Today, more and more people deploying Forefront TMG for various business needs are approaching us, asking for a methodical post deployment sanity test checklist. Forefront TMG is packed full with new and existing features that need to be verified when deployment is completed.
In this post I’ll list Forefront TMG SWG (Secure Web Gateway) features, and how to check and validate functionality for each feature after you deploy Forefront TMG and before you put it in full production.
Figure 1 - IE proxy settings
Figure 2 - Client browser side
Figure 3 – TMG Log-viewer side
Figure 4 – Forefront TMG Update Center view
Figure 5 – Forefront TMG certificate
Figure 6 – Website security warning for a non-trusted certificate
Figure 7 – Forefront TMG Log-viewer
Figure 8 – Forefront TMGC HTTPSi notification
Figure 9 – URLF blocking page
Figure 10 – TMG Log-viewer URLF query
Figure 11 – NIS blocking page
Figure 12 - TMG alert upon blocking signature
3. Run a query in the TMG Log-viewer, filtered by “NIS scan result = Blocked” and confirm detection.
Figure 13 – TMG Log-viewer query result for blocked signatures
Figure 14 – TMG IPS\NIS UI
This blog post describes the post deployment checklist for SWG (Secure Web Gateway) features - It is not a deployment/troubleshooting guide.
Features covered here for sanity testing are Forward Proxy, EMP (Enterprise Malware Protection), URLF (URL Filtering), HTTPSi (HTTPS Inspection) and NIS (Network Inspection System).
With the same subject, in the next post, we’ll cover other Forefront TMG features for the sanity test checklist, such as Reverse proxy (web-publishing), VPN (both SSTP & PPTP), Setup, Upgrade, ISPR (ISP Redundancy), Reporting, ENAT (Enhanced NAT), EMS (Enterprise Management Server) and Stirling connectivity.
Microsoft Forefront TMG test team
Gershon Levitz, James Kilner