Saturday, December 5, 2009

isa 2006 to forefront | Migrate Microsoft ISA Server 2006 to Microsoft Forefront TMG in pictures | Microsoft ISA Server and Forefront TMG  | forefront TMG 2010 | ISA Server

isa 2006 to forefront | Migrate Microsoft ISA Server 2006 to Microsoft Forefront TMG in pictures | Microsoft ISA Server and Forefront TMG | forefront TMG 2010 | ISA Server


Microsoft Forefront TMG (Threat Management Gateway) is the upcoming successor of ISA Server 2006 and will be available in 2009. This article is based on a beta version of Microsoft Forefront TMG. If you want to evaluate Forefront TMG, a public beta is available at the following website: Forefront TMG. If you want to have a look at a special version of Microsoft Forefront TMG which is already RTM, you should evaluate Microsoft Windows Essential Business Server 2008 which contains Forefront Threat Management Gateway, Medium Business Edition. But keep in mind that this is not the same version of TMG which Microsoft will publish in 2009 as a standalone product.

Before we start upgrading ISA Server 2006 to Microsoft Forefront TMG, we have to understand the following upgrade and migration limitations:
  • You cannot update ISA Server 2006 to Forefront TMG on the same machine, because ISA Server 2006 is running only on 32 Bit systems, Forefront TMG will only run on Windows 2008 64 Bit.

  • ISA Server 2006 cannot be upgraded to Forefront TMG during an in-place upgrade of Windows Server 2003 to Windows Server 2008.
  • Microsoft Forefront TMG does not support more than 300 licensed users.
  • It is not possible to migrate from ISA Server 2006 Enterprise to Microsoft Forefront TMG.
  • It is not possible to migrate from ISA Server 2000 and 2004 to Forefront TMG, you first have to update both older versions to ISA Server 2006.
  • You cannot upgrade ISA Server 2006 Standard Edition in workgroup mode to Forefront TMG. ISA 2006 must be a member of a domain, but it is possible to migrate ISA 2006 to Forefront TMG which is not part of a Windows domain.
  • If you have enabled the Local Host network to listen for Web proxy client requests, this setting is not migrated.
  • The migration process doesn’t migrate custom log fields you selected in ISA Server 2006.
  • Report configuration settings are not migrated.
  • All features from the ISA Server 2006 Supportability Pack are not available after the migration, but I think that many of these feature will be part of Forefront TMG when the product is finalized.
  • Before you upgrade to Forefront TMG you should check if installed third party software is compatible with Microsoft Forefront TMG.

Setup requirements for Forefront Threat Management Gateway

  • A PC with a 64-bit processor
  • Windows Server 2008 64-bit operating system

  • 1 GB RAM or more
  • 150 MB free hard disk space and some more disk space for additional log files, cache drives and temporary Anti Malware files (Attention: The setup process of TMG says that about 630 MB are needed!)
  • A local hard disk partition that is formatted with NTFS
  • A minimum of one network adapter if Forefront TMG should be used only as a proxy or reverse publishing Server. One or more additional network adapters are needed for full Firewall functionality

More considerations

There are some more considerations when you plan to use Forefront TMG. I gathered this information from the Microsoft Forefront TMG website:
Forefront TMG installed in an Essential Business Server scenario drops all IPv6 traffic. For a following Forefront TMG installation note the following:
  • Forefront TMG denies all IPv6 traffic
  • ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is disabled
  • The 6to4 interface is disabled. This mechanism allows IPv6 packets to be transmitted over an IPv4 network.

