Internet Related/Filtering/Firewall Thread, Microsoft Forefront Gateway in Technical; Would you recommend give Microsoft Forefront Gateway a try?
I dont particularlly like e2bn (Protex) service
Would prefere just to ...
28th March 2011, 10:01 PM #1
Microsoft Forefront Gateway
Would you recommend give Microsoft Forefront Gateway a try?
I dont particularlly like e2bn (Protex) service
Would prefere just to use one system, at the momment we are using Protex and impero. Thats when impero works, we have some much trouble with that.
Would e2bn/LA stop this?
What would you say?
How easy is it to setup?
Does this require entering a proxy address into Internet Explorer?
That always causes a lot of problems for us, often staff forget to turn on the proxy when they get back to work.
Any information and your thoughts would be good!
Last edited by pritchardavid; 28th March 2011 at 10:33 PM.
30th March 2011, 05:05 PM #2
- Rep Power
So far don't know too much about TMG, except that it has a good Url database lookup.
Common Q&A about TMG URL Filtering database - Forefront TMG (ISA Server) Product Team Blog - Site Home - TechNet Blogs
I would be interested in the problems you have being experiencing with Impero?
30th March 2011, 05:08 PM #3
Hmm promoting it on the basis of url filtering....
30th March 2011, 05:50 PM #4
TMG is alright, its just a fancy ISA server though and I have not personally used the filtering. Keep it on a physical box though as it seems to have issues when virtualised.
30th March 2011, 07:09 PM #5
TMG is a really good and solid firewall that has deep packet inspection that goes beyond the usual so called hardware firewall that open ports myth. It works well as did ISA server 2004, 2006 (prev. versions). Obviously with TMG the URL filtering can also be activated (extra subscription or included in the enterprise pack of EES).
I agree that it needs a dedicated box and with it being 64bit now you can addin more RAM. Its available as both appliance or as software you can install on your chosen server HW.
Latest addition to URL (this is being developed and re-vamped with every update they have done for TMG) is the enforcement of safe search on search engines, ability to override URL category etc.
The support for AD is also there to make the groups of URL categories easier to allocate to different users based on groups etc. I personally think its a good firewall and caching server although its main selling point is the firewall capability. The ability to easily publish Outlook web access, outlook anywhere, sharepoint to external users is brilliant and makes it worth while.
The server license only costs about £150 for education customers and there is no need for CALs. CALs are required for the URL subscription but this is only is you use this and the CALS are covered by as i mentioned the enterprise pack on EES.
30th March 2011, 09:19 PM #6
Gladly help anyone having an issue with Impero just give me a pm, email or post on here etc..
30th March 2011, 09:33 PM #7
What problems are you finding with protx?
I don't see how the LA could _stop_ you putting in additional filtering, although double-bagging your filtering has the odd isssue (block once, unblock twice) it is not totally impractical.
30th March 2011, 10:03 PM #8
What I mean by stopping is this.
With our Internet you HAVE to connect to it with using their proxy, they will only give you unfliltered internert if you have a good filtering system. That way if we done that, we can control what to block/unblock, would prefere one system instead of two. Plus may be faster as its local.
With the last build of impero, 54 I think it was, its like it got very very restricted, even we have not changed the policies, even typing some thing simple like in google images it blocks it. Cant remember extually what the problems are.
Did try redeploying it, but thats made quite a few computers with Impero not installed. Hopefully the new build that as been released is better, problery gonna have to reload the computer with a new windows 7 image. It doesnt like being installed on a windows 7 image through, so I will have to make a startup script to start the impero install when the computer starts the first time after windows installed. Im guessing it doesnt like being installed on a windows 7 image because I think it as drivers, which windows removes during System Preperation before the computer restart to create the image.
Last edited by pritchardavid; 30th March 2011 at 10:05 PM.
30th March 2011, 10:12 PM #9
If I remember right .54 was beta build. Have you got the default policies turned off and your own created.. Defaults are very restrictive we recommend disabling those and creating your own.
30th March 2011, 10:13 PM #10
Originally Posted by spc-rocket
Thats a good price I would say
What would we have to get? We have got the forefront suite (Microsoft Forefront Protection Suite Features) & Forefront Unified Application Gateway
30th March 2011, 10:58 PM #11
Sorry .54 wasn't a beta build that was me being silly at 10:30 at night .
Originally Posted by russdev
Also I should say that there are plans to change the way that the default policies work.
31st March 2011, 08:40 AM #12
If anyone can give me some advice/help to correctly setup my routing tables for TMG so I do not keep getting spoofing messages I would greatly appreciate a PM I have read up about it but nothing I do seems to make any difference.
31st March 2011, 09:05 AM #13
Originally Posted by prritchardavid
The forefront protection suite will give you access to the URL filtering as well as the MS antivirus for various products such as exchange servers, sharepoint servers and normal desktops and servers. The unified application gateway is the SSL VPN offering from microsoft and should tie in nicely with TMG 2010. I think you will still need to buy the server copy (£150 ) for TMG 2010 the URL filtering will be covered by the forefront suite i believe.
31st March 2011, 09:06 AM #14
Originally Posted by Disease
Can you provide some info on your setup i.e. what your internal IP assigned to TMG and external or are you using it as a proxy server with one NIC?
Thanks to spc-rocket from:
Disease (31st March 2011)
31st March 2011, 09:56 AM #15
I have posted you a PM with the details
By jamesfed in forum Internet Related/Filtering/Firewall
Last Post: 20th June 2011, 01:55 PM
By wesleyw in forum Windows
Last Post: 14th October 2010, 07:17 AM
By teejay in forum Internet Related/Filtering/Firewall
Last Post: 26th January 2010, 02:34 PM
By GlennT in forum Wireless Networks
Last Post: 9th September 2008, 11:15 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)