Category Archives: TMG

ForeFront TMG SP2 Rollup 1

Posted on by
5

A short blog on the ForeFront team releasing Rollup 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

This Rollup fixes a “Bad Request” issue when accessing OWA through Forefront TMG. For a full list of changes, consult knowledgebase article kb2649961.

Note that along the lines of products like Exchange, cumulative updates for ForeFront TMG are now also called Rollup instead of Software Update or Update.

You can request ForeFront TMG SP2 RU1 directly from support here.

Forefront Threat Management Gateway SP2

Posted on by
Reply

Microsoft released Service Pack 2 for Forefront Threat Management Gateway 2010, updating TMG to version 7.0.9193.500.

Here’s several highlights included in this service pack:

Kerberos Authentication
• You can now use Kerberos authentication when you deploy an array using network load balancing (NLB).

SSL
• Changes to SSL memory pool to increase Outlook performance when using Exchange online.

New Reports
• The new Site Activity report displays a report showing the data transfer between users and specific websites for any user.

Error Pages
• A new look and feel has been created for error pages.
• Error pages can be more easily customized and can include embedded objects.

You can download Forefront TMG 2010 SP2 here. Full release notes will be made available here.

ForeFront TMG SP1 Update 1 for Exchange 2010 SP1

Posted on by
Reply

The ForeFront team released Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.

Besides bug fixes and some added functionality, Update 1 also adds support for Exchange 2010 SP1. Because Exchange 2010 SP1 doesn’t support the get-antispamupdates cmdlet (see this post), implementing Exchange 2010 SP1 on servers in the Mail protection role (with Exchange – Edge server role – as well as ForeFront Protection for Exchange) leads to issues.

Update 1 fixes this issue. To make things confusing, the ForeFront team calls these cumulative updates Software Update or Update; what’s wrong Rollup? Be advised that the ForeFront Update page doesn’t mention the Update (yet), nor is the related knowledge base article published (kb2288910).

You can download ForeFront TMG SP1 Update 1 here. Note that currently only English is available, other languages are said to be made available soon.

Publishing Exchange 2010 with UAG & TMG

Posted on by
Reply

Today Microsoft released a white paper by Greg Taylor (Sr. Program Manager, Exchange Server Customer Experience Team) on publishing Exchange Server 2010 with Forefront Unified Access Gateway 2010 and Forefront Threat Management Gateway 2010.  This white paper contains information and guidance on publishing Exchange Server 2010 using Forefront UAG and  Forefront TMG. This includes information on how to choose between UAG and TMG for different scenarios as well as steps on how to configure thos products in order to publish Exchange 2010.

You can download the white paper here.

Forefront Threat Management Gateway SP1

Posted on by
Reply

Microsoft released Service Pack 1 for Forefront Threat Management Gateway 2010.

Here’s the list of changes included in this service pack :

New Reports
• The new User Activity report displays the sites and site categories accessed by any user.
• All Forefront TMG reports have a new look and feel.

Enhancements to URL Filtering
• You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
• You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
• Denial notification pages can now be customized for your organization’s needs.

Enhanced Branch Office Support
• Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
• When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of BranchCache at the branch office, using Forefront TMG as the Hosted Cache server.

Support for publishing SharePoint 2010
• Forefront TMG SP1 supports secure publishing of SharePoint 2010.

You can download Forefront TMG 2010 SP1 here.

Forefront TMG 2010 Capacity Planning Tool

Posted on by
Reply

Version 1.0 of the ForeFront Threat Management Gateway2010 Capacity Planning Tool has been released.

This tool is to help you with planning and sizing (or verifying) your TMG 2010 configuration, and gives a calculation on the hardware configuration, number of concurrent users and bandwidth requirements using hardware, concurrent users or bandwith as starting point.

For its calculations the tool uses parameters like number of concurrent users and features you want to enable on the TMG. Regarding features you can make your own selection or use presets, e.g. “Mail Protection” for using TMG as an anti-spam/anti-malware e-mail gateway. The calculator has support for load-balancing and virtualization.

You can download the Forefront TMG 2010 capacity planning tool here.

ForeFront TMG BPA released

Posted on by
Reply

Today, Microsoft released the Forefront Threat Management Gateway Best Practices Analyzer, or ForeFront TMG BPA for short. Like other Best Practice Analyzer tools, this tool is to analyze the configuration and health of systems, based on predetermined best practices rules. The tool reports any issues, after which you can take action. Note that the installation also contains a tool, titles BPA2Visio, to (as you can probably guess) generate Visio drawings using the information found in TMG. BPA2Visio requires a Visio installation. You can download ForeFront TMG BPA, which is labeled version 8.0.1, here.

Be advised that TMG BPA only works on TMG, not on ISA installations. For ISA analysis, use ISA BPA which can be downloaded here.

Forefront TMG 2010 docs available

Posted on by
Reply

Today, the Forefront Threat Management Gateway (TMG) 2010 documentation became available on TechNet.

Besides the regular topics, like configuring TMG as a secure gateway between your network and the internet, the documentation also focuses on new functionality like HTTPS inspection, Anti-malware, Network Inspection (NIS), Enhanced NAT, VOIP support, 64-bit support and interoperability between TMG and BranchCache (new functionality in Windows 7 and Windows Server 2008 r2).

The documentation also contains steps on how to plan to, prepare for and configure ForeFront TMG in relationship with Exchange Edge Servers, i.e. E-Mail Protection as well as steps on how to upgrade from previous products like ISA Server to ForeFront TMG here.

You can find the ForeFront TMG 2010 documentation here.