AD Marker method used for automatic detection for Firewall clients

ForeFront TMG Beta 2 introduces AD (Active Directory) Marker as the new method used for automatic detection of the location of the server for Firewall clients.

If AD Marker is not deployed, then the Firewall client will fall back to DHCP and DNS. This is to enable backward compatibility and allows you to choose.  Note that fallback to DHCP or DNS will not occur if FWC fails to verify that AD Marker absence is due to the fact it was not deployed (e.g. AD is not available, an unexpected error occured during the AD query, etc.). This is being done to mitigate a situation where an attacker might try to force fallback to a less secure method.

Note that using Active Directory is not supported for workgroups. Also note that previous versions of FWC will not be affected, they will keep using DHCP/DNS, even if AD Marker was deployed.

Ran Didi
Software Development Engineer – TMG team