Planning, Deploying and Managing Microsoft Forefront TMG 2010

 TMG Licensing and Scenarios

 Difference between TMG and UAG

Overview of TMG Features

 Main Features of TMG

 What is new in TMG compared to ISA 2006

 TMG Enterprise Features

 TMG Management Console

Deployment Scenarios

 How TMG works as a Firewall

 How TMG works as a Proxy/Cache

 How TMG provides Access to Internal Resources

 How TMG Protects Web and Mail Clients

 How TMG Provides Secure Remote Access

 How TMG Provides High Availability in the Enterprise

Understand what Firewalls and Routers are.

Know what is Forefront TMG 2010 and the Forefront family.

Know the features of Forefront TMG 2010.

Understand the deployment scenarios for Forefront TMG 2010.

This module describes how to install Forefront TMG 2010. Lessons presented in this module will detail the requirements of TMG 2010, applying security templates and customizing the configuration.

Installing TMG 2010

 System and Hardware Requirements

 Software Requirements

 Network Considerations

 Installing TMG

 Automating the Installation

 Installing the Management Console

Working with Quick Configurations

 Understanding TMG Default Configuration

 Automating Configure the Getting Started Wizard

 Using Pre-defined Security Templates

 Customizing the Configuration

 Configuring Administrative Roles

Configuring Networks and their Relationships

 Creating and Configuring Networks

 Modifying Network Rules and Routing

 Troubleshooting Network Connectivity

Review the Requirements to install TMG and configure LAN

Installing Forefront TMG Server 2010

Install the Management Console on a Client Machine

Configure TMG using the Getting Started Wizard

Use the Web Access Wizard

Configure the Management Console for a Client Machine

Create and Access Rules

Configuring Network Configuration of a new Network Card

Create a new Network

Creating an E-NAT rule

Adding Routs to TMG

Install Forefront TMG 2010.

Work with Quick configurations.

Configure additional networks.

This module describes how to configure the firewall role on TMG 2010. Lessons presented in this module will provide an overview of the firewall role and how to configure firewall rules and system policy rules. You will also configure and monitor Intrusion Detection and Network Inspection Systems (NIS).

Overview of TMG as a Firewall

 The Basics – OSI vs. TCP/IP

 What is Filtering

 What is Intrusion Detection

 How TMG Filters Network Traffic

Configuring Firewall Rules

 Understanding Firewall Policy Evaluation

 Adding Access Rules

 Default System Policy Rules

 Troubleshooting Firewall Rules

 Troubleshooting Firewall Rules – Tools

Configuring Intrusion Detection

 Overview of Intrusion Prevention

 Configuring Network Inspection Systems

 Implementing Intrusion Detection

 Monitoring Intrusion Detection

Create and Configure Access Rules

Modify the System Policy Rules

Troubleshoot Firewall Rules

Configure NIS Deployment

Create and Alert for Intrusion Detection

Configure Intrusion Detection

Understand how TMG works as a firewall.

Configure Rules on the firewall.

Configure intrusion detection.

This module describes how to configure the proxy and caching roles on TMG 2010. Lessons presented in this module will explain the proxy and caching roles and how to configure and troubleshoot these roles. You will also learn about Cache Array Routing Protocol (CARP), Web Proxy Auto Discovery (WPAD) and how to configure and troubleshoot CARP and WPAD.

Configuring the Proxy Server Role

 What is a Proxy

 Enabling and Configuring a Proxy

 Configuring Applications

 Troubleshooting Proxy Connections

Configuring Caching Server Role

 What is a Proxy Cache

 Configuring TMG Proxy Cache

 Troubleshooting Cache Performance

Configuring Cache Routing and Distribution

 Understanding CARP

 Configuring CARP Routing

Configuring Web Proxy Auto Discovery

 WPAD Configuration

 Configuring Auto Discovery

Configuring TMG Clients

 Types of TMG Clients

 Choosing and Designing Clients

 Configuring TMG Client Software Clients

 Configuring SecureNAT Clients

Enable and Configure a Web Access Policy

Configure Internet Explorer to use TMG Proxy

Configure Mozilla Firefox to use TMG Proxy

Create a Cache Drive

Create a Cache Rule

Create a Content Download Job

Inspect Array Communications

Inspect and Adjust CARP Load Factor

Configure DHCP for Automatic Discovery

Configure DNS for Automatic Discovery

Enable Automatic Discovery on TMG

Configure a Client for Automatic Discovery

Inspect and Verify TMG Client Server Settings

Install the TMG Client Software

Configure Client as a SecureNAT Client

Configure the Proxy Server Role.

Configure the Caching Server Role.

Configure Cache Routing and Distribution.

Configure Web Proxy Auto Discovery.

Configure TMG Clients.

This module describes how to configure client protection using TMG 2010. Lessons presented in this module will provide an overview of Malware Inspection, URL Filtering, Email Inspection, Application Filter and HTTP/HTTPS Inspection. You will also learn how to implement, configure, monitor and troubleshoot using these tools and techniques.

