Microsoft TMG Gateway and ISA Server 2006
Microsoft Forefront Threat Management Gateway (TMG) 2010 and Internet Security and Acceleration (ISA) Server 2006 are multi-layer firewalls, VPN, proxy, and Web cache platforms that increase network performance while improving the protection of small business and enterprise networks against internal and external attacks that exploit web and email vulnerabilities. Forefront TMG is built on the Intrusion Prevention System (IPS) architecture of ISA Server 2006, which is designed to make it easy and affordable for businesses to implement secure application publishing, efficient branch office gateways, and comprehensive web access protection.

Secure Application Publishing with Forefront TMG 2010 and ISA Server 2006 enables greater control over intranet resources, yet provides increased productivity by making them available to remote users. TMG 2010 and ISA Server 2006 help protect your corporate applications, services, and data across all network layers with stateful packet inspection, application-layer filtering and comprehensive publishing tools. As a Branch Office Gateway, TMG 2010 or ISA Server 2006 firewalls simplify administrator and user experiences through a unified firewall and VPN architecture, with web caching and bandwidth management, an optimized firewall and filtering engine, and extensive access control. Forefront TMG 2010 and ISA Server 2006 help provide Web Access Protection with a hybrid proxy-firewall architecture, granular policies, deep content inspection, plus comprehensive alerts and monitoring capabilities.

ISA Server 2006 has been replaced by Forefront Threat Management Gateway 2010 (TMG 2010), which is based on ISA Server 2006's architecture while providing a variety of enhanced features. Forefront TMG 2010 has in turn been discontinued by Microsoft, and the gateway security features offered by the product are typically handled by purpose-built hardware appliances from vendors such as Cisco, Barracuda, Check Point and WatchGuard. (See Cisco ASA firewalls with Firepower Services consulting.) Progent's firewall integration experts can help you manage and troubleshoot your ISA Server 2006 or Forefront TMG 2010 environment or assess the business value of migrating to a more current solution. If you decide an upgrade makes sense, Progent can help you plan and execute a smooth, cost-effective migration, test and tune your firewall deployment, provide custom webinar training to your support staff, and deliver ongoing remote consulting and support services.

ISA Server 2006 Architecture

Microsoft Exchange Server 2007 Consulting
The architecture of ISA Server 2006, detailed in the above illustration, provides a flexible platform for a secure web gateway, a single-box all-purpose intrusion protection system, a remote access gateway, or a secure email relay.
  1. The core firewall engine operates in efficient kernel mode and integrates with the TCP/IP stack.
  2. The policy engine retrieves ISA Server policies from the policy store, and enforces them both in kernel mode, as part of the firewall engine, and in user mode, where the Microsoft Firewall service performs advanced functions, such as user authentication.
  3. An application filter API allows included protocol filters and third-party protocol filters to provide advanced services that integrate with ISA Server. The SMTP filter is an example of such a protocol filter.
  4. The Web Proxy Filter processes HTTP requests and performs application filtering on these requests. A Web filter API allows third-party Web filters to plug into the Web Proxy Filter for more advanced HTTP processing.
Key Features of Microsoft TMG 2010 and ISA Server 2006
ISA Server 2006 offers a wealth of new features and benefits that provide more tightly integrated network security, easier management, higher performance, and better protection for business information and applications.

Integrated Security
Microsoft TMG 2010 and ISA Server 2006 offer tight security through integration with Microsoft applications and protocols such as Active Directory, Windows Internet Name Service (WINS), Dynamic Host Configuration Protocol (DHCP), Network Load Balancing (NLB), and VPN Quarantine. Improvements in this area allow your business to:

