+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
Internet Related/Filtering/Firewall Thread, Microsoft Forefront Gateway in Technical; Would you recommend give Microsoft Forefront Gateway a try? I dont particularlly like e2bn (Protex) service Would prefere just to ...
  1. #1
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25

    Microsoft Forefront Gateway

    Would you recommend give Microsoft Forefront Gateway a try?

    I dont particularlly like e2bn (Protex) service

    Would prefere just to use one system, at the momment we are using Protex and impero. Thats when impero works, we have some much trouble with that.

    Would e2bn/LA stop this?


    What would you say?

    How easy is it to setup?

    Does this require entering a proxy address into Internet Explorer?
    That always causes a lot of problems for us, often staff forget to turn on the proxy when they get back to work.

    Any information and your thoughts would be good!
    Last edited by pritchardavid; 28th March 2011 at 10:33 PM.

  2. #2

    Join Date
    Feb 2008
    Posts
    4
    Thank Post
    1
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    So far don't know too much about TMG, except that it has a good Url database lookup.

    Common Q&A about TMG URL Filtering database - Forefront TMG (ISA Server) Product Team Blog - Site Home - TechNet Blogs

    I would be interested in the problems you have being experiencing with Impero?

  3. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,959
    Thank Post
    586
    Thanked 1,493 Times in 1,339 Posts
    Rep Power
    397
    Hmm promoting it on the basis of url filtering....

    Ben

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,683
    Thank Post
    823
    Thanked 2,569 Times in 2,186 Posts
    Blog Entries
    9
    Rep Power
    731
    TMG is alright, its just a fancy ISA server though and I have not personally used the filtering. Keep it on a physical box though as it seems to have issues when virtualised.

  5. #5

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    732
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    TMG is a really good and solid firewall that has deep packet inspection that goes beyond the usual so called hardware firewall that open ports myth. It works well as did ISA server 2004, 2006 (prev. versions). Obviously with TMG the URL filtering can also be activated (extra subscription or included in the enterprise pack of EES).

    I agree that it needs a dedicated box and with it being 64bit now you can addin more RAM. Its available as both appliance or as software you can install on your chosen server HW.

    Latest addition to URL (this is being developed and re-vamped with every update they have done for TMG) is the enforcement of safe search on search engines, ability to override URL category etc.

    The support for AD is also there to make the groups of URL categories easier to allocate to different users based on groups etc. I personally think its a good firewall and caching server although its main selling point is the firewall capability. The ability to easily publish Outlook web access, outlook anywhere, sharepoint to external users is brilliant and makes it worth while.

    The server license only costs about 150 for education customers and there is no need for CALs. CALs are required for the URL subscription but this is only is you use this and the CALS are covered by as i mentioned the enterprise pack on EES.

    Ash.

  6. #6

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,873
    Thank Post
    650
    Thanked 534 Times in 353 Posts
    Blog Entries
    3
    Rep Power
    200
    @prritchardavid @farwell

    Gladly help anyone having an issue with Impero just give me a pm, email or post on here etc..

    Russell

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,447
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    What problems are you finding with protx?

    I don't see how the LA could _stop_ you putting in additional filtering, although double-bagging your filtering has the odd isssue (block once, unblock twice) it is not totally impractical.

  8. #8
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    @ tom

    What I mean by stopping is this.

    With our Internet you HAVE to connect to it with using their proxy, they will only give you unfliltered internert if you have a good filtering system. That way if we done that, we can control what to block/unblock, would prefere one system instead of two. Plus may be faster as its local.


    @ Everyone

    With the last build of impero, 54 I think it was, its like it got very very restricted, even we have not changed the policies, even typing some thing simple like in google images it blocks it. Cant remember extually what the problems are.

    Did try redeploying it, but thats made quite a few computers with Impero not installed. Hopefully the new build that as been released is better, problery gonna have to reload the computer with a new windows 7 image. It doesnt like being installed on a windows 7 image through, so I will have to make a startup script to start the impero install when the computer starts the first time after windows installed. Im guessing it doesnt like being installed on a windows 7 image because I think it as drivers, which windows removes during System Preperation before the computer restart to create the image.
    Last edited by pritchardavid; 30th March 2011 at 10:05 PM.

