Internet Related/Filtering/Firewall Thread, Using TMG 2010 for Firewall / VPN / Web Filtering in Technical; Hi,
I'm currently looking at moving away from our LEA supplied Internet (currently paying a lot of money for a ...
26th July 2012, 09:31 AM #1
26th July 2012, 09:34 AM #2
We use TMG for Firewall, Webfiltering and VPN and find it great.
Are moving into logging/reporting over this summer holiday and in testing it is ok although maybe lacking in detailed reports that many other filtering solutions provide.
Either way we saw it probably just as you are - a very VERY low cost solution to schools that ticks all the boxes, our staff are finding the VPN very stable and having the connection client built right into windows is a big help (no silly Java things to install or a website to visit).
If you have any specific questions just post here or PM me
26th July 2012, 09:35 AM #3
URL Filtering is subscription based, that'll cost extra if you don't purchase it already. (if you do how much is it?)
26th July 2012, 10:01 AM #4
- Rep Power
Originally Posted by jamesfed
Thank you, that's very encouraging. Is the reporting is done using SQL Reporting Services? Are you logging to an SQL database?
How many users do you have running through it and what spec server do you find you need to work with this? I am tempted to use UAG and TMG in combination as the DirectAccess VPN solution is interesting.
Do you have a lot of concurrent VPN connections?
26th July 2012, 10:04 AM #5
- Rep Power
Yes certain parts are subscription based. I'm not sure about the URL Filtering lookup, but Malware updates and Anti SPAM are. We are fully subscribed as we have a Microsoft EES agreement which includes the Forefront AntiVirus suite and System Center Suite. The Forefront covers the subscription and Forefront for SharePoint and Exchange too.
26th July 2012, 10:32 AM #6
I used ISA 2006 for a long time previously and thought TMG would be an easy step up but, TBH, it's been a bit of a long haul as it's vastly different & far more complex.
I also like the idea of all that lovely packet inspection etc and tried it for a while, although you need to install the TMG Firewall Client on PCs for it to work. However, since I updated Sophos to v.10 I can't use the TMG Firewall Client at all and have had to remove it from every machine (& turn off inspection as it's no use to me). The rest of TMG works well though but be prepared for a bit of a steep learning curve.
26th July 2012, 06:46 PM #7
27th July 2012, 06:18 PM #8
A TMG caveat: by default the URL filter fails open. i.e in the event that MRS is uncontactable or the site is not categorised then traffic is allowed through.
This can be changed - however there are a large number of URLs that are not categorised already and by forcing to fail closed you will have lots of people reporting blocked sites. I do not know how quickly MRS can categorise sites. NetSweeper has a similar issue, and they usually have an unknown url categorised within 30-60 seconds.
We use TMG behind a safety net of a very liberally configured, RBC provided, Netsweeper.
TechNet Magazine Using Microsoft Forefront TMG 2010 as a Secure Web Gateway
Configuring Forefront Threat Management Gateway (TMG) URL Filtering to Fail Closed « Richard Hicks' Forefront TMG Blog
for reporting rather than rolling our own we use FastVue
Last edited by psydii; 27th July 2012 at 06:19 PM.
By jamesfed in forum Enterprise Software
Last Post: 7th September 2011, 12:03 PM
By Geek_of_HeathMount in forum Internet Related/Filtering/Firewall
Last Post: 2nd May 2011, 03:02 PM
By kkkk1 in forum Internet Related/Filtering/Firewall
Last Post: 14th February 2011, 09:14 AM
By Ric_ in forum Web Development
Last Post: 1st February 2007, 08:12 AM
By eejit in forum Windows
Last Post: 16th June 2006, 10:37 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)