  • Increase security and deployment flexibility for Web application servers through enhanced multi-factor authentication (smart cards and one-time passwords), flexible integration with Active Directory (LDAP), and customizable forms-based authentication for almost any Web application and client device.
  • Easily integrate TMG 2010 or ISA Server with your existing authentication infrastructure through enhanced authentication delegation (including NTLM, Kerberos, and SecurID), and gain more access control with improved session management that detects non-user traffic through automatic idle-based time-outs.
  • Maintain secure branch office infrastructure using Background Intelligent Transfer Service (BITS) caching to accelerate the deployment of software updates and keep remote computers protected.
  • Help defend your network with Enhanced Flood Resiliency features for event handling and monitoring that provide better resistance to Denial of Service (DoS) and Distributed DoS attacks.
  • Mitigate the effects infected computers have on your network with enhanced worm resiliency through simplified client Internet Protocol (IP) alert pooling and connection quotas.
  • Enhance attack remediation through extensive alert triggers and responses to notify administrators of network problems promptly.
Easier Management
Total cost of ownership of application-layer security can be reduced significantly by TMG 2010 and ISA Server 2006 through simplified deployment and management, plus server consolidation. ISA Server 2006 saves your company money by allowing IT managers to:
  • Simplify the process of securely publishing Exchange, Windows SharePoint Services, and other Web servers with easy-to-use wizards for multiple sites, and enhanced certificate administration to avoid configuration errors.
  • Easily deploy farms of Web servers behind TMG 2010 or ISA Server 2006 using session-based and IP-based affinity with automatic out-of-service detection using Web Publishing Load Balancing.
  • Easily deploy and configure TMG 2010 or ISA Server 2006 computers in branch offices by using answer files on removable media for unattended installation, and with easy-to-use VPN wizards to streamline connectivity.
  • Manage remote TMG 2010 or ISA Server 2006 computers more effectively with faster propagation of enterprise policies, reduced server requirements, and low-bandwidth optimizations.
  • Provide enhanced resource control by log throttling and control of memory consumption and pending DNS queries.
  • Unify management and monitoring across your TMG 2010 or ISA Server 2006 infrastructure with the Management Pack for Microsoft Operations Manager, and use enterprise-level and array-level policies to streamline control of security and access rules across your organization.
Faster and More Secure Access
TMG 2010 and ISA Server 2006 offer secure and seamless user access to network resources with added speed achieved through caching. Deploying TMG 2010 or ISA Server 2006 can:
  • Enable a smoother user experience for published Web applications, document libraries, and content through single sign on and comprehensive link translation to help ensure secure and consistent access.
  • Improve Web page load times and reduce WAN costs for users in branch offices with HTTP traffic compression and caching.
  • Help ensure that the highest priority applications get precedence over other network traffic through Diffserv IP settings, providing better bandwidth utilization and response times for critical Web resources.
Innovative Features of Forefront Threat Management Gateway 2010
Microsoft's Forefront Threat Management Gateway 2010 offers a number of important features that make it an attractive alternative to ISA Server 2006. Top new features include:
  • 64-bit support for Windows Server 2008 R2 for improved performance, scalability, and reliability.
  • Web anti-malware protection through the inspection of inbound and outbound traffic and the ability to block encrypted folders.
  • The ability to inspect HTTPS sessions for encrypted malware or exploits.
  • Optional email security with Forefront Protection 2010 for Exchange.
  • Network Inspection System (NIS) for continually updated signature-based inspection of multiple network protocols.
  • Support for virtualization with Windows Hyper-V.
  • Internet Service Provider redundancy for high availability or load balancing.
  • Support for Secure Socket Tunneling Protocol (SSTP) and Network Access Protection (NAP) for improved VPN capability.
For a more detailed discussion of TMG 2010's enhancements over ISA Server 2006, see Progent's Forefront TMG 2010 consulting services.

How Progent's Microsoft-certified Consultants Can Help You with TMG 2010 and ISA Server 2006
Progent's certified firewall experts can assist you to maintain and troubleshoot a deployment of TMG 2010 or ISA Server 2006, and Progent can help you migrate efficiently to more current security platforms. Progent's CISM, CISSP, GIAC, and CISA-certified security engineers can show you how to create a complete security and compliance plan that adheres to industry best-practices for corporate-wide security policies. Progent can help you enhance your TMG 2010 environment by providing Exchange Server 2010 integration for protected email solutions and with Microsoft Operations Manager integration for network monitoring, automated warnings and remediation, and reports. Progent's team of Cisco CCIE-certified consultants can provide affordable online expertise for architecting and troubleshooting a secure network infrastructure with Cisco routers and switches.

If you have moved up to Windows Server 2008 R2 and to Microsoft's latest mission-critical platforms such as Exchange Server 2010 and SharePoint 2010, Progent can help you evaluate the costs and benefits of migrating to Forefront Threat Management Server 2010 from ISA Server 2006 to take advantage of TMG 2010's close integration with the current versions of Microsoft's mainstream applications.

Progent offers a range of cost-effective information technology services to fit your network environment and budget. Services available from Progent include emergency troubleshooting, high-end consulting, project management for major migrations and upgrades, onsite and remote support, Help Desk, and comprehensive IT outsourcing.

For more information about Progent's consulting and support services for ISA Server 2006, call 1-800-993-9400 or visit Contact Progent.

© 2002- 2019 Progent Corporation. All rights reserved.

More topics of interest:

An index of content::

Aptos, CA Internet Security and Acceleration Server 2006 Onsite Technical Support Lincoln Technology Providers
Atlanta, Georgia Network Providers Cisco and Microsoft Certified Expert Atlanta Computer Installation
Best Microsoft ISA Server 2006 Online Troubleshooting Colorado Network Designers
BlackBerry Synchronization Small Business Network Consulting Wichita BlackBerry Wireless Troubleshoot
Brisbane Expert San Francisco Computer Services
CISSP Certified Cybersecurity Architect Consultants CISSP Certified Information Security Officer Professionals
CISSP Compliance Auditor CISSP Computer Security Specialist in Lexington-Fayette Kentucky
Capitola Computer Services Northern California Santa Cruz County Networking Group
CentOS Linux, Sun Solaris, UNIX Technical Support Services Slackware Linux, Solaris, UNIX Technical Support Services
Cisco CCIE Service Provider Network Consultant Contract From Home Job for Microsoft MCITP Engineer Union Square
Cisco Campbell Small Office Network Consulting Los Gatos Network Design and Configuration in California
Cisco Computer Network Specialists Cisco Implementation Services Montana - Billings, MT, Missoula, MT, Great Falls, MT, Bozeman, MT
Cisco Network Integration Cisco Network Assessment DC
Cisco On-site and Remote Support Cisco Computer Support Companies
Cisco System Consultant Cisco Security Consulting Firms
Cisco System Repair Cisco Solution Provider
Cisco Technology Consultancy Firm Computer Network Firms Fresno
Colorado Guru Colorado Information Technology Outsourcing Group
Computer Network Service Company Roseville Onsite and Remote Support Northern California
Consultant Foster City, CA Small Office Computer Consultant for SQL Server 2012 Seattle Kirkland Everett, WA
Consulting Services for Microsoft SQL Server 2012 Microsoft SQL 2014 Tech Support Outsource in St Louis, MO
Customer Relationship Management Support and Setup On-site Technical Support
Cybersecurity Team for Security Largest Security Consultancies in Chesterfield County Virginia
Debian Linux, Solaris, UNIX Computer Consulting Gentoo Linux, Solaris, UNIX Support Outsourcing in Washington District of Columbia
Denver Integration Specialist Denver, CO Computer Network Support Companies
Durham, North Carolina Network Administration Cisco Certified Experts Durham, NC Outsourcing IT Support
El Paso Remote Support Cisco and Microsoft Certified Expert El Paso Network Outsource
Emergency Phone Support Network Manager Network Design and Consulting Pueblo
Engineer for Symantec Backup Exec Apple Mac Backup Consultant Services
Engineers for ProSight Virtual Hosting ProSight Small Business Private Clouds Consultants
Exchange 2003 Server Technical Support Outsource Migration Firm for Exchange Server 2007 Madison, WI
Expert Microsoft Certified Services in Santa Ana, CA Computer Consultancy Companies for North Carolina
Experts for Exchange Microsoft Exchange 2016 Professional Services
Forefront Network Inspection System Support Services Help and Support
Honolulu ISA 2006 Remote Support Computer Setup for Pacifica in California
ISA 2006 Firewall Consultant Services San Jose Technical Consulting
ISA 2006 Firewall Consulting Services in Wyoming Cisco Server Setup
ISA 2006 Firewall Services Cleveland, OH Windows Server 2016 Software Consultants in South Florida
ISA 2006 Firewall Services Tampa Maintenance for Phoenix, Arizona
ISA 2006 Firewall Specialist Woodcliff Lake, NJ Recovery Services for New York
ISA 2006 Specialists in Richmond CentOS Linux, Solaris, UNIX Online Help Port Newark
ISA 2006 Support Outsourcing Moraga, CA Part-Time Job for Microsoft MCDST Consultant in San Mateo County
ISA Server 2006 Outsourcing Bakersfield Networking Consultants Tacoma Olympia
IT Consultant for Microsoft SharePoint Microsoft SharePoint Server 2010 IT Services in Reseda
IT Services for Network Troubleshooting ProSight Remote Network Troubleshooting Technical Support Services
Internet Security and Acceleration Server 2006 Technology Consulting Services in Milwaukee Charlotte, Mecklenburg County SQL Server 2014 Online Technical Support
