for fast online support from a Microsoft certified engineer, go to Progent's Urgent Remote Network Support.
Read additional information about Progent's Consulting Services for Microsoft Server Technology.