Forefront Threat Management Gateway (TMG) 2010 development is now finished, and its released - the 120 day evaluation version is available for download
I spent a few hours on the weekend upgrading my Internet edge access server at home from ISA to TMG 2010. There are some really exciting new features including EMP (Enterprise Malware Protection), URLF (URL Filtering), HTTPSi (HTTPS Inspection), NIS (Network Inspection System), ISPR (ISP Redundancy), ENAT (Enhanced NAT), EMS (Enterprise Management Server) and Stirling connectivity.
Forefront Threat Management Gateway 2010 allows employees to safely and productively use the Internet without worrying about malware and other threats. It provides multiple protection capabilities including URL filtering, antimalware inspection, intrusion prevention, application- and network-layer firewall, and HTTP/HTTPS inspection – that are integrated into a unified, easy to manage gateway, reducing the cost and complexity of Web security.
When the non-timebombed version is released shortly, you will be able to export your TMG evaluation configuration and reinstall on the non-evaluation code by:
1. Export (back up) the config (including secrets) 2. Remove TMG evaluation 3. Install TMG non-evaluation 4. Import (restore) the config
1. Export (back up) the config (including secrets)
2. Remove TMG evaluation
3. Install TMG non-evaluation
4. Import (restore) the config
From the announcement on the Forefront TMG (ISA Server) Product Team Blog:
It is our pleasure to announce that Forefront Threat Management Gateway (TMG) 2010 was released to manufacturing yesterday (Nov 16th, 2009) after completing 3 Beta releases and receiving extensive customer feedback. The trial version is available for download today, and the product will be widely available for purchase soon.
We encourage you to download the new release and evaluate it in your environment. Forefront TMG provides an unparalleled value to the network security marketplace by integrating multiple web security technologies into a single, comprehensive solution. Forefront TMG is also all about “the basics” to ensure that besides the breadth of new features, Forefront TMG also provides the best infrastructure to run those features: reliability, scalability, performance and security. I would also like to take this opportunity and personally thank the very active user community in providing feedback throughout the cycle. Your support in downloading, deploying early versions and providing feedback was essential for us in the process of creating this product. We have incorporated significant parts of this feedback into the product, which is important in the process of making a great product.
In the following sections I will list some of the new functionality that we have added into TMG and will cover some of our infrastructure investments.
Secure Web Gateway Forefront TMG is a Secure Web Gateway (SWG) that improves security enforcement by integrating multiple detection technologies such as URL filtering, Anti Malware, and intrusion prevention into a single, easy-to-manage solution. We have seen a lot of interest in the features that comprise this solution, so here is some information on what they do and how:
URL Filtering: URL Filtering allows controlling end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or nonproductive materials, based on URL categories. TMG features over 80 URL categories including security-oriented categories, productivity-oriented and liability-oriented categories. Forefront TMG uses Microsoft Reputation Services (MRS), a cloud-based categorization system hosted in Microsoft data center. To ensure the best bandwidth utilization and low latency, Forefront TMG has implemented a local URL cache. There is a lot more on URL Filtering available in an earlier URL Filtering post.
Anti Malware: Stopping malware on the edge significantly decreases the possibility that a virus will hit a computer with anti-virus signatures that are not up-to-date or a test computer without an anti-virus to protect it. TMG has integrated the Microsoft Anti Malware engine to provide world class scanning and blocking capability on the edge.
Network Inspection System (NIS): NIS is a generic application protocol decode-based traffic inspection system that uses signatures of known vulnerabilities, to detect and potentially block attacks on network resources. NIS provides comprehensive protection for Microsoft network vulnerabilities, researched and developed by the Microsoft Malware Protection Center - NIS Response Team, as well as an operational signature distribution channel which enables dynamic signature snapshot distribution. NIS closes the vulnerability window between vulnerability disclosures and patch deployment from weeks to few hours.
In addition, we have introduced HTTPS scanning to enable inspection of encrypted sessions, eased the deployment and management with a set of easy to use wizards and significantly improved logging and reporting to provide full visibility into how your organization is accessing the web and whether it’s compliant with your organization’s policy.
VPN, Firewall, Email Protection and Infrastructure. We have also made significant investments to ensure that we keep delivering top notch VPN and Firewall functionality. We made quality improvements in Web Caching and made sure it works well with the new Windows 7 BranchCache feature. We have added several new features, among them: Email Protection, ISP redundancy, NAP integration with VPN role, SSTP, VoIP traversal (SIP support), Enhanced NAT, SQL logging and Updated TMG Client (previously known as the Firewall Client). In addition TMG was built as a native 64bit product that supports Windows Server 2008 R2, and Windows Server 2008 SP2, allowing better scalability and increased reliability.
These improvements are in direct response to your requests and protection needs. We firmly believe that listening to your voice makes our product better! We are looking forward to hearing what you think about TMG 2010 as you test and deploy in your own environment. So go ahead and download it today to try it out!