Monday, October 13, 2014

Install Microsoft Forefront TMG 2010 step by step

Install Microsoft Forefront TMG 2010 step by step


1. Introduction for Forefront TMG:

Microsoft Forefront TMG 2010 provide the following enhanced protection capabilities:
  • Firewall
  •  Malware inspection
  • URL filtering  
  • HTTP filtering 
  • HTTPS inspection 
  • Network Inspection Systems
  • E-mail protection  
  • Intrusion detection and prevention
  • VPN  
2. Architecture:

We are going to install Forefront TMG with the following topology:

Edge firewall: In this topology, Forefront TMG is located at the network edge, where it serves as the organization’s edge firewall, and is connected to two networks: 


  • The internal network: LAN
  • The external network: WAN


Forefront TMG: Windows server 2008 R2
Active Directory: Windows Server 2008 R2
Client for test: Windows 7

LAN: 192.168.1.X/24
WAN: IP address for Internet (in our example 10.10.10.100/24
Forefront: 192.168.1.254/24
AD: 192.168.1.80/24
Client: 192.168.1.52/24

3. Installation of Forefront TMG:

Run the setup of Forefront TMG from you media:

Click on "Run Preparation Tool"

Follow the tool to install all features

Choose "Forefront TMG services and Management"

Launch Forefront TMG Installation Wizard

Click next to begin the installation
Enter your network address (192.168.1.X/24)
Launch Forefront TMG Management, this step is to configure the Network settings, the System settings and the deployment.

First step is to configure the network settings

 We are going to choose "Edge firewall"

Enter LAN adapter

Enter WAN adapter

Now the configuration of Network settings is complete, we are going to configure the next step
Choose "Windows domain"

Now we are going to the final step


We are not going to run the Web Access Wizard

4. Configure Internet Access:

Open Forfront TMG management console

At the left side, select "Firewall Policy" and create Access rule


Follow the Wizard to create the rule


Select "Allow"

In the protocols, choose "DNS", "HTTP" and "HTTPS"

In my case I choose to enable malware inspection

In the source network, choose "Internal"

In the destination network, choose "External"

I choose "All users"

Apply to save the rule access in Forefront

5. Internet Access Test:

I have a Windows 7 Client, so I'm going to test the Internet access on it

Let's try to open www.google.com before applying the rule


Now after applying the rule







12 comments:

  1. i have install TMG 2010 in windows server 2008 R2 and create internet access rule for client but when i test internet connectivity it dose not work, in fact it need proxy ip address in IE internet option, so what should i do that without setting proxy ip in IE my client access to interne.

    ReplyDelete
  2. You need to verify your rules. I think you are missed allowing DNS.

    http://itgration.blogspot.com/2014/10/install-microsoft-forefront-tmg-2010.html

    ReplyDelete
  3. Great firewall but why microsoft stopped it, it was a great product.

    ReplyDelete
    Replies
    1. It was meant as the firewall for Microsoft Exchange 2010, but when the next Exchange version was released, it came with better security features, requiring only the Web Application Proxy service installed on a member server.

      Delete
  4. please how do i set exceptions from the normal firewall rules for certain ip addresses.The general rule blocks all social media sites.how do i exempt some ip addresses?

    ReplyDelete