+ Post New Thread
Results 1 to 8 of 8
Internet Related/Filtering/Firewall Thread, Using TMG 2010 for Firewall / VPN / Web Filtering in Technical; Hi, I'm currently looking at moving away from our LEA supplied Internet (currently paying a lot of money for a ...
  1. #1

    Join Date
    Aug 2009
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Lightbulb Using TMG 2010 for Firewall / VPN / Web Filtering

    Hi,

    I'm currently looking at moving away from our LEA supplied Internet (currently paying a lot of money for a 25Mb connection). I have found a connection of 100Mb fibre which will save us 6k pa. Looking at security options I was wondering if anyone else was already using TMG 2010 for everything, it has improved a lot with the introduction of Categories database (checking with Microsofts online database). We already have all of the licencing and subscription for TMG as have been using it to publish our websites. We used to have Websense from our LEA which is actually ISA 2006 with an annoying interface. If I can possibly do this and still save 6k per year it would be great as every saving counts at them moment! I have already setup an SSTP VPN using TMG and it works great, if using Windows it requires no extra software on the client.

    TMG 2010 can currently can give us:

    Firewall
    URL Filtering (Category based)
    Web Protection
    Malware Protection (on E-mail and download traffic)
    Anti SPAM
    Intrusion Prevention
    VPN
    Logging/Reporting

    Can anyone say they are using it successfully or give me reasons to pay extra for something we already appear to have?

    Many Thanks,

    Andy

  2. #2
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,145
    Thank Post
    127
    Thanked 326 Times in 275 Posts
    Rep Power
    81
    We use TMG for Firewall, Webfiltering and VPN and find it great.

    Are moving into logging/reporting over this summer holiday and in testing it is ok although maybe lacking in detailed reports that many other filtering solutions provide.

    Either way we saw it probably just as you are - a very VERY low cost solution to schools that ticks all the boxes, our staff are finding the VPN very stable and having the connection client built right into windows is a big help (no silly Java things to install or a website to visit).

    If you have any specific questions just post here or PM me

  3. #3
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,723
    Thank Post
    206
    Thanked 254 Times in 206 Posts
    Rep Power
    65
    URL Filtering is subscription based, that'll cost extra if you don't purchase it already. (if you do how much is it?)

  4. #4

    Join Date
    Aug 2009
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by jamesfed View Post
    We use TMG for Firewall, Webfiltering and VPN and find it great.

    Are moving into logging/reporting over this summer holiday and in testing it is ok although maybe lacking in detailed reports that many other filtering solutions provide.

    Either way we saw it probably just as you are - a very VERY low cost solution to schools that ticks all the boxes, our staff are finding the VPN very stable and having the connection client built right into windows is a big help (no silly Java things to install or a website to visit).

    If you have any specific questions just post here or PM me
    Hi,

    Thank you, that's very encouraging. Is the reporting is done using SQL Reporting Services? Are you logging to an SQL database?

    How many users do you have running through it and what spec server do you find you need to work with this? I am tempted to use UAG and TMG in combination as the DirectAccess VPN solution is interesting.

    Do you have a lot of concurrent VPN connections?

    Andy

  5. #5

    Join Date
    Aug 2009
    Posts
    4
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Yes certain parts are subscription based. I'm not sure about the URL Filtering lookup, but Malware updates and Anti SPAM are. We are fully subscribed as we have a Microsoft EES agreement which includes the Forefront AntiVirus suite and System Center Suite. The Forefront covers the subscription and Forefront for SharePoint and Exchange too.

  6. #6

    Join Date
    Jun 2007
    Location
    London
    Posts
    894
    Thank Post
    64
    Thanked 171 Times in 140 Posts
    Rep Power
    54
    I used ISA 2006 for a long time previously and thought TMG would be an easy step up but, TBH, it's been a bit of a long haul as it's vastly different & far more complex.

    I also like the idea of all that lovely packet inspection etc and tried it for a while, although you need to install the TMG Firewall Client on PCs for it to work. However, since I updated Sophos to v.10 I can't use the TMG Firewall Client at all and have had to remove it from every machine (& turn off inspection as it's no use to me). The rest of TMG works well though but be prepared for a bit of a steep learning curve.

  7. #7
    jamesfed's Avatar
    Join Date
    Sep 2009
    Location
    Reading
    Posts
    2,145
    Thank Post
    127
    Thanked 326 Times in 275 Posts
    Rep Power
    81
    Quote Originally Posted by waya01 View Post
    Hi,

    Thank you, that's very encouraging. Is the reporting is done using SQL Reporting Services? Are you logging to an SQL database?

    How many users do you have running through it and what spec server do you find you need to work with this? I am tempted to use UAG and TMG in combination as the DirectAccess VPN solution is interesting.

    Do you have a lot of concurrent VPN connections?

    Andy
    Yep SQL Reporting Services so if you are a dab hand at it you could make your own reports

    We are running it as a Hyper-V virtual machine, 4vProcs assigned and RAM ballons up to about 6GB on a busy day.

    At any given time there are about 250 users on the network using the internet/ect. Most VPN connections I have seen was 15 (during a teachers strike day of all days!) and it worked perfectly

    We have a UAG server as well but use it as our students portal.

    Have a look at the Direct Access features in Server 2012 - all without IPv6 requirements! Plan on looking deeper at this the moment it goes RTM.

  8. #8

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,132
    Thank Post
    100
    Thanked 217 Times in 176 Posts
    Blog Entries
    1
    Rep Power
    69
    A TMG caveat: by default the URL filter fails open. i.e in the event that MRS is uncontactable or the site is not categorised then traffic is allowed through.

    This can be changed - however there are a large number of URLs that are not categorised already and by forcing to fail closed you will have lots of people reporting blocked sites. I do not know how quickly MRS can categorise sites. NetSweeper has a similar issue, and they usually have an unknown url categorised within 30-60 seconds.

    We use TMG behind a safety net of a very liberally configured, RBC provided, Netsweeper.

    TechNet Magazine Using Microsoft Forefront TMG 2010 as a Secure Web Gateway

    Configuring Forefront Threat Management Gateway (TMG) URL Filtering to Fail Closed Richard Hicks' Forefront TMG Blog

    for reporting rather than rolling our own we use FastVue
    http://fastvue.co/
    Last edited by psydii; 27th July 2012 at 06:19 PM.

SHARE:
+ Post New Thread

Similar Threads

  1. SSL Certificate for TMG 2010 SSTP VPN
    By jamesfed in forum Enterprise Software
    Replies: 5
    Last Post: 7th September 2011, 12:03 PM
  2. Recommendations for Firewall / Web Filtering
    By Geek_of_HeathMount in forum Internet Related/Filtering/Firewall
    Replies: 20
    Last Post: 2nd May 2011, 03:02 PM
  3. Forefront TMG do I need additional web filtering?
    By kkkk1 in forum Internet Related/Filtering/Firewall
    Replies: 4
    Last Post: 14th February 2011, 09:14 AM
  4. Anyone using e107 for a school web site?
    By Ric_ in forum Web Development
    Replies: 1
    Last Post: 1st February 2007, 08:12 AM
  5. Which Web Filter for ISA 2004?
    By eejit in forum Windows
    Replies: 9
    Last Post: 16th June 2006, 10:37 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •