TMG – Making Firewall Management an Easier Task

  • Article

1. Introduction

I was Proxy 2 administrator back in 1997 in a technology school, in 2000 I took my Proxy 2.0 exam and when ISA 2000 was released I was really like: WOW, that’s a huge change. It was indeed a great moving from a simple Proxy to a more robust Proxy with Firewall capabilities. But when I see TMG changes and I compare to ISA 2006, I have a great feeling that this is also a huge step towards an even better firewall with tremendous capabilities. There are so many good things on TMG that sometimes we overlook the hard work that the Product Team had to make the administration and management easier.

In this post I want really to emphasize some new features that are not related to security, but related to how a Firewall administrator’s experience was improved in this release.

2. More than a Getting Start Wizard

Do you know how many times I received a call where the firewall administrator was unable to make the basics? What basics? Allow secure web access for example. I had many situations in the past that creating a rule in the right manner was a nightmare for the administrator with less experience. The idea behind the getting start wizard is really to improve the administrator’s experience with the product and allow him to perform the essential configuration after install the product.

3. Just Search and Find it

I have to admit that for an ISA firewall administrator with one hundred rules to manage, look for the rule that he wants to change it was not that easy. When you are administering a firewall where you installed from the scratch and you know all the rules by heart, things are easier. But what about someone that just got a new job as Security Admin and needs to manager ISA with hundreds of rules? Well, that’s complicated.

The new search feature on TMG is perfect for this scenario and it is pretty accurate on the search result. Don’t have enough rules to try out? Just do this:

1. Right Click on Firewall Policy

2. Click View and click Show System Policy Rules

3. In the Search field type SSTP and hit ENTER

4. Check it out the result J

4. NLB – Making Multicast Easier

Who haven’t thought: why we need so many steps to enable Multicast on ISA Server 2006? I heard this question from administrators many times. Although it was a great step making ISA Server 2006 capable to support NLB Multicast, the administrator’s experience to enable that was not smoothly as they want. TMG make things easier on this as well. Now with an option that allows you to change the NLB mode in the UI:

5. Single Place to Administer your Network Adapter

Why go to Windows to change IP? Why go to Windows to add a static route? TMG makes the administration of those simple tasks even easier. You can change your IP directly from the TMG console and also view/delete or add routes from the same TMG console.

6. What Else?

Since I know that there are much more tasks that can be accomplished through TMG which are great improvements in the administration’s experience I will leave this question open. What else do you most like on TMG? Write you comment and share with all.