Mar 15
Microsoft TMG 2010 Solution
Recently, I replaced an appliance-based Internet content filter with a Microsoft Threat Management Gateway (TMG) 2010 solution. Having worked with the previous versions, Internet Security and Acceleration Server (ISA), I was pleasantly surprised by the new features, and the simplicity in which they can be implemented.
The overwhelming requirement for this solution was content filtering. Access logging and reporting by the user was secondary.
Content filtering is achieved in TMG 2010 by using a Microsoft subscription service that categorizes URLs before they are accessed, and then scans the incoming data for malware. All access is logged to a SQL database and there is built-in summary and detailed reporting. This version builds on ISA server; however, it is now 64-bit native and runs on Windows Server 2008 R2.
In the solution, we were able to provide different levels of access for various groups of users, seamlessly integrated and authenticated against Active Directory based on group membership.
This solution can be implemented in a Load Balanced Array, allowing multiple gateway servers.
Another nice feature is the ability to use multiple Internet connections and configure the outbound IP address for traffic. This can help provide Internet connection redundancy, as well as a backup or slower connection for lower priority traffic.
Next on the list for this solution is an implementation of the SSTP VPN feature, which will allow an HTTPS connection into the firewall for VPN traffic, replacing the former PPTP and L2TP solutions with one that can be accessed from virtually any Internet connection.
In summary, I was impressed with the new features and how well they are implemented in the TMG 2010 product. If you are familiar with ISA, the administrator interface will be familiar and easy to use, even with the new features. I look forward to working with it again soon!