Forefront TMG 2010 EOL Announcement

Posted on September 12, 2012 by Michel de Rooij

Today, Microsoft finally announced the discontinuing of most of it’s ForeFront products, including the retirement of products used in many Exchange deployments, ForeFront Threat Management Gateway (TMG) 2010 and ForeFront Protection for Exchange (FPE).

The products to be discontinued are:

ForeFront Threat Management Gateway (TMG), including Forefront TMG Web Protection Services (TMG WPS);
ForeFront Protection for Exchange (FPE);
ForeFront Protection for SharePoint (FPSP);
ForeFront Security for OCS (FSOCS);
ForeFront Protection Server Management Console (FPSMC).

This announcement is not a real surprise; rumors TMG would cease to exist circulated for months. Using this official statement companies can start adapting their strategies, when they have not already done so, when using one of the products mentioned. When companies were planning to use them in the (near) future, they need to turn to alternative solutions as well, since the these ForeFront offerings will no longer be available for purchase as of December 1st, 2012!

As it stands, mainstream support for TMG will end on April 14th, 2015; extended support for TMG will end on April 14th, 2020. Forefront Online Protection for Exchange (FOPE) will be rebranded as Exchange Online Protection.

First, the hygiene products. This is clearly a move these shift these layers of protection to “the cloud”, which has clear benefits like filtering incoming messages before they enter the organization which is also nice from a bandwidth perspective. However, that’s no solution for the many customers still requiring an on-premise solution which, for example, does store scanning; these customers are forced to tend to to 3rd parties, like McAfee or Symantec. Note that Exchange 2013 will contain basic anti-malware functionality, but I doubt this will meet any customer’s demands and certainly isn’t a very manageable solution.

Next, there’s the firewall, reverse proxy, load balancing and VPN functionality offered by TMG. Currently, many organizations use TMG to publish Exchange and as like many say and know, Exchange and TMG go very well together. For example, TMG can offer pre-authentication or SSL offloading for your Exchange boxes.These customers need to look into VPN like solutions like ForeFront UAG, which is a totally different concept and less straightforward than implementing a TMG in front of your Exchange boxes, or check for 3rd party solutions, like F5 BIG-IP with the Access Policy Manager add-on. Of course, your revised strategy and eligible solutions depend on your business requirements.

Roadmaps of ForeFront Identity Manager (FIM) and ForeFront Unified Access Gateway (UAG) remain unchanged, so publishing Exchange using UAG remains a future-proof possibility.

TechEd North America 2012 sessions

Posted on June 14, 2012 by Michel de Rooij

With the TechEd North America 2012 event still running, recordings and slide decks of finished sessions are becoming available online. Here’s an overview of the Exchange-related sessions:

EXL304 – An Inside View of Microsoft Exchange 2010 SP2 (Jeff Mealiffe)
EXL305 – Microsoft Exchange Server 2010 SP2 Tips & Tricks (Scott Schnoll)
EXL302 – Exchange Simple Migration Gets a Makeover (Ram Poornalingam)
EXL301 – Archiving in the Cloud with Exchange Online Archiving (Bharat Suneja)
EXL201 – Understanding Microsoft Forefront Online Protection for Exchange (Robert Gillies)
EXL306 – Best Practices for Virtualizing Microsoft Exchange Server 2010 (Jeff Mealiffe)
EXL401 – Microsoft Exchange Server 2010 High Availability Deep Dive (Scott Schnoll)
EXL307 – Using a Load Balancer in Your Microsoft Exchange Server 2010 Environment (Jaap Wesselius)
EXL203 – How to Tell Your Manager You Need Quotas on Your Mailboxes (Bhargav Shukla)
EXL308 – Real World High Availability and Site Resilient Design (Robert Gillies)
EXL202 – Getting Microsoft Exchange and SharePoint to Play Together (J. Peter Bruzzese)
EXL303 – Configuring Hybrid Exchange the Easy Way (Neil Axelrod)

ForeFront TMG SP2 Rollup 1

Posted on January 13, 2012 by Michel de Rooij

A short blog on the ForeFront team releasing Rollup 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

This Rollup fixes a “Bad Request” issue when accessing OWA through Forefront TMG. For a full list of changes, consult knowledgebase article kb2649961.

Note that along the lines of products like Exchange, cumulative updates for ForeFront TMG are now also called Rollup instead of Software Update or Update.

You can request ForeFront TMG SP2 RU1 directly from support here.

Forefront Protection for Exchange Rollup 4

Posted on December 6, 2011 by Michel de Rooij

Microsoft released Hotfix Rollup 4 for Forefront Protection for Exchange Server (KB2619883).

Here’s the list of fixes included in this rollup:

Email is sent to the Forefront Protection for Exchange UNDELIVERABLE folder instead of being delivered
UNC and proxy credentials are stored in clear text in the Forefront Protection for Exchange file system
The Forefront Protection for Exchange FSEMachinePrep.exe fails with a fatal error
The external sender does not receive the expected Forefront Protection for Exchange generated notification
Forefront Protection for Exchange generates a notification with a blank subject line
Forefront Protection for Exchange virus engine updates fail between the passive node and active node in CCR clusters
Forefront Protection for Exchange only accepts 7-digit License Agreement numbers
Forefront Protection for Exchange generates a 2098 event ID every time the MSExchangeTransport service is restarted
Email queues at startup on an Exchange server running Forefront Protection for Exchange

For more details on the fixes consult the knowledge base article. You can request the hotfix rollup directly from the support center here.