SYNACK (19th October 2011)
Be interesting to see if it actually works when passing high traffic volumes now....
Nice, it now has a mode to install it on a RODC.
Will be applying it to our box tonight... will see how it goes. I hope not badly as that'll be my evening gone!!
Ours consistently block traffic from vpn connected remote sites, for no reason. Or lock up totally, requiring a hard boot, or just blacklist whole subnets. On the initial rollout I had to rebuild it about three times due to issues with R2, then 64bit, then our network layout in general.
MS could never get to the bottom of it, even after talking to the dev team, so we've been ripping them all out and replacing them with Cisco ASA's (aside from exchange/sharepoint publishing). Shame as the ISAs we had before worked fairly reliably.
in short, I hate them. with a passion.
I have been working with proxy2.0/isa2000/isa2004/isa2006/TMG for many years now and i agree that ISA2006 was most stable. I hope that SP2 fixes the few glitches we have with TMG
Just installed it here and it has not killed anything, did not even require a pc reboot. I also hope like bio that this fixes some of the outstanding niggles and brings it up to ISA's standards.
I haven't had the stability problems others have had, but I also installed it with no problems on Thursday
TMG on 2008R2 under Hyper-V here.
From here: What the demise of Forefront TMG means for Windows Server
You may have noted that this past spring, Microsoft told the analyst firm Gartner that it wouldn’t be producing another shipping version of its Forefront Threat Management Gateway software.
Specifically, Microsoft indicated—strangely, only in this report and not in any other external communications—that it has placed Threat Management Gateway (TMG) in sustained engineering mode, and it doesn’t intend to offer products in the firewall and secure gateway space in the future. In effect, the product is dead, and in the future it will only get security updates and critical bug fixes; no further innovation will happen on the code base, at least in its present form.
This move left many scratching their heads. From its previous incarnation as Microsoft ISA Server through its rebranding into the Forefront line of products, TMG was considered a “best of breed” product in the security and edge-ware space. Despite it not being—and in some customers’ view, because it wasn’t—an appliance, TMG’s clever and intuitively set-up stateful packet inspection services and Web caching made it a go-to product in many Microsoft shops.
So the folks with the biggest and deepest investments in TMG—the ones using it day in and day out on their networks to keep the bad guys out—are naturally wondering where this move leaves them. What of TMG, and perhaps more importantly, what are the options for the future?
The clearest, most direct option Microsoft has is to fold TMG into its Unified Application Gateway (UAG) product, which is essentially a filter on inbound access to corporate resources. UAG is based on the same filtering engine as TMG; the direction of supported traffic is simply switched. This makes for a logical, and probably relatively simple, move to integrate the now-defunct TMG capabilities into the newer product the software giant is fond of pushing. However, UAG has its disadvantages: it’s mainly available only as a hardware and software combination, it’s somewhat clunky interface-wise, and it’s a lot more costly than TMG ever was. By subsuming the popular bits into a relatively unpopular product, Microsoft might be pushing for more adoption of UAG, but perhaps at an ultimate cost of customer satisfaction.
A less clear but undoubtedly more popular option would be simply to include TMG’s core capabilities within Windows Server 8. Microsoft has already been emphasizing the importance of device firewalls and making sure, from a defense-in-depth standpoint, individual machines and endpoints have the capability to withstand attacks. Including the TMG engine for free to anyone who buys a server license could appeal to both this logic and the customer base and allow the positive aspects of TMG to not get lost within a more complicated, specialized product.
Clearly for shops with a significant investment in ISA Server, Threat Management Gateway and so on, the absence of a future roadmap for the product—and its relegation to the backburner, being provided only security fixes for a limited period of time—is a point of concern. The window is now open for other vendors to provide integration and migration services to TMG customers as Microsoft exits this market. If you’re rethinking your edge protection, it’s a smart move to exclude Microsoft from your plans. In any event, they’ve decided to move on, and you should, too.
SYNACK (24th October 2011)
There are currently 1 users browsing this thread. (0 members and 1 guests)