  • Whenever the Forefront TMG Control service restarts the Forefront TMG server reregisters with DNS to ensure that there is only an A record registered for the server, and no AAAA (IPv6) record. It also clears the DNS, Address Resolution Protocol (ARP), and Neighborhood Discovery (IPv6 version of ARP) caches.
  • Changing the Forefront TMG installation folder is not supported.
  • By default Forefront TMG is configured to log to a local SQL Server Express database. Forefront TMG installs a number of SQL Server Express components, including an instance for logging and an instance for reporting.
  • Forefront TMG installs the Web Server (IIS) role. Note that this component is not removed if Forefront TMG is uninstalled.
  • Services and driver files installed by Forefront TMG are placed in the Forefront TMG installation folder.
  • You can use Forefront TMG on a computer that has only one network adapter. Typically, you will do so when another firewall is located on the edge of the network, connecting your corporate resources to the Internet.

Migration process

OK, now that we have discussed some limitations about the migration process and the installation requirements of Microsoft Forefront TMG, I will show you the high level steps to upgrade your ISA Server 2006 to Microsoft Forefront TMG:
  • Export the ISA Server 2006 configuration to an XML file
  • Install Microsoft Forefront TMG on a 64 Bit Windows Server 2008 machine

  • Import the exported ISA Server 2006 XML file into the Forefront TMG management console
  • Check functionality, available hotfixes, event logs and more
  • Modify certificate and VPN authentication settings if required
  • Take your old ISA Server 2006 down and bring Forefront TMG into your production environment
This article deals with a beta version of Forefront TMG. You should not use the beta version of Forefront TMG as a production server.

Export settings

As a first step log on to your ISA Server 2006 machine, start the ISA Server 2006 management console and click the Server object to Export (Back Up) the entire ISA Server 2006 configuration.

Figure 1: Export / Backup the entire ISA Server 2006 configuration

It is possible to export confidential information like RADIUS shared secrets or ISA Server role settings. If you want to export confidential information you must specify a password which protects the XML file for unauthorized import attempts.

Figure 2: Export confidential information
As a next step specify a file name for the ISA Server 2006 configuration file.

Forefront TMG Installation

Start the Forefront TMG installation and choose the setup scenario you want to establish. If you want to install a complete set of Forefront TMG services without dependencies, select the first installation option.

Figure 3: Choose which setup scenario is the right for you
Select the components you want to install. In this case we install every component available.

Figure 4: Modify which features you want to use
Installing Forefront TMG takes a while longer than ISA Server 2006 installations, so you should have the time for a short coffee break.
After the Forefront TMG installation is successful, the first time Forefront TMG management console starts the Getting Started Wizard which will guide you through some basic setup steps. This step is not required if you want to import an ISA Server 2006 configuration. You can use the Getting Started Wizard after a successful migration of the ISA Server 2006 settings.

Figure 5: Forefront TMG Getting Started Wizard
Import (Restore) the ISA Server 2006 configuration.

Figure 6: Import (Restore) the exported ISA Server 2006 configuration

Specify the file name with the exported ISA Server 2006 configuration.

Figure 7: Specify the XML file with the exported ISA Server 2006 configuration
During the migration process, the Microsoft ISA Server 2006 configuration will be updated to Forefront TMG.

Figure 8: ISA 2006 configuration is getting updated to TMG format
Enter the password which you had to enter when you exported the ISA Server 2006 configuration with the Export confidential settings enabled.

Figure 9: Enter the password required for opening the Export file
Forefront TMG will now import and convert the settings from the ISA Server 2006 configuration. This could take a few minutes, depending on the size of the exported ISA Server 2006 configuration and the performance of the Forefront TMG machine.

Figure 10: Depending on the Server performance and the amount of import data, importing the configuration can take while
After all settings are successfully imported, click Apply to save the configuration changes.
It is now time to test if all ISA settings have successfully migrated. Some settings may not be imported because they differ between ISA Server 2006 and Forefront TMG.
Figure 11: Congratulation, the Firewall policy was successfully imported
The ISA Server 2006 forms part of the Windows 2003 domain and the Windows group which has access to the VPN functions of ISA Server. The destination Forefront TMG Server is member of a workgroup, so the account information in the VPN configuration gets orphaned. You manually have to remove these and other settings.