MCSE Expert Certified Exchange Server 2003 Support and Setup Exchange 2003 Consultant Services
Microsoft Access reports Services Office Access database Contract Development
Microsoft Consulting Job Full-Time Jobs for Microsoft MCP Consultant
Microsoft Exchange Configuration Outsourcing
Microsoft Expert IT Consulting for ISA Server 2006 Networking Company for Columbia, Charleston, Rock Hill, SC
Microsoft ISA Server 2006 Engineer in Charlotte, NC Small Office Network Consulting
Microsoft ISA Server 2006 Onsite Technical Support Philadelphia, PA Outsourcing IT
Microsoft MCP Remote Consulting Subcontractor Montgomery Huntsville Subcontractor for Microsoft Remote Support
Microsoft Network Small Business Outsourcing IT Help Desk Network Manager in Gilbert, Maricopa County
Microsoft SQL Server 2016 Network Integration Server Install for Microsoft SQL 2008 in Hialeah, Miami-Dade County
Microsoft Windows 7 Upgrade Network Companies Cisco Expert Microsoft Windows 7 Consulting Services
Network Consulting Group for San Francisco SF Small Office Computer Consulting Services California
Oklahoma City, Tulsa, Norman, OK Specialist Computer Consultation for Oklahoma City, Tulsa, Norman, OK
On-site Support for Gentoo Linux, Sun Solaris, UNIX Slackware Linux, Solaris, UNIX Troubleshooting Albuquerque, Bernalillo County
Online Support for Exchange 2010 OWA Network Consulting for Microsoft Exchange
Professional Microsoft Windows Server 2016 Networking Consultants in Boston Cambridge
Professionals for ISA Server 2006 Microsoft SQL Server 2016 Computer Consulting Firm
Project Server Time Reporting Consulting Services Microsoft Project Server Scheduling Specialist
Redhat Linux, Sun Solaris, UNIX Support Fedora Linux, Solaris, UNIX Integration Services Yonkers Manhattan White Plains
Remote Support Columbus Nevada Consulting for Sun Solaris
Remote Troubleshooting for Microsoft SharePoint 2013 Network Consultant Tulsa County Oklahoma
SQL Server 2012 Computer Network Consulting Microsoft SQL 2008 Small Business IT Consultants Silicon Valley, California
SQL Server 2012 Technology Providers Network Services
San Carlos Integration Consulting Half Moon Bay Upgrade
San Francisco Technical Support Group Computer Network Consultant for South San Francisco California
Seattle, WA Providers Seattle System Consulting Services
Security Group for Firewall and VPN Network Security Audit
SharePoint Server 2007 Online Support Microsoft SharePoint Server 2007 Consulting Colorado Springs, El Paso County
Small Business Computer Consultant Windows Server 2016 Network Installations Boston
Small Business Networking Microsoft SQL Server 2016 Outsourced IT Management Services Orange County California
Small Offices Network Engineers Consulting Service
Specialist for Internet Security and Acceleration Server 2006 Lexington-Fayette Linux Technical Support Vermont
Specialist in San Antonio Security Evaluation Scottsdale
St. Paul, Minnesota Software Consultants St. Paul, Minnesota Small Business IT Consulting Company
Subcontractor Job for Benefits for Home Based Network Consultants Compensation for Cisco Engineering Home Based Virtual Office
Sun Solaris Migration Consultant Solaris-Windows Migration Consultants
Support Outsourcing for SharePoint Server 2013 Durham, NC Microsoft SharePoint 2013 Computer Consultants
Support and Help Microsoft SharePoint Server Technical Consultant
Support and Help for Cisco PIX 500 Firewall Migration PIX Firewall Integration Support
Systems Engineer for San Jose Technology Providers for San Jose Northern California
Technical Support Organizations Microsoft SQL 2008 Small Business IT Outsourcing
Urgent Network Support Firm Pinellas County Florida Microsoft and Apple Troubleshooting
Vacaville On-site IT Support Suisun City Information Technology Consulting Firm in California
Washington - Seattle, WA, Spokane, WA, Tacoma, WA Security Consulting Group Computer Network Consulting
Windows 2003 Professional Windows 2003 Server IT Services
Windows Server 2012 Network Installation Windows Consultants in Omaha
Woodland IT Service Repair Installation for Yolo County California
Zero Downtime Network Consultants Consultants
prime infrastructure Specialist Cisco Certified Expert prime infrastructure Technology Consulting