LinkBack URL
About LinkBacksAs Forefront Threat Manager Gateway has been retired so to speak. What is out there as an alternative? Do I look at software or hardware?
Thanks
Anthony
As Forefront Threat Manager Gateway has been retired so to speak. What is out there as an alternative? Do I look at software or hardware?
Thanks
Anthony
We built our network from the ground up after leaving a BSF Managed Service over the summer just gone - We decided to go with a Smoothwall UTM-1000 appliance, soon realising how awesome the UTM 1000's OS was we decided to buy a basic Dell PowerEdge and install the Smoothwall UTM software on it and run both in an active-active failover array. So far we have been extremely impressed with the setup, we throw a LOT of traffic at the array and it handles it with ease, only a few times during peak hours has the UTM-1000 reported high resource usage on CPU load. The filtering is spot on, better than most of the other products we played with when evaluating appliances over the summer.
We have recently purchased six more UTM series OS licences and six HP microservers to install into our parter primary schools - The plan is to mave all six remote Smoothwall UTM's monitoerd, updated and managed from our central UTM array
We also use TMG/UAG for remote access and webapps, although its earmarked for end of life I'm not worried about it and it will be fit for purpose for a while to come.
Last edited by Zimmer; 14th December 2012 at 02:14 PM.
This is interesting - I've also just started to look at alternatives to TMG - in particular I'm keen for something that will do the reverse proxying that I use for publishing sites.
It's a bit of an odd move for Microsoft I think... I know a lot of people dislike ISA and TMG - but I've found them both to be pretty good.
It had to go becusse Microsoft's view of the future is for everyone bar the largest of Enterprises and those with very specific regulatory requirements is that every thing is delivered from Azure/Office365/etc to BYOD.
A cost effective flexible firewall is something that helps support inertia of the current status quo. It had to be got rid of. It is clear that this plan was their internal strategic road map for at least four years (evidenced by the lack of IPv6 support, Lack of SIP support for their own VoIP product, retreat from 3rd party oem market, pointless name change, and finally: no incremental improvements to what promised to be a killer feature: URL/Content filtering)
IMO.
Right now I'm in no hurry to migrate off, but I'm keeping an eye on SmoothWall and the Sophos UTM offer, and while looking at SIP/VoIP a few people recommended the ASA 5xxxx range.
Last edited by psydii; 15th January 2013 at 12:28 PM.
I've been looking at Meraki of late - seen a few too many people on here have to do all kinds of crazy stuff to their Smoothwalls and so far this is looking like my best bet.
Web filter/firewall and site to site VPN appliance (with WAN accelerator) all in one with Layer 7 application filtering and traffic shaping!
psydii (16th January 2013)
This is what I need to know now too!
Were doing our Microsoft Renewal at the momment
So we need to know what to use weather to change from TMG to UAG on this, or get rid of TMG use what? Smoothwall?
We only are using the reverse proxy to publish Facility ePortal, Remote Desktop, Two School Websites, VLE
Would also like to add the following soon, Exchange, Lync, Sharepoint, Direct Access (Maybe)
What is the best to use? Is there anything I use use just for publishing? or is it better to use UAG or Smoothwall? (Also what Smoothwall software product to use?)
Hmm... interesting.
I think I'm going to sit tight with TMG for a while and spend some time at BETT seeing what alternatives are available.
It doesn't appear that there is a single product available that will replace TMG in the ways I use it - Firewall, Proxy, Reverse-proxy, VPN... etc.
Im currently using it too - and not in a big rush to change as it needs development from the other players in the market to support the SSO for internal and external sites like Exchange, Sharepoint, Lync, HAP, Helpdesk etc...
Have you been told that you can keep TMG? I was told that we cannot continue to use it on a subscription basis, and it was withdrawn from sale on the 1st December 2012. At that point I had a good cry and ate an entire tub of cookies and cream ice cream as I wasn't planning on redoing the entire edge of our network from the receipt of the 60 day renewal letter.Originally Posted by pritchardavid
That's the biggest hurdle for us. If it turns out that we definitely can't get MS to extend it for us, from preliminary research we're going to need at least two products to get near to all of the functionality we've currently got with TMG.
You can buy a 'permanent' TMG license from what I've been told.
There isn't a Microsoft product that takes on all the aspects of TMG. They have UAG which does a bit, but proxying/caching would require a third party product.
Sadly, we're not having a great deal of luck. Has anyone else actually managed to purchase or renew TMG recently, i.e. in 2013? The reply our reseller got was:
"there is no option for a school... on an OVS-ES to continue to procure and use it..."
They wouldn't even let us buy a copy outright.
That's a bit of a bugger.
I like TMG - it's working well for us... but I suppose it's time to look at other products that will do what we want to do. Has anyone made any progress on this? Seems crazy to reinvent the wheel!
I'm using TMG for publishing our webite, email (OWA) and citrix access systems. Gutted that TMG isn't going to be around anymore as its been great since we first used ISA 2004. Now I'll have to find an appliance that will do all of the publishing etc that TMG does so well! Thanks a lot MS, one of your best products discontinued, and you offer the utter steaming pile of kak that is windows 8!
What is quite scary for me is that I spend most of my time in the Firewall these days, since the edge is where it's happening... almost everything worthwhile involves traffic crossing it.. and since I like the concept of 'least necessary access' almost anything new that isn't straight-up HTTP involves a new rule or an adjustment to existing one. It will only get more fun when we start with BYOD or 1:1.
The Firewall is (after DNS) the single most critical piece of an organisation's infrastructure. I love the fact you can run packet capture ON THE BOX, while looking at a high level traffic analysis report to help you make sense of what you are seeing. It's demise is a tragedy.
Still SmoothWall, Meraki and Sophos UTM (formally Astero) seem the most likely candidates. I've got another couple of years before I need to make the jump though... so it will be interesting to see how the market develops. Here is a link to the 2012 Gartner Magic Quandrant for UTM devices. (hosted by Sophos, who get a favourable showing) Download the Gartner Magic Quadrant for UTM | Sophos
Abandon ware? Is it like SharePoint designer where they don't really care anymore, hell even ISA can still work as a decent solution. TMG should be good for another while yet as long as they don't get pissy about its continued use.
Massive shame about it going though I know of no other product that handles the same scope of operation so easily and elegantly.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