Figure 12: Orphaned Windows user group because the destination Server is not part of the same domain/Forest
For the migration process, the statically configured VPN client address ranges were not successfully imported. The Forefront TMG dashboard displayed a configuration error that the VPN client address range is empty. I think that this issue is specific to my machine or if not, Microsoft will address this problem in the final version of Forefront TMG.

Figure 13: The are some configuration errors after the configuration has been imported
Microsoft Forefront TMG has many log files which will be created during the TMG installation process or while the import process from ISA Server 2006 is running. You should have a look at these files if you are experiencing problems with the migration process.

Figure 14: There are a lot of TMG log files created during the installation of TMG / the import process

Decommissioning ISA 2006

After successfully importing the configuration into Forefront TMG, it is time to replace the ISA Server with Forefront TMG. These are the necessary steps:
  • Disconnect Forefront TMG from all networks
  • Assign all IP addresses from ISA Server to Forefront TMG
  • Turn off the TMG Server
  • Connect all network cables from ISA Server to the TMG Server
  • Shutdown ISA Server
  • Start the Forefront TMG Server
  • Check that the Forefront TMG server is working properly
  • Start ISA Server again with no network connection and uninstall ISA Server from the old machine


In this article, I have tried to show you how to migrate your ISA Server 2006 configuration to a new Microsoft Forefront TMG Server. There is no in-place update possible because Microsoft Forefront TMG will only run under Windows Server 2008 64 Bit and ISA Server 2006 only runs on 32 Bit platforms, so you have to export the configuration from a running ISA Server 2006 and import this configuration on a newly installed Microsoft Forefront TMG Server. The migration process is similar to updating ISA Server 2004 to ISA Server 2006 but please keep in mind that this article is based on a beta version of Microsoft Forefront TMG and some things could change when the final version of Microsoft Forefront TMG is released.

Source from : ISA Server Site

Monday, November 30, 2009

Windows Server 2008 Server Core | Installing Windows Server 2008 Server Core in pictures | 2008 Server Core

Windows Server 2008 Server Core | Installing Windows Server 2008 Server Core in pictures | 2008 Server Core

As a Windows Administrator, you should know
what Server Core is . Once you understand the advantages of using Server Core
and what it is designed for, you
will be interested in having it in your environment. You do not need to memorize all the
commands to manage it, you can do everything you need remotely. Just use the Microsoft Management Console snap-ins you always have for administering DHCP, DNS, Active Directory
or even Hyper-v , etc...

As the full GUI Windows Server 2008 , Server Core
also comes in Standard, Enterprise and Datacenter editions for i386 and x64 platforms.

Also, with Server Core,

Only a clean installation is supported.

  • There is no way to upgrade from a previous
    version of the Windows Server operating system to a
    Server Core installation. 
  • There is no way to upgrade from a full
    installation of Windows Server 2008 to a Server Core
  • There is no way to upgrade from a Server Core
    installation to a full installation of Windows
    Server 2008.

Server Core is meant to run specific server roles, which reduces

The attack surface for those roles

  • The maintenance and management requirements
  • The required updates, hence fewer
  • To install Server Core, insert the Windows
    Server 2008 DVD into your DVD Drive and reboot your machine.
    Make sure that the DVD drive has a booting order prior
    to your Hard disk ( using BIOS )
  1. When the Windows Server 2008 Boots,  Choose your preferred language settings and then click Next

  2. Click on Install now

  3. Type the product key and then
    click on Next

  4. Read the license terms and
    enable the checkbox beside I accept the
    license terms
    and then click on

  5. On the installation type
    screen, click on Custom (Advanced)

  6. Select the Disk/Partition you
    want to install Server Coe on it and and then click

  7. Server Core installation will
    start. You will notice that installing Server Core
    is much faster than installing the full version (
    GUI ) of Windows Server 2008

  8. On the Logon screen, read my
    article :

    How To Log On To
    Windows Server 2008

    to know what it requires to log on to Windows Server

  9. Once you logon, your will
    immediately see
    the difference between the full GUI Windows Server
    and Server Core.