  9. #9

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,873
    Thank Post
    650
    Thanked 534 Times in 353 Posts
    Blog Entries
    3
    Rep Power
    200
    If I remember right .54 was beta build. Have you got the default policies turned off and your own created.. Defaults are very restrictive we recommend disabling those and creating your own.

    Russ

  10. #10
    pritchardavid's Avatar
    Join Date
    Sep 2009
    Location
    South Ockendon, Thurrock, United Kingdom
    Posts
    932
    Thank Post
    18
    Thanked 64 Times in 58 Posts
    Rep Power
    25
    Quote Originally Posted by spc-rocket View Post
    TMG is a really good and solid firewall that has deep packet inspection that goes beyond the usual so called hardware firewall that open ports myth. It works well as did ISA server 2004, 2006 (prev. versions). Obviously with TMG the URL filtering can also be activated (extra subscription or included in the enterprise pack of EES).

    I agree that it needs a dedicated box and with it being 64bit now you can addin more RAM. Its available as both appliance or as software you can install on your chosen server HW.

    Latest addition to URL (this is being developed and re-vamped with every update they have done for TMG) is the enforcement of safe search on search engines, ability to override URL category etc.

    The support for AD is also there to make the groups of URL categories easier to allocate to different users based on groups etc. I personally think its a good firewall and caching server although its main selling point is the firewall capability. The ability to easily publish Outlook web access, outlook anywhere, sharepoint to external users is brilliant and makes it worth while.

    The server license only costs about 150 for education customers and there is no need for CALs. CALs are required for the URL subscription but this is only is you use this and the CALS are covered by as i mentioned the enterprise pack on EES.

    Ash.

    Thats a good price I would say

    What would we have to get? We have got the forefront suite (Microsoft Forefront Protection Suite Features) & Forefront Unified Application Gateway

  11. #11

    russdev's Avatar
    Join Date
    Jun 2005
    Location
    Leicestershire
    Posts
    6,873
    Thank Post
    650
    Thanked 534 Times in 353 Posts
    Blog Entries
    3
    Rep Power
    200
    Quote Originally Posted by russdev View Post
    If I remember right .54 was beta build. Have you got the default policies turned off and your own created.. Defaults are very restrictive we recommend disabling those and creating your own.

    Russ
    Sorry .54 wasn't a beta build that was me being silly at 10:30 at night .

    Also I should say that there are plans to change the way that the default policies work.

    Russ

  12. #12
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,059
    Thank Post
    112
    Thanked 63 Times in 44 Posts
    Rep Power
    54
    If anyone can give me some advice/help to correctly setup my routing tables for TMG so I do not keep getting spoofing messages I would greatly appreciate a PM I have read up about it but nothing I do seems to make any difference.

  13. #13

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    732
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by prritchardavid View Post
    Thats a good price I would say

    What would we have to get? We have got the forefront suite (Microsoft Forefront Protection Suite Features) & Forefront Unified Application Gateway
    Hi,

    The forefront protection suite will give you access to the URL filtering as well as the MS antivirus for various products such as exchange servers, sharepoint servers and normal desktops and servers. The unified application gateway is the SSL VPN offering from microsoft and should tie in nicely with TMG 2010. I think you will still need to buy the server copy (150 ) for TMG 2010 the URL filtering will be covered by the forefront suite i believe.

    Ash.

  14. #14

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    732
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by Disease View Post
    If anyone can give me some advice/help to correctly setup my routing tables for TMG so I do not keep getting spoofing messages I would greatly appreciate a PM I have read up about it but nothing I do seems to make any difference.
    Hi,

    Can you provide some info on your setup i.e. what your internal IP assigned to TMG and external or are you using it as a proxy server with one NIC?

    Ash.

  15. Thanks to spc-rocket from:

    Disease (31st March 2011)

  16. #15
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,059
    Thank Post
    112
    Thanked 63 Times in 44 Posts
    Rep Power
    54
    Thanks.

    I have posted you a PM with the details

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Forefront Threat Management Gateway 2010 - User web proxy logging
    By jamesfed in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 20th June 2011, 01:55 PM
  2. Forefront Threat Gateway
    By wesleyw in forum Windows
    Replies: 5
    Last Post: 14th October 2010, 07:17 AM
  3. Forefront TMG Default Gateway
    By teejay in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 26th January 2010, 02:34 PM
  4. Anyone using Microsoft Forefront?
    By GlennT in forum Wireless Networks
    Replies: 4
    Last Post: 9th September 2008, 11:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •