Introduction Voice over IP (VoIP) communications are transmitted via the internet and therefore need to be allowed to pass through your firewall. A basic VoIP call is based on Session Initiation Protocol (SIP), which is the most common protocol used today. A SIP VoIP call is carried out using User Datagram Protocol (UDP), and incorporates…
Year: 2009
Common Problems while Implementing HTTPS Inspection on Forefront TMG 2010 RC
1. Introduction The HTTPS Inspection feature on TMG 2010 can protect internal client workstation from accessing non legitimate HTTPS web sites. The whole idea is to avoid that client open a SSL tunnel with the destination server and the content that pass through this tunnel not being inspected, causing a potential way for malicious…
Network Inspection System (NIS) in Forefront TMG Release Candidate
TMG Community, We are pleased to announce that the release candidate (RC) update for Forefront Threat Management Gateway (TMG) will include several important developments for the Network Inspection System (NIS), the signature-based part of the Forefront TMG Intrusion Prevention System: The NIS Engine can now be updated dynamically, in conjunction with NIS Signature set update,…
Understanding HTTP logging in Microsoft Forefront TMG
Consider a firewall policy which contains two Web access rules: 1. My Public Restrictive access rule- Allow traffic from internal network to a restricted set of URLs on the external network. 2. My Private Permissive access rule- Allow traffic from a limited subnet to all destinations on the external network. As a simple example, at…
The ISP Redundancy Feature of Forefront TMG
Overview Today, more and more businesses rely on their Internet Service Providers (ISP) to handle their outside Internet communications. Sending emails, browsing the web and any other web related actions are essential business infrastructure services that are only available as long as the ISP line is up and running. Keeping a stable, available and reliable…
Problems with user sets in cross forest scenarios
In cross forests scenarios, where users are migrated from one Active Directory forest to another using ADMT and enabling sidHistory, users from one forest may be denied traffic by ISA if policy rules are restricted to certain user sets. For example, consider the following scenario: 1. You have user accounts in an Active Directory forest…
Forefront Threat Management Gateway 2010 Release Candidate Now Available
Today we are excited to announce the availability of Forefront Threat Management Gateway 2010 Release Candidate. Please go ahead and download to try it out. We are looking forward to receiving your feedback! While the Beta 3 release was feature complete and no new major features were introduced in the Release Candidate, there are…
MRS Feedback and Error Reporting Portal (beta) is live
As you may know, the Forefront TMG URL filtering feature is using categorization data provided by Microsoft Reputation Services (MRS). Improving the quality of categorization data is an ongoing process. In a recent post, we highlighted some of the steps taken in order to improve the coverage and accuracy of the URL database. This included…
Mainstream Support Ending for ISA Server 2004 Standard Edition SP3
This is just a reminder, that mainstream support for ISA 2004 Standard Edition SP3 is going to end next week (October 13th , 2009). That means that starting Oct 13th, the Forefront Edge product team will not issue non-security hotfixes, and will not accept any DCRs for ISA Server 2004 Standard Edition. Security hotfixes and…
Introducing the Forefront Experts Blog
Hello Community: I have not been posting as much directly here on the technical blog as the rest of the team. I hope you are enjoying the wave of technical content that is now coming out about the upcoming TMG release. This was based on direct feedback and in response to your demand. Let us…