    The command prompt is your friend with server core.
    But as I said earlier,

    Server Core has a very limited GUI
    functionality. Such available GUIs are:

  • Windows Task Manager

  • Notepad

  • Date and Time

  • Regional and Language Options

  1. One last note before concluding.
    If you mistakenly closed the command prompt, click
    Ctrl+Alt+Del keys and click on
    Start Task Manager

    Click on the New Task
    button, type cmd and then click on
    OK, the command prompt screen will
    open again.

  2. Also as you may
    have noticed, when you hit the Ctrl+Alt+Del keys,
    you will be able to lock the machine, switch user,
    change your password, use the task manager, or even
    restart/shutdown the machine.


The Server Core installation option is a new option that you can use for installing Windows Server 2008.
It is a scaled-down version of Windows Server 2008,
a minimal environment to run specific
server roles.

Sunday, November 29, 2009

Forefront TMG 2010 | Installing the Forefront Threat Management Gateway in pictures|TMG server install step by step pictures|Threat Management Gateway |Installing the Forefront | Forefront

Forefront TMG 2010 | Installing the Forefront Threat Management Gateway in pictures|TMG server install step by step pictures|Threat Management Gateway |Installing the Forefront | Forefront

Forefront TMG 2010 | Installing the Forefront Threat Management Gateway in pictures|TMG server install step by step pictures|Threat Management Gateway |Installing the Forefront | Forefront

ISA server and Forefront were two separate products. But now, they have become one.
Forefront Threat Management Gateway (TMG) adds the malware protection functionality to the ISA server.

If you haven’t heard yet, the ISA Firewall is going away. The last version of the ISA Firewall is going to be ISA 2006. However, that doesn’t mean that the ISA software that we’ve come to love over the year is going away. While the ISA brand will fall into the dustbin of history, we’ll see the next version of the ISA Firewall come in with a new name: the Forefront Threat Management Gateway.
There are a number of reasons why the ISA name is going away. But probably the primary reason is that the general public never seemed to be able to figure out what the ISA Firewall was all about. Some people thought it was just a Web proxy server (a la Proxy 2.0), some people thought it was just a firewall, some people thought it was a VPN server, some people thought it was a VPN gateway, and some people thought it was some kind of Frankenstein and couldn’t make any sense out of it. By renaming the product, the Forefront TMG should be able to get some newfound attention, and hopefully the name itself will provide a clearer focus on the primary design goal of the product.
In this article I’m going to give you a look at the installation process. However, before installing the TMG, you need to know the following:
  • TMG will only run on 64-bit Windows Server 2008. There will be a 32-bit demo version after the TMG goes RTM, but there won’t be any beta versions that run on 32-bit Windows
  • TMG requires at least 1 GB of memory (it will probably run on less, but not very quickly)
  • 150 MB of disk space
  • At least one NIC (although I always recommend two or more NICs to provide true security)

  • You must install to the default folder on the C: drive
  • TMG will install IIS 7 on your machine in order to support SQL reporting services. If you remove TMG from the machine, II7 will not be removed for you and you will need to do that manually
  • Services and driver files for the TMG are installed in the TMG installation folder
  • For the beta 1 version of the TMG, the TMG machine must be a domain member. In future betas, non-domain membership will be supported.
In this article series (should end up being two parts), I am installing the TMG on a Windows Server 2008 Enterprise edition machine that is running as a VM on VMware Virtual Server 1.0. The VM has two interfaces: one interface is bridged to the external network and will act as the external interface and the second interface is placed on VMNet2, which will be the interface on the default Internal Network. Note that the networking model for the TMG has not changed from that used by the ISA Firewall.
Download your TMG software.
The TMG is one of the several pieces of software that comprise the Forefront Stirling collection of products. You can download all of the them, or just the TMG. The TMG will work fine without Stirling, but Stirling is something that you definitely want to get to know about in the future.
Double click the file you downloaded. You’ll see the Welcome to the Welcome to the InstallShield Wizard for the Forefront Threat Management Gateway page. Click Next.