Configuring Malware Inspection

 Overview of Malware Inspection

 Implementing Malware Inspection

 Monitoring Malware Inspection

Configuring URL Filtering

 Overview of URL Filtering

 Understanding Microsoft Reputation Services

 Implementing URL Filtering

 Monitoring URL Filtering

Configuring Email Inspection

 Understanding Email Threats

 Implementing Email Inspection

 Configuring Exchange for Email Inspection

 Monitoring Email Inspection

Configuring Application Filters

 Overview of Application Filters

 DNS Filter

 FTP Access Filter

 H.323 Filter

 Session Initiation Protocol Filter

 Streaming Media Filter

 Socks Filter

 Other Filters

Configuring HTTP/HTTPS Inspection

 Overview of HTTP/HTTPS Application Filter

 Configuring HTTP/HTTPS Filters

 Monitoring HTTP/HTTPS Filters

Enabling Malware Inspection

Configuring Malware Inspection Settings

Creating an Access Rule

Testing Malware Inspection

Enabling URL Filtering

Testing Websites

Creating your own Category Set

Using URL Filtering

Creating an Overriding Rule

Configuring SMTP Protection

Configuring Content Filtering/Spam Filtering

Configuring the DNS Filter

Configuring the DNS Filter with Scripts

Configuring the FTP Access Filter

Enabling HTTPS Inspection

Creating your own Domain Name Set

Configuring Exceptions

Exporting HTTP Filter Configuration

Importing the HTTP Filter Configuration

Configure malware inspection.

Configure URL filtering.

Configure Email inspection.

Work with Application Filters.

Configure HTP/HPPTS inspection.

This module describes how to publish client access to internal resources. Lessons presented in this module will provide an overview of publishing, publishing rules. You will also learn how to configure publishing for Web, HTTPS and miscellaneous servers.

Introduction to Publishing

What is Publishing?

Available Publishing Rules

How are Publishing Rules Evaluated?

Configuring Web Publishing

Configuring Path Mappings

Configuring Web Listeners

Configuring Link Translations

Implementing Web Publishing

How Web Server Publishing Authentication Works

Using RADIUS for TMG Authentication

Using 3rd Party Authentications

Configuring HTTPS Server Publishing

Preparing TMG for SSL

Configuring SSL Bridging

Configuring SSL Tunneling

Implementing HTTPS Web Server Publishing

Configure Server Publishing

How Server Publishing Works

Configuring a Server Publishing Rule

Troubleshooting Server Publishing

Create a new Listener

Create a new Web Publishing Rule

Testing Access to the Published Web Server

Request a new Certificate for the Web Server

Export Certificate from Web Server

Configure Web Site for SSL

Import Certificate to TMG Server

Create a Web Site Publishing Rule

Create an Alias (CNAME) on DNS Services

Test Access to the Published Web Server

Publishing DNS Services

Testing Published DNS Server

Configure Web Publishing.

Configure HTTPS Server Publishing.

Configure Server Publishing.

This module describes how to publish client access to internal Exchange and SharePoint server resources. Lessons presented in this module will describe the configuration requirements and how to configure SMTP access rules. You will also learn how to publish Exchange and SharePoint client access.

Sending and Receiving Internet Email Messages

 SMTP Configuration Requirements

 Creating an Outbound SMTP Access Rule

 Publishing SMTP Service

Publishing exchange Client Access with TMG

 Exchange Configuration Requirements

 TMG Configuration Requirements

 Creating a Web Listener

 Creating Exchange CAS Publishing Rules

 Enabling Additional Features

 Troubleshooting Exchange Publishing

Publishing SharePoint Client Access with TMG

 SharePoint Configuration Requirements

 TMG Configuration Requirements

 Creating a Web Listener

 Creating a SharePoint Publishing Rule

Create Mail Server Publishing Rule

Test Access to Published SMTP Service

Export Certificate from Exchange Server

Configure Exchange Server Authentication

Add IP Address to the External Interface on TMG Server

Import Certificate to TMG Server

Create and Exchange Outlook Web Access Publishing Rule

Create and Exchange ActiveSync Publishing Rule

Create an Exchange Outlook Anywhere Publishing Rule

Test Publishing Rules Settings

Test Access to Outlook Web App

Request a new Certificate for SharePoint Server

Export Certificate from SharePoint Server

Configure SharePoint Alternative Access Mapping

Configure SharePoint IIS for SSL

Create an Alias (CNAME) on DNS Services

Add an IP Address to an External Interface on TMG Server

Import Certificate to TMG Server

Create a SharePoint Site Publishing Rule

Test Access to SharePoint Server

Configure TMG for Sending and Receiving Internet Email Messages.

Publish Exchange Client Access with TMG.

Publish SharePoint Client Access with TMG.

This module describes how to configure different remote access scenarios using TMG 2010. Lessons presented in this module will provide an overview of Virtual Private Networks and how to enable /configure VPN for Secure Remote Access, Site-to-Site VPNs and Quarantines.

Overview of Virtual Private Networks

What is a Virtual Private Network (VPN)?

Available Options for VPN

What is a VPN Quarantine?

