Questions tagged [microsoft-ftmg-2010]

Microsoft Forefront Threat Management Gateway 2010 is the current version of the product previously known as ISA Server. TMG 2010 adds subscription-based URL filtering and malware protection, the free-subscription-based Microsoft IPS Network Inspection System, and HTTPS inspection.

Microsoft Forefront Threat Management Gateway (TMG) 2010 is the last iteration of the product previously known as ISA Server, and as of 2016, has been discontinued from sale. The base product will be supported by Microsoft until 2020.

ISA Server 2006 was the last product to use the ISA Server name.

TMG 2010 added:

subscription-based URL filtering (discontinued Jan 2016)
subscription-based malware protection (discontinued Jan 2016)
(free) subscription-based Network Inspection System (NIS), a Microsoft-centric IPS (no longer updated)
outbound HTTPS inspection
Forefront Protection for Exchange integrated management from the TMG console (Exchange Edge and FPE required, sold separately)

Other notable changes:

The Enterprise Edition EMS (roughly analagous to the older CSS) can now manage standalone Standard Edition servers, which can make branch office deployments cheaper
SP1 adds click-through user overrides for URL filtering
SP1 adds a simple BranchCache setup interface
SP1 Software Update 1 adds support for SafeSearch filtering

73 questions

vote

1 answer

Asymmetric routing with two ForeFront TMG 2010 firewalls

I have a bizzarre networking problem. There is a network, a single IP subnet: 192.168.60.0/24. The network has two Internet-connected firewalls (running ForeFront TMG 2010), 192.168.60.253 (production) and 192.168.60.240 (development); this is a…

asked Nov 07 '12 at 15:47

Massimo

70,200
57
200
323

vote

1 answer

Can Microsoft Forefront TMG handle users that are not part of a domain?

I'm a newbie and please excuse me if my question is so foolish :) Here is the scenario: In our company we have 50 PCs: 40 PCs have joined to the domain and 10 PCs haven't joined to the domain (simply just a work-group) and we never want to join them…

active-directory windows-server-2008-r2 bandwidth-control workgroup microsoft-ftmg-2010

asked Jul 27 '12 at 07:31

shokri

vote

1 answer

BGP Multipath & return routes

I'm probably a complete n00b concerning serverfault related questions, but our IT department makes a bold statement I wish to verify. I've searched the internet, but can find nothing related to my question, so I come here. We have Threat Management…

proxy bgp microsoft-ftmg-2010 multipath

asked Jun 22 '12 at 08:39

Dennis van der Stelt

vote

2 answers

TMG 2010: how to block HTTPS access to certain sites?

Just installed Forefront TMG 2010 and set up firewall rules. My company's policy requires to block access to webmail sites, like gmail, yahoo mail, etc. So I added these webmail domain names to a domain name set, and put that domain name set in the…

windows-firewall microsoft-ftmg-2010

asked Jun 21 '12 at 17:44

Tong Wang

vote

1 answer

TMG 2010 Edge Firewall Setup - Internal subnet has no internet access

I just set up a TMG 2010 server as an edge firewall. The TMG machine has two NICs: LAN: IP-192.168.1.1, Netmask-255.255.255.0, DNS-192.168.1.3, Gateway-(blank) WAN: IP-119.x.x.98, Netmask-255.255.255.248, DNS-(blank), Gateway-(119.x.x.97) The…

firewall gateway microsoft-ftmg-2010

asked Jun 11 '12 at 12:06

Tong Wang

vote

1 answer

Implementing TMG over AD

I am a programmer and ask for some help to sysadmins. I've have a Wordpress system (a website) that validates users through an Active Directory, this is done by a plugin. My customer wants to protect that AD with a TMG gateway. I'm reading about TMG…

ldap microsoft-ftmg-2010

asked May 11 '12 at 09:24

user761076

vote

1 answer

TMG with client certificates for TS Gateway

How to set up client side certificate authentication using an enterprise CA for a TS gateway via Forefront TMG 2010? To date I have executed the following: I have a Terminal Services Gateway configured and working in house. I set up a basic…

terminal-server microsoft-forefront microsoft-ftmg-2010

asked Dec 14 '11 at 21:33

Tim Brigham

15,545
10
75
115

vote

2 answers

Publishing multiple web servers with reverse proxy on localhost, retaining original client IP and hostname

I have been using ISA on Windows Server 2003 to publish multiple web servers hosted on the same machine. Setup as follows: ISA HTTP/S listener bound to 127.0.0.1 + external IP IIS bound to 127.0.0.2 Apache bound to 127.0.0.3 Python web application…

windows reverse-proxy isa-server microsoft-ftmg-2010

asked Dec 04 '11 at 21:05

Alexander Gräf

vote

2 answers

Dedicated Server, Multiple VMs on the back, HyperV Up Front... Where do i put TMG?

As a follow up question to How Do i host multiple servers on HyperV with only a few public IP Addresses I am now trying to figure out where to put the ISA/TMG Server? Should it be virtualized, listening on an External IP and sending data between an…

virtualization dedicated-server isa-server microsoft-ftmg-2010

asked Nov 07 '11 at 09:13

TiernanO

vote

1 answer

Publishing Activesync through TMG with client certificates (403.7 Forbidden)

I'm trying to publish Exchange 2003 activesync on a Server2K3 box, through TMG 2010 on a 2008R2 box, using client certificate on Android mobiles. From what I can tell, the issue is with TMG, as when I connect directly to the mail server everything…

exchange kerberos activesync microsoft-ftmg-2010

asked Nov 03 '11 at 19:08

Tony Blunt

vote

2 answers

Forefront 0xc0040017

I recently began to receive a huge (600 thousand to 2 million per day) number of FWX_E_TCP_NOT_SYN_PACKET_DROPPED, 0xc0040017 entries in my Forefront TMG logs. If the top 3 source IPs are any indication there is no legitimate traffic to or from the…

isa-server microsoft-ftmg-2010

asked Sep 06 '11 at 17:38

Tim Brigham

15,545
10
75
115

vote

1 answer

789 connecting Forefront VPN

I am receiving event 789 when connecting to my Forefront TMG VPN server from windows 7 clients via L2TP. This does not occur on XP systems. I've run through the debugging at…

vpn isa-server microsoft-forefront microsoft-ftmg-2010

asked Aug 03 '11 at 13:43

Tim Brigham

15,545
10
75
115

vote

1 answer

How to install TMG 2010 for SBS 2011

I would like to install TMG 2010 for an SBS 2011 installation. I only have one physical server. I'd like to know if the SBS premium add-on windows 2008 R2 license can be installed on a virtual server inside the SBS 2011 installation, and be used as…

windows-sbs-2011 microsoft-ftmg-2010

asked Jul 11 '11 at 15:46

Bahrain Admin

vote

2 answers

Should I Run TMG as a Hyper-V Guest

Okay here's an interesting question. In two parts: Is it advisable to run TMG as a hyper-v guest in production? (something is nagging me that it's not a good idea, but it's possible to give a VM exclusive access to a NIC and technically the "host"…

security firewall hyper-v dmz microsoft-ftmg-2010

asked Jun 17 '11 at 19:29

Michael Brown

vote

0 answers

Can I map IP addresses to allow 2 site to site VPNs with same IP range using Microsoft TMG

I have a Microsoft TMG server with a number of site-2-site VPNs which all have different IP address ranges. Now a client has asked for another site-2-site VPN but their IP range clashes with an existing range. Is it possible to set up some form of…

vpn ip site-to-site-vpn microsoft-ftmg-2010

asked Apr 08 '11 at 09:15

Phil

3,168
1
22
29

Prev 1 2

4 5 Next