|آخر عشرة مواضيع||المواضيع النشطة|
Microsoft Forefront Threat Management Gateway v6.0 Medium Business Edition
Forefront TMG is the advanced state of packages and application layer
inspection firewall, virtual private network (VPN) and Web cache solution
that allows you to easily maximize existing information technology (IT)
investments by improving network security and performance
u can use it on Win2003 & Win2008
Double click the file you downloaded. You’ll see the Welcome to the Welcome to the InstallShield Wizard for the Forefront Threat Management Gateway page. Click Next.
Install the files to the default location, which is C:\Program Files (x86)\Microsoft ISA Server. Click Next.
The files will be extracted to that location.
Click Finish when the extraction finishes.
Go to the C:\Program Files (x86)\Microsoft ISA Server folder and double click the ISAAutorun.exe file.
This opens up the Microsoft Forefront TMG 270-Day Evaluation Setup dialog box. Click the Install Forefront TMG link.
This bring up the Welcome to the Installation Wizard for Microsoft Forefront Threat Management Gateway page. Click Next.
On the License Agreement page, select the I accept the terms in the license agreement option and click Next. Notice that license agreement still contains the old code name of the product, which was Nitrogen.
On the Customer Information page, enter your User Name and Organization. The Product Serial Number will be filled in for you. Click Next.
Here we see a new setup option that wasn’t available in previous version of the product. On the Setup Scenarios page, you have the option to install the Forefront TMG or install only the TMG Management console. In this example we’re installing the entire product, so we’ll select Install Forefront Threat Management Gateway and click Next.
On the Component Selection page, you have the options to install the TMG firewall software, the TMG management console, and the CSS. Yes, you guess it. There are no more Standard and Enterprise editions of the ISA firewall. The TMG will be sold as a single edition and this single edition uses the CSS, even if you have only a single member TMG array. However, you will be able to create arrays using the TMG. However, that functionality is not available with this version of the TMG and will be available in later betas.
In this example we’ll install all of these options in the default folder (we need to install in the default folder for this version of the TMG). Click Next.
It looks like I have a problem here. While the machine is a member of the domain, I forgot to log on with a user account that is a domain member. In order to install the TMG, you must be logged on as a domain user that has local administrator privileges on the TMG machine.
Looks like I’m going to have to restart the installation. We’ll pick up where we left off after I log off and log on again and restart the installation.
Now that I’m logged on as a domain user with local admin privileges, we pick up the installation process on the Internal Network page. If you’re installed the ISA Firewall, you’ll recognize this page from previous version of the ISA Firewall. This is where you define the default Internal network. In almost all cases you should select the Add Adapter option, since this will define your default Internal network based on the routing table configured on the ISA Firewall. However, one thing I don’t know is if I change the configuration of the routing table on the ISA Firewall if the definition of the default Internal Network will automatically change. I’ll bet a quarter that it doesn’t, but it’s something we’ll have to check into in the future.
The Internal Network page now shows the definition of the default Internal Network. Click Next.
The Services Warning page informs you that the SNMP Service, the IIS Admin Service, the World Wide Web Publishing Service and the Microsoft Operations Manager Service will all be restarted during the installation. It’s unlikely that you’ll have already installed the Web server role on this machine, so you don’t need to worry about the IIS Admin Service or the World Wide Web Publishing Service, but you should be aware of the SNMP and Microsoft Operation Manager Service restart. Remember, TMG will install and configure IIS 7 for you.
Click Install on the Ready to Install the Program page.
The progress bar shows you the installation progress. Here you can see the CSS being installed.
It worked! The Installation Wizard Completed page shows the installation has completed successfully. Put a checkmark in the Invoke Forefront TMG Management when the wizard closes checkbox. Click Finish.
At this point you’ll see the Protect the Forefront TMG Server Web page. Here you’re provided information on turning on Microsoft Update, running the ISA BPA, and reading the Security and Protection section in the Help file. One thing I can tell you about the Help File so far is that they’ve done a fantastic job at upgrading its content. There is much more information, and much more real world deployment information included with the new and improved Help File. I recommend that you spend some time reading the Help file. I guarantee that even if you’re a seasoned ISA Firewall admin, the TMG Help File is going to provide you some new insights.
After the initial installation is complete, you’ll see the new Getting Started Wizard. The Getting Started Wizard is new with the TMG and wasn’t available in the previous versions of the ISA Firewall. There are three basic wizards included in the Getting Started Wizard, and an optional fourth one that we’ll see when we finish the first three.
The first wizard is the Configure network settings wizard. Click the Configure network settings link on the Getting Started Wizard page.
On the Welcome to the Network Setup Wizard, click Next.
On the Network Template Selection page, select the network template that you want to apply to the TMG. These are the same network templates that were available with previous versions of the ISA Firewall. Click on each of the options and read the information provided on the lower part of the page.
In this example, we’ll use the preferred template, which is the Edge firewall template. Click Next.
On the Local Area Network (LAN) Settings page, you are given the opportunity to configure IP addressing information on the LAN interface. First, you select the NIC that you want to be the LAN interface on the ISA Firewall by clicking the drop down menu for Network adapter connect to the LAN. The IP addressing information for this NIC will appear automatically. You can make changes to the IP addressing information here. Also, you can create additional static routes by clicking the Add button.