Configuring VPN for Secure Remote Access

Enabling a VPN

Configuring Authentication

Configure VPN Clients

Troubleshooting a VPN

Configuring a Quarantine

Radius-Based vs. TMG Quarantine Control

Implementing Radius-Based Quarantine Control

Implementing TMG Based Quarantine Control

Troubleshooting Quarantine Control

Configuring a Site-to-Site VPN

Selecting Tunneling Protocols

Enabling Site-to-Site VPN

Configuring the VPN Gateway Servers

Troubleshooting Site-to-Site VPN

Configuring VPN Client Access on TMG Server – PPTP

Create a VPN Client Connection to use PPTP

Request a new Certificate for TMG Server

Configuring VPN Client Access on TMG Server – SSTP

Edit VPN Client Connection to use SSTP

Configuring RADIUS Authentication

Configuring Authentication Method

Configuring Quarantine Control

Configuring Network Policy Server to use TMG as a RADIUS Client

Testing Connection

Describe how VPNs work.

Configure VPN for Secure Remote Access.

Configure a Quarantine.

Configure a Site-to-Site VPN.

This module describes the logging, reporting and monitoring tools available in TMG 2010. Lessons presented in this module will provide an overview of the monitoring options available, how to configure alerts, session monitoring filters and log storage options.

Overview of Monitoring

 Why Monitor TMG

 Available Monitoring Options

Configuring Alerts

 What is an Alert?

 Viewing Alerts

 Managing Alerts

 Configuring Alerts

 Configuring Alerts Actions and Tasks

 Creating Custom Alerts and Definitions

Configuring Session Monitoring

 What is Session Monitoring?

 Managing Sessions

 Configuring Session Filtering

Configuring Logging

 What is Logging?

 Configuring Log Storage Options

 Working with SQL Reporting

 Advanced Log Reporting

Managing Alerts

Adding an Action to a Predefined Alert

Create a Custom Alert Definition

Managing Session

Configure a Session Filter

Configure Log Queue

Create and Generate Reports

Monitor Connections in Real Time

Understand why you need to monitor TMG.

Configure Alerts.

Configure Session Monitoring.

Configure Logging and Reports.

This module describes how to backup, restore and troubleshoot TMG 2010. Lessons presented in this module will provide instructions how to backup and restore the TMG server and specific configurations. You will also learn how troubleshoot TMG in various scenarios using built-in tools and the TMG SDK.

Backing Up and Restoring TMG

Backing Up TMG

Restoring TMG

Exporting/Importing Configurations

Cloning TMG

Working with TMG Tools and the SDK

Auto-Discovery Configuration Tool

Certification Tool

Cache Tool

Network Monitor

DNS Tools

Miscellaneous Tools and the SDK

Troubleshooting TMG

Routine Server Management

Managing Attacks

Server Maintenance

Troubleshooting Tips from the Console

Troubleshooting tips from the Command Line

Backing Up an Array ConfigurationRestoring an Array ConfigurationExporting Firewall Policy SettingsImporting Firewall Policy Settings

Install Best Practices Analyzer

Perform Analysis with Best Practices Analyzer

Install and Work with Network Monitor

Enable Change Tracking

Simulate Network Traffic

Back Up and Restore TMG.

Work with TMG tools land SDK.

Troubleshoot TMG.

This module describes the advanced features of TMG 2010. Lessons presented in this module will provide an overview of security considerations with TMG; it will also explain how to migrate from ISA Server 2006 to TMG 2010, how to use scripts to manage TMG and how to implement Network Load Balancing (NLB). You will also learn how to implement TMG 2010 in a virtual environment using Hyper-V.

Security Considerations for TMG

 Installing Security Updates

 Guidelines for Enabling only Required Services

 Securing the Network Interfaces

 Additional Best Practices

Migrating from ISA Server to TMG

 Migration vs. New Install

 Exporting the Configuration

 Importing the Configuration

 Using the Single Server Conversion tool for TMG

 Verifying the Results

Using Scripts to Manage TMG

 Managing TMG with Scripts

 Managing TMG with PowerShell

 Running TMG Scripts Remotely

Implementing Network Load Balancing for TMG

 Implementing NLB and a Server Farm

 Using an External Load Balancer

 Planning for Internet Service Provider Redundancy

Implementing TMG in a Virtual Environment

 Hardware/Software Requirements

 Deploying TMG with Hyper-V

 Creating Highly Available Virtual Machines

 Troubleshooting TMG in a Virtual Environment

 Understand the security considerations for TMG.

 Migrate from ISA to TMG.

 Use scripts to manage TMG.

 Implement Network Load Balancing in TMG.

 Implement TMG in a virtual environment

This module describes the advanced networking of TMG 2010. Lessons presented in this module will explain how to implement Network Load Balancing (NLB) for TMG 2010, how extend networking security with UAG. You will also learn how to install and configure Network Access Protection (NAP) in a TMG 2010 environment.

Implementing Network Load Balancing (NLB) for TMG

 Implementing NLB and a Server Farm

 Using an External Load Balancer

 Planning for Internet Service Provider Redundancy

Extending Security Solution with Forefront UAG

 Comparing UAG vs . TMG

 Understanding Reverse Proxy and Application Publishing

 Overview of VPN Technologies

 Combining UAG with Direct Access

 Designing...