Issues after updating the ISA Management console on a Windows Vista/7 client

Issues after updating the ISA Management console on a Windows Vista/7 client If you start the Management console after installing an ISA update or service pack, regardless if you updated it via Windows Update or by manually downloading/installing a hotfix, you may the following Error Message: Looking in the Application Event log on your client…


Forefront TMG and BranchCache: Which should I deploy in my organization?

Branch offices are often connected to a corporate headquarters or corporate data center to access Line of Business (LOB) applications via a WAN link. Depending on the deployment, branch offices may connect directly to the Internet, or indirectly via the WAN link. WAN links can be slow, so organizations often look for ways to optimize…


Error 500 “Not Supported” while browsing Internet through ISA Server 2006

1. Introduction   This post is about a specific condition that can triggers the “Not Supported” error while browsing some web sites through ISA Server. The error message that the end users receives is similar to the one shown below:       The ISA Diagnostic Logging will not say much beyond that but if…


TMG Client introduces automatic detection using Active Directory

1. Introduction   The new TMG Client that is available on TMG 2010 is now capable of performing automatic discovery using a record that resides on Active Directory. TMG Client still able to use the traditional methods (DHCP / DNS) for automatic discovery, the difference now is that if both options are enabled on UI…


Forefront TMG is SIP-aware

Introduction Voice over IP (VoIP) communications are transmitted via the internet and therefore need to be allowed to pass through your firewall. A basic VoIP call is based on Session Initiation Protocol (SIP), which is the most common protocol used today. A SIP VoIP call is carried out using User Datagram Protocol (UDP), and incorporates…


Common Problems while Implementing HTTPS Inspection on Forefront TMG 2010 RC

1. Introduction   The HTTPS Inspection feature on TMG 2010 can protect internal client workstation from accessing non legitimate HTTPS web sites. The whole idea is to avoid that client open a SSL tunnel with the destination server and the content that pass through this tunnel not being inspected, causing a potential way for malicious…


Network Inspection System (NIS) in Forefront TMG Release Candidate

TMG Community, We are pleased to announce that the release candidate (RC) update for Forefront Threat Management Gateway (TMG) will include several important developments for the Network Inspection System (NIS), the signature-based part of the Forefront TMG Intrusion Prevention System: The NIS Engine can now be updated dynamically, in conjunction with NIS Signature set update,…


Understanding HTTP logging in Microsoft Forefront TMG

Consider a firewall policy which contains two Web access rules: 1. My Public Restrictive access rule- Allow traffic from internal network to a restricted set of URLs on the external network. 2. My Private Permissive access rule- Allow traffic from a limited subnet to all destinations on the external network. As a simple example, at…


The ISP Redundancy Feature of Forefront TMG

Overview Today, more and more businesses rely on their Internet Service Providers (ISP) to handle their outside Internet communications. Sending emails, browsing the web and any other web related actions are essential business infrastructure services that are only available as long as the ISP line is up and running. Keeping a stable, available and reliable…


Problems with user sets in cross forest scenarios

In cross forests scenarios, where users are migrated from one Active Directory forest to another using ADMT and enabling sidHistory, users from one forest may be denied traffic by ISA if policy rules are restricted to certain user sets. For example, consider the following scenario: 1.      You have user accounts  in an Active Directory forest…