Figure 1
Install the files to the default location, which is C:\Program Files (x86)\Microsoft ISA Server. Click Next.

Figure 2
The files will be extracted to that location.

Figure 3
Click Finish when the extraction finishes.

Figure 4
Go to the C:\Program Files (x86)\Microsoft ISA Server folder and double click the ISAAutorun.exe file.

Figure 5
This opens up the Microsoft Forefront TMG 270-Day Evaluation Setup dialog box. Click the Install Forefront TMG link.

Figure 6
This bring up the Welcome to the Installation Wizard for Microsoft Forefront Threat Management Gateway page. Click Next.

Figure 7
On the License Agreement page, select the I accept the terms in the license agreement option and click Next. Notice that license agreement still contains the old code name of the product, which was Nitrogen.

Figure 8
On the Customer Information page, enter your User Name and Organization. The Product Serial Number will be filled in for you. Click Next.

Figure 9

Here we see a new setup option that wasn’t available in previous version of the product. On the Setup Scenarios page, you have the option to install the Forefront TMG or install only the TMG Management console. In this example we’re installing the entire product, so we’ll select Install Forefront Threat Management Gateway and click Next.

Figure 10
On the Component Selection page, you have the options to install the TMG firewall software, the TMG management console, and the CSS. Yes, you guess it. There are no more Standard and Enterprise editions of the ISA firewall. The TMG will be sold as a single edition and this single edition uses the CSS, even if you have only a single member TMG array. However, you will be able to create arrays using the TMG. However, that functionality is not available with this version of the TMG and will be available in later betas.
In this example we’ll install all of these options in the default folder (we need to install in the default folder for this version of the TMG). Click Next.

Figure 11
It looks like I have a problem here. While the machine is a member of the domain, I forgot to log on with a user account that is a domain member. In order to install the TMG, you must be logged on as a domain user that has local administrator privileges on the TMG machine.

Figure 12
Looks like I’m going to have to restart the installation. We’ll pick up where we left off after I log off and log on again and restart the installation.

Figure 13
Now that I’m logged on as a domain user with local admin privileges, we pick up the installation process on the Internal Network page. If you’re installed the ISA Firewall, you’ll recognize this page from previous version of the ISA Firewall. This is where you define the default Internal network. In almost all cases you should select the Add Adapter option, since this will define your default Internal network based on the routing table configured on the ISA Firewall. However, one thing I don’t know is if I change the configuration of the routing table on the ISA Firewall if the definition of the default Internal Network will automatically change. I’ll bet a quarter that it doesn’t, but it’s something we’ll have to check into in the future.

Figure 14
The Internal Network page now shows the definition of the default Internal Network. Click Next.

Figure 15
The Services Warning page informs you that the SNMP Service, the IIS Admin Service, the World Wide Web Publishing Service and the Microsoft Operations Manager Service will all be restarted during the installation. It’s unlikely that you’ll have already installed the Web server role on this machine, so you don’t need to worry about the IIS Admin Service or the World Wide Web Publishing Service, but you should be aware of the SNMP and Microsoft Operation Manager Service restart. Remember, TMG will install and configure IIS 7 for you.

Figure 16
Click Install on the Ready to Install the Program page.

Figure 17
The progress bar shows you the installation progress. Here you can see the CSS being installed.

Figure 18
It worked! The Installation Wizard Completed page shows the installation has completed successfully. Put a checkmark in the Invoke Forefront TMG Management when the wizard closes checkbox. Click Finish.

Figure 19
At this point you’ll see the Protect the Forefront TMG Server Web page. Here you’re provided information on turning on Microsoft Update, running the ISA BPA, and reading the Security and Protection section in the Help file. One thing I can tell you about the Help File so far is that they’ve done a fantastic job at upgrading its content. There is much more information, and much more real world deployment information included with the new and improved Help File. I recommend that you spend some time reading the Help file. I guarantee that even if you’re a seasoned ISA Firewall admin, the TMG Help File is going to provide you some new insights.

