Introducing a New Era for ISA Server

! New ISA Server - Forefront Threat Management Gateway (TMG)

Eduardo Petizme.com | MVP — Wed, 09 Apr 2008 13:37:27 GMT

Hi all, As Forefront MVP I already know about it, but now (April 9th) it's public. "... the

NTLM-fallback please

onovotny — Wed, 09 Apr 2008 16:52:01 GMT

I'm not in the TAP and I didn't see any other place to provide ISA feedback --

Please allow for Forms-based Auth to use both Basic and NTLM authentication in the fallback mechanism.

The main reason for this is to support publishing both TS Gateway and OWA using the same listener. TS Gateway's HTTP/RPC needs NTLM and Outlook's HTTP/RPC can use NTLM. ActiveSync needs Basic.

Currently deploying all of these services requires two listeners on two IP addresses. One for FBA/Basic -- everything except TS Gateway & Outlook Anywhere using NTLM, and the other using HTTP Auth / NTLM. For a small business, or even a larger one, it would be far simpler if everything could be on a single listener on a single external IP. The only thing standing in the way is that FBA can't fallback to NTLM.

I ask you to please strongly consider adding this.

Thanks,

Oren

re: Introducing a New Era for ISA Server

gazanga — Wed, 09 Apr 2008 18:11:35 GMT

It requires some hacking, but you can make ISA do that. I'm rolling out TS GW like that now.

I'm excited and nervous about the change. I would like to see ISA be able to dive further inside of the packet to do more intelligent application filtering, but I'm worried the product will begin to slide away from it's original purpose. Of course upon writing that, I realize original purpose was proxy so I guess I have to withdraw my argument hehe.

Does MS ever hire Consultants for ISA only? I've tried finding an opportunity as a MS consultant position and yet to find one.

Infos zur naechsten ISA Server Generation

Forefront & Security Blogs — Wed, 09 Apr 2008 19:07:14 GMT

Seit heute sind nun einige Informationen rund um die neu Forefront-Generation (Codename "Stirling"

What will happen with IAG?

rhelmer — Wed, 09 Apr 2008 19:56:07 GMT

It seems nothing was announced regarding how the recent changes around the Forefront brand affects IAG. Will it be merged into TMG? Is it being spun off? Some guidance on the IAG product roadmap would be much appreciated.

Thanks for the info on TMG! Looks exciting. :)

re: Introducing a New Era for ISA Server

onovotny — Wed, 09 Apr 2008 20:49:02 GMT

Gazanga,

Could you please share the details of how you got Forms-Based Auth to fallback to NTLM (or how you got TS GW deployed)?

I have looked and haven't seen much on that topic yet.

Объявлен ISA vNext - Forefront Threat Management Gateway

Sergey Simakov — Wed, 09 Apr 2008 21:31:55 GMT

На проходящей конференции RSA Security официально объявлено имя продукта, приходящего на смену межсетевому

re: Introducing a New Era for ISA Server

someone — Wed, 09 Apr 2008 21:44:58 GMT

Just to be sure, this will still run on Server 2003 32-bit hosts right?

re: Introducing a New Era for ISA Server

isablog — Thu, 10 Apr 2008 14:59:27 GMT

someone:

Server 2003 - no. Unfortunately, the differences in the networking/firewall integration hooks between Server 2003 and 2008 are too great for TMG to support both.

32-bit - We may provide a 32-bit for evaluation and demo purposes, but it will not be supported for production. This is the same like Exchange2007.

Объявлен "наследник" ISA - Forefront Threat Management Gateway

External News — Thu, 10 Apr 2008 16:19:03 GMT

Как сказано в статье- http://blogs.technet.com/ssimakov/archive/2008/04/09/isa-vnext-forefront-threat-management-gateway.aspx

re: Introducing a New Era for ISA Server

verypsb — Fri, 11 Apr 2008 09:08:49 GMT

I really hope that the funtionality of IAG (Internet Access Gateway) will be included in Forefront TMG (Threat Management Gateway)...

re: Introducing a New Era for ISA Server

IanC — Fri, 11 Apr 2008 14:06:53 GMT

Regarding Whale IAG. My understanding is that this will now be integrated in to the new TMG product.

My question... Will Microsoft be showcasing TMG at the forthcoming Infosec Europe event in London?

Ian Currie

May 2008 - Technical Rollup Mail - Internet

Technical RollUp — Thu, 01 May 2008 10:32:25 GMT

News Microsoft Internet Security and Acceleration Server Forefront Threat Management Gateway, the Next

re: Introducing a New Era for ISA Server

isablog — Sun, 11 May 2008 17:58:10 GMT

Regarding NTLM-fallback ...

This is more complex than it sounds, since the delegation auth options are somewhat dependent on the initial authenticaiton method.

If FBA fallback includes NTLM, then the only delegation method available to you would be KCD.

What you can do is use FBA/Basic auth at the listener and delegate using KCD or Negotiate/NTLM.

I realize this doesn't answer you request, but it should get you past the auth disparity between aqpplications.

ISA / IIS / Biztalk / WSPS / MOSS Info for the Month of April

Heavy on the Technical — Sat, 24 May 2008 21:03:20 GMT

News Microsoft Internet Security and Acceleration Server Forefront Threat Management Gateway, the Next

They say it better than I can...

Dougs Blog >> Exchange Server in the field — Mon, 02 Jun 2008 11:23:05 GMT

Just want to point you to a few blog articles I have read recently just in case your search doesn't reveal