One thing I don’t know is what changes on this page will do to the definition of the default Internal Network. Suppose I configured the default Internal Network to be 10.0.0.0-10.0.0.255 but then decided to change the IP address on the internal interface on this page so that the was on a different network ID. Will the definition of the default Internal Network change? What if I add a static route on the internal interface of the TMG? Will these change be reflected in the definition of the default Internal Network? I don’t know, but it’s something to investigate in the future.
I won’t make any changes on this page as I had already set up the internal interface with the IP addressing information I required. Click Next.
The Internet Settings page allows you to configure IP addressing information on the external interface of the TMG firewall. Like the last page, you select the NIC that you want to represent the external interface by clicking the Network adapter connected to the Internet drop down list. Also like the last page, you can change the IP addressing information. Since I already configured the external interface with the IP addressing information I wanted it to have, I’ll make no changes here. Click Next.
The Completing the Network Setup wizard page shows you the results of your changes. Click Finish.
This takes you back to the Getting Started Wizard page. The next wizard is the Configure system settings wizard. Click the Configure system settings link.
Click Next on the Welcome to the System Configuration Wizard page.
The Host Identification page asks you about the host name and domain membership of the TMG firewall. In this example, it has automatically detected the host name of the machine, which is TMG2009. The wizard has also identified the domain membership of the machine. I suspect that this wizard will allow you to join a domain if you haven’t yet done so, and to leave the domain if you want to. Also, if the machine is a workgroup member, you have the opportunity to enter a primary DNS suffix that the ISA Firewall can use to register in your domain DNS, if you have DDNS enabled and you don’t require secure DDNS updates.
Since I have already configured this machine as a domain member, I don’t need to make any changes on this page. Click Next.
That’s it for the System Configuration Wizard. Click Finish on the Completing the System Configuration Wizard page.
One more wizard on the Getting Started Wizard page. Click the Define deployment options link.
Click Next on the Welcome to the Deployment Wizard page.
On the Microsoft Update Setup page, you have to the options Use the Microsoft Update service to check for updates and I do not want to use Microsoft Update Service. Note that not only does the TMG use the Microsoft Update service to update the OS and the TMG firewall software, it also uses it to check for malware definitions, which is does several times a day (by default, every 15 minutes). Since one of the major advantages of using an Microsoft firewall over other firewalls is the excellent auto-update feature, we’ll go ahead and using the Microsoft Update site. Click Next.
On the Definition Update Settings page, you select whether you want the TMG firewall to check and install, check only or do nothing with malware inspection updates. You can also set the polling frequency, which is set at every 15 minutes by default. However, you can set the updates to be downloaded once a day, and then configure the time of day when you want those updates installed. Click Next.
On the Customer Feedback page, choose whether or not you want to provide anonymous information to Microsoft on your hardware configuration and how the product is used. No information shared with Microsoft can be used to identify you, and no private information is released to Microsoft. I figure I share my name, birth date, social security number, drivers license number and address with my bank, and I trust Microsoft a lot more than I trust my bank, given the bank’s requirements to share information with the Federal Government. So sharing this technical information with Microsoft is a no-brainer, and it helps make the product more stable and secure. Select Yes, I am willing to participate anonymously in the Customer Experience Improvement Program (recommended) option.
On the Microsoft Telemetry Service page, you can configure your level of membership in the Microsoft Telemetry service. The Microsoft Telemetry Service helps protect against malware and intrusion by reporting information to Microsoft about potential attacks, which Microsoft uses to help identify attack patterns and improve precision and efficiency of threat mitigations. In some instances, personal information might be inadvertently sent to Microsoft, but Microsoft will not use this information to identify or contact you. It’s hard to determine what kind of personal information might be sent, but since I’m in the habit of trusting Microsoft, I’ll select the Join with an advanced membership option. Click Next.
The Completing the Deployment Wizard page shows the choices you made. Click Finish.
That’s it! You’re done with the Getting Started Wizard. But that doesn’t mean that you’re done. If you put a checkmark in the Run the Web Access wizard checkbox, the Web Access Wizard will start. Let’s put a checkmark there and see what happens.
This starts the Welcome to the Web Access Policy Wizard. Since this is a new way of creating TMG firewall policies, I think we’ll wait until the next article to get into the details of this wizard. It seems that the TMG will allow you to configure Web Access Policy in a way that’s a bit different than how we did it with previous versions of the ISA Firewall, so I want to make sure we have an article dedicated to this feature.
Now that installation is complete, we can see the new console. If you look at the left pane of the console, you’ll see that there aren’t any nested nodes, which makes navigation a bit easier. Also, we see a new node, the Update Center node. This is where you can get information about updates to the anti-malware feature of the TMG, and also find out when the malware updates where installed.
After installation completed, I found that there were some errors. But this might be related to the fact that the TMG didn’t work at all after the installation was complete. I was able to solve this problem by restarting the computer. I’m not sure if there is related to running the TMG firewall on VMware Virtual Server, or if this is a beta bug.
Taking a look at the Initial Configuration Tasks you can see that a number of roles and services were installed on this computer as part of the TMG installation. These include:
license number: 4545258
Download from P2P
السيريال الخاص بالنسخه
الموضوع: حصرياMicrosoft_Forefront_Threat_Management_Gateway _v6 بقسم إدارة الشبكات و حلول ومشاكل الشبكات
- حصرياMicrosoft_Forefront_Threat_Management_Gateway _v6
- مساعده في انشاء سيرفير لينكيس لادارة شبكه نت
- انا مسطب الايزا 2000 وويندوز 2003 سيرفير
- عضو جديد ويرجو منكم المساعده