Figure 20
After the initial installation is complete, you’ll see the new Getting Started Wizard. The Getting Started Wizard is new with the TMG and wasn’t available in the previous versions of the ISA Firewall. There are three basic wizards included in the Getting Started Wizard, and an optional fourth one that we’ll see when we finish the first three.
The first wizard is the Configure network settings wizard. Click the Configure network settings link on the Getting Started Wizard page.

Figure 21
On the Welcome to the Network Setup Wizard, click Next.

Figure 22
On the Network Template Selection page, select the network template that you want to apply to the TMG. These are the same network templates that were available with previous versions of the ISA Firewall. Click on each of the options and read the information provided on the lower part of the page.
In this example, we’ll use the preferred template, which is the Edge firewall template. Click Next.

Figure 23
On the Local Area Network (LAN) Settings page, you are given the opportunity to configure IP addressing information on the LAN interface. First, you select the NIC that you want to be the LAN interface on the ISA Firewall by clicking the drop down menu for Network adapter connect to the LAN. The IP addressing information for this NIC will appear automatically. You can make changes to the IP addressing information here. Also, you can create additional static routes by clicking the Add button.
One thing I don’t know is what changes on this page will do to the definition of the default Internal Network. Suppose I configured the default Internal Network to be but then decided to change the IP address on the internal interface on this page so that the was on a different network ID. Will the definition of the default Internal Network change? What if I add a static route on the internal interface of the TMG? Will these change be reflected in the definition of the default Internal Network? I don’t know, but it’s something to investigate in the future.
I won’t make any changes on this page as I had already set up the internal interface with the IP addressing information I required. Click Next.

Figure 24
The Internet Settings page allows you to configure IP addressing information on the external interface of the TMG firewall. Like the last page, you select the NIC that you want to represent the external interface by clicking the Network adapter connected to the Internet drop down list. Also like the last page, you can change the IP addressing information. Since I already configured the external interface with the IP addressing information I wanted it to have, I’ll make no changes here. Click Next.

Figure 25
The Completing the Network Setup wizard page shows you the results of your changes. Click Finish.

Figure 26
This takes you back to the Getting Started Wizard page. The next wizard is the Configure system settings wizard. Click the Configure system settings link.

Figure 27
Click Next on the Welcome to the System Configuration Wizard page.

Figure 28
The Host Identification page asks you about the host name and domain membership of the TMG firewall. In this example, it has automatically detected the host name of the machine, which is TMG2009. The wizard has also identified the domain membership of the machine. I suspect that this wizard will allow you to join a domain if you haven’t yet done so, and to leave the domain if you want to. Also, if the machine is a workgroup member, you have the opportunity to enter a primary DNS suffix that the ISA Firewall can use to register in your domain DNS, if you have DDNS enabled and you don’t require secure DDNS updates.
Since I have already configured this machine as a domain member, I don’t need to make any changes on this page. Click Next.

Figure 29
That’s it for the System Configuration Wizard. Click Finish on the Completing the System Configuration Wizard page.

Figure 30
One more wizard on the Getting Started Wizard page. Click the Define deployment options link.

Figure 31
Click Next on the Welcome to the Deployment Wizard page.

Figure 32
On the Microsoft Update Setup page, you have to the options Use the Microsoft Update service to check for updates and I do not want to use Microsoft Update Service. Note that not only does the TMG use the Microsoft Update service to update the OS and the TMG firewall software, it also uses it to check for malware definitions, which is does several times a day (by default, every 15 minutes). Since one of the major advantages of using an Microsoft firewall over other firewalls is the excellent auto-update feature, we’ll go ahead and using the Microsoft Update site. Click Next.

Figure 33
On the Definition Update Settings page, you select whether you want the TMG firewall to check and install, check only or do nothing with malware inspection updates. You can also set the polling frequency, which is set at every 15 minutes by default. However, you can set the updates to be downloaded once a day, and then configure the time of day when you want those updates installed. Click Next.

