Figure 1 - IE proxy settings

Assumptions:

• Web-access rule was created
• A LAT (Local Address table) is configured
• Web Caching is configured

Test steps:

1. Point a client browser to your proxy server (See Figure 1, for one of the methods to do this).
2. Browse to http://www.whatismyip.com and confirm your proxy and external IP settings.
3. Browse to http://YourIntranetWebsite.com - You should go through your proxy when the ‘bypass’ flag is turned off on the client browser.
4. Browse to https://YourOWAwebsite.com and conduct a short OWA session.
5. Browse to well-known websites, such as http://www.cnn.com, http://www.nba.com, http://www.bing.com and http://www.google.com. Make sure they are all responsive and with no distortions.
6. Download a large file from two different computers. The second computer should download the file much faster as the file should be served from the cache. Check in the log-viewer that this is true.  
7. Open an FTP connection to ftp://ftp.hp.com. You should be able to login and list/download files.
8. If you don’t create a web-proxy session or fail on any of the above steps, go to “Logs&Reports\Logging” and initiate a query to detect and analyze the traffic from your client machine.

Figure 2 - Client browser side

Assumption:

• You have EMP configured

Test steps:

1. Browse to http://www.eicar.org/anti_virus_test_file.htm
2. Download one of the test virus files using the standard protocol http
3. EMP should identify the virus and send the client a blocking message, as appears in Figure 2.
4. Validate this by running a query on the Forefront TMG Log-viewer, filtered by “Malware Inspection result = Infected File”  (see Figure 3)

          Figure 3 – TMG Log-viewer side

Figure 4 – Forefront TMG Update Center view

• Make sure that the EMP signature definitions are up to date, as shown in Figure 4. Install any updates listed.

Figure 5 – Forefront TMG certificate

Assumptions:

• You have HTTPSi and EMP configured
• You have destination or source exemptions configured.
• You have the latest TMGC (Forefront TMG client that supports HTTPSi notofications) deployed.

Test steps:

• Eicar has SSL test signatures so that you can test HTTPSi and EMP

1. Browse to - http://www.eicar.org/anti_virus_test_file.htm to check that EMP is working and scanning the traffic over the SSL channel.
2. Download one of the test virus files using the secure, SSL enabled protocol https.
3. EMP should identify the virus and send the client browser a notification.
4. Browse to an SSL website and check that the certificate is from TMG (as shown in Figure 5).

Figure  6 – Website security warning for a non-trusted certificate

• Check that the client workstation does trust the certificate that TMG is using when trying to get a secured website. This ensures that clients don’t see the Certificate Error page shown in Figure 6. If the Certificate Error page appears, the certificate is not properly deployed to the client machine.
• Validate exceptions for HTTPS Inspection, either for the source or for the destination. Do this by browsing to a Web site that is excluded or by browsing from a computer that is excluded and verify that the certificate is not from TMG.
• Run a query on the Forefront TMG Log-viewer filtered by “Malware Inspection result = Infected File” and the time of the request. Check that the Destination Port and Protocol are 443 & https-inspect respectively (see Figure 7).

           Figure 7 – Forefront TMG Log-viewer

Figure 8 – Forefront TMGC HTTPSi notification

• Check that the HTTPS Inspection client notification is being sent to the client machine (you need to have TMG client installed), as shown in Figure 8, upon requesting a non-excluded SSL website.

Figure 9 – URLF blocking page

Assumptions:

• URLF is configured
• You have overridden a URLF Category for a specific website.

Test steps:

1. Browse to sites that should be blocked by URLF depending on your configuration. Confirm that the user is getting the correct custom message (an example is shown in Figure 9) or being redirected according to the policy (or check the default message).
2. Browse to a site that has a category override and make sure that it is allowed or blocked depending on the configuration.
3. Check that you can run a query from the URLF UI.
4. Check that you can query and report classification issues to Microsoft from MRS (Microsoft Reputation Service) website.
5. TMG Log-viewer: run a query filtered using the “Blocked Web Destinations” rule and make sure the URL Category detected is correct (see Figure 10).

          Figure 10 – TMG Log-viewer URLF query 

Figure 11 – NIS blocking page

Assumption:

• You have NIS configured

Test steps:

1. Enter the following test signature URL in your client web browser to test NIS. If NIS is working, the attempt to open the website should be blocked by TMG with a TMG generated message, as illustrated in Figure 11.
2. Confirm that you get an alert on signature detection or block (see Figure 12):

          Figure 12 -  TMG alert upon blocking signature

    3.  Run a query in the TMG Log-viewer, filtered by “NIS scan result = Blocked” and confirm detection.

         Figure 13 – TMG Log-viewer query result for blocked signatures

Figure 14 – TMG IPS\NIS UI

• Check that you get signature updates in TMG IPS (Intrusion Prevention System)\NIS UI, as shown in Figure 14.