Figure 34
On the Customer Feedback page, choose whether or not you want to provide anonymous information to Microsoft on your hardware configuration and how the product is used. No information shared with Microsoft can be used to identify you, and no private information is released to Microsoft. I figure I share my name, birth date, social security number, drivers license number and address with my bank, and I trust Microsoft a lot more than I trust my bank, given the bank’s requirements to share information with the Federal Government. So sharing this technical information with Microsoft is a no-brainer, and it helps make the product more stable and secure. Select Yes, I am willing to participate anonymously in the Customer Experience Improvement Program (recommended) option.

Figure 35
On the Microsoft Telemetry Service page, you can configure your level of membership in the Microsoft Telemetry service. The Microsoft Telemetry Service helps protect against malware and intrusion by reporting information to Microsoft about potential attacks, which Microsoft uses to help identify attack patterns and improve precision and efficiency of threat mitigations. In some instances, personal information might be inadvertently sent to Microsoft, but Microsoft will not use this information to identify or contact you. It’s hard to determine what kind of personal information might be sent, but since I’m in the habit of trusting Microsoft, I’ll select the Join with an advanced membership option. Click Next.

Figure 36
The Completing the Deployment Wizard page shows the choices you made. Click Finish.

Figure 37
That’s it! You’re done with the Getting Started Wizard. But that doesn’t mean that you’re done. If you put a checkmark in the Run the Web Access wizard checkbox, the Web Access Wizard will start. Let’s put a checkmark there and see what happens.

Figure 38
This starts the Welcome to the Web Access Policy Wizard. Since this is a new way of creating TMG firewall policies, I think we’ll wait until the next article to get into the details of this wizard. It seems that the TMG will allow you to configure Web Access Policy in a way that’s a bit different than how we did it with previous versions of the ISA Firewall, so I want to make sure we have an article dedicated to this feature.

Figure 39
Now that installation is complete, we can see the new console. If you look at the left pane of the console, you’ll see that there aren’t any nested nodes, which makes navigation a bit easier. Also, we see a new node, the Update Center node. This is where you can get information about updates to the anti-malware feature of the TMG, and also find out when the malware updates where installed.

Figure 40

After installation completed, I found that there were some errors. But this might be related to the fact that the TMG didn’t work at all after the installation was complete. I was able to solve this problem by restarting the computer. I’m not sure if there is related to running the TMG firewall on VMware Virtual Server, or if this is a beta bug.

Figure 41
Taking a look at the Initial Configuration Tasks you can see that a number of roles and services were installed on this computer as part of the TMG installation. These include:
  • Active Directory Lightweight Directory Services (ADAM)
  • Network Policy and Access Services (required for RRAS and VPN)
  • Web Server (IIS) (required for SQL reporting services and TMG reporting)
  • Network Load Balancing Services (required for NLB support)
  • Remote Server Administration Tools (don’t know why these were installed)
  • Windows Process Activation Service (most likely secondary to the Web server role requirements)

Figure 42


In this article we went through the installation process for the TMG firewall. There were a few changes from what we’ve seen in previous versions of the ISA Firewall, but nothing earthshaking. But that’s OK, the installation experience isn’t a place where I expect to be wowed. What we did see were a few nice improvements in the installation routine that gives you some more flexibility during setup.
If you take some more time to look at the TMG firewall software after installation, and you don’t notice any of the features that you were hoping for, don’t get too worried yet. This is a very early beta version and I suspect that it far from feature complete. I know there are more than a dozen features that have been repeatedly requested ever since the released of ISA 2000. So, while sometimes first impressions are lasting impressions, I don’t want that to be the case for your first view of the TMG firewall. Remember that it’s beta one and expect to see some things in the future that are going to make you very happy.

Source from : ISA Server Site

Forefront TMG 2010 | Installing the Forefront Threat Management Gateway in pictures|TMG server install step by step pictures|Threat Management Gateway |Installing the Forefront | Forefront