Questions tagged [microsoft-ftmg-2010]

Microsoft Forefront Threat Management Gateway 2010 is the current version of the product previously known as ISA Server. TMG 2010 adds subscription-based URL filtering and malware protection, the free-subscription-based Microsoft IPS Network Inspection System, and HTTPS inspection.

Microsoft Forefront Threat Management Gateway (TMG) 2010 is the last iteration of the product previously known as ISA Server, and as of 2016, has been discontinued from sale. The base product will be supported by Microsoft until 2020.

ISA Server 2006 was the last product to use the ISA Server name.

TMG 2010 added:

subscription-based URL filtering (discontinued Jan 2016)
subscription-based malware protection (discontinued Jan 2016)
(free) subscription-based Network Inspection System (NIS), a Microsoft-centric IPS (no longer updated)
outbound HTTPS inspection
Forefront Protection for Exchange integrated management from the TMG console (Exchange Edge and FPE required, sold separately)

Other notable changes:

The Enterprise Edition EMS (roughly analagous to the older CSS) can now manage standalone Standard Edition servers, which can make branch office deployments cheaper
SP1 adds click-through user overrides for URL filtering
SP1 adds a simple BranchCache setup interface
SP1 Software Update 1 adds support for SafeSearch filtering

74 questions

votes

8 answers

ActiveSync devices causing accounts to lockout

When a user changes his account password for whatever reason (read: expired), and the old password is stored in his mobile device connected through EAS. This will cause his account to lockout almost immediately - as it should according to the…

asked Mar 17 '12 at 06:43

Abdullah

votes

3 answers

Best way to authenticate users to the proxy in mobile devices

As example, in Forefront TMG I can have a wpad entry in the DNS and computers discover it and autoconfigure the web proxy. When the user tries to go to the Internet he is promptped for the crendentials. In iPhone or iPad it doesn't work. Which is…

networking proxy iphone microsoft-ftmg-2010

asked Aug 02 '12 at 01:05

Ricardo Polo Jaramillo

2,039
1
18
35

votes

1 answer

Threat Management Gateway 2010 is killing SQL Connections

My company has just started using TMG 2010 as our Firewall / Web Proxy on a Windows 2008 R2 server. Since moving, all connections to SQL Server are closed after around 30 seconds. For example: Run a query from SSMS which will run…

sql-server microsoft-ftmg-2010

asked Feb 18 '12 at 22:58

Dan Rowlands

votes

2 answers

IPSec tunnel on ASA keeps disconnecting

I have an ASA IPSec tunnel configured between an ASA5505 and Microsoft TMG 2010 SP2. The tunnel sometimes works for a few hours, and then disconnects, and other times it works for 5 minutes and then disconnects. When it disconnects, it sometimes…

cisco-asa ipsec microsoft-ftmg-2010

asked Dec 15 '13 at 23:24

Mark Henderson

68,316
31
175
255

votes

2 answers

Why bother reverse proxying applications if you aren't using mod_security or TMG/UAG?

Common wisdom is that internal applications that live inside of the trusted network, such as Exchange, should be reverse proxies whenever they are exposed to the Internet. Microsoft recommends using UAG/TMG for this as it has some built in security…

web-server reverse-proxy mod-security microsoft-ftmg-2010

asked Nov 19 '13 at 19:20

MDMarra

100,183
32
195
326

votes

1 answer

How to bypass Forefront TMG for downloading from Adobe Cloud

I hope that this question has not been asked as I've spent a couple of days googling around trying to find a solution. I have one computer that needs to download from Adobe Cloud to install applications like Photoshop etc... The issue I'm having is…

active-directory microsoft-ftmg-2010

asked Nov 19 '12 at 22:13

bernieslearnings

votes

1 answer

vSphere Site Recovery Manager cannot connect, gives Error 500

I am attempting to set up a vSphere Site Recovery Manager lab. I have two datacenters linked via a site-to-site VPN with Microsoft Threat Management Gateway 2010 SP1. I am attempting to add the two vSphere servers to each other, but I keep getting…

microsoft-ftmg-2010 vmware-srm

asked Sep 27 '12 at 05:47

Mark Henderson

68,316
31
175
255

votes

1 answer

redirect all youtube video requests to a specific one

I'm on an IT team in my company and I would like to block youtube to users. I don't want to just deny access to the whole youtube domain, but only to replace the .flv/.mp4 request with the one that I want. That way, if someone tries to watch youtube…

tcp microsoft-ftmg-2010 traffic-shaping

asked Apr 05 '12 at 15:37

iTayb

votes

2 answers

TMG 2010 does not proxy back to the same network as the request

I have an issue where websites that are hosted on a web server (www.example.com) are not accessible from their own network when accessed via its public IP address, but they are accessible from every other network. This is the network setup: I have…

microsoft-ftmg-2010

asked Sep 30 '11 at 06:16

Mark Henderson

68,316
31
175
255

votes

1 answer

Limiting bandwidth of workstations in MS Forefront TMG

We have configured Microsoft forefront TMG 2010 Enterprise as the cache server which provides internet access for all computers in our department. Is there any way to limit download speed per host/user by configuring forefront TMG? I have found a…

cache bandwidth-control microsoft-forefront microsoft-forefront-2010 microsoft-ftmg-2010

asked Jan 25 '11 at 18:02

Isaac

votes

2 answers

Use a dedicated subnet to connect all routers/firewalls?

I have a couple router/firewall boxes (pfSense, TMG 2010, ISA 2006) on my network that are stateful. Right now they all have an interface on the same subnet as most end user devices and servers. I will be making some changes and putting some servers…

routing subnet pfsense microsoft-ftmg-2010

asked Jul 08 '13 at 00:06

Oliver

votes

2 answers

How can I setup RD Gateway on the same server as TMG?

I have used the following guides with no luck: http://www.rayheffer.com/953/building-a-remote-desktop-gateway-rdg-rd-gateway-server/ http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-Publishing-RD-Web-Access-RD-Gateway-Part2.html We have MS…

gateway remote-desktop-services microsoft-ftmg-2010 tmg

asked Oct 09 '12 at 07:41

Name

votes

1 answer

Changing Forefront TMG VPN Certificate

I need to change my TMG server from an old VPN server certificate to a new one due to changing my internal CA structure. Where the heck do I do that? I don't see any certificate references in TMG nor in the RRAS MMC. The references I've found on…

vpn rras microsoft-ftmg-2010

asked Feb 13 '12 at 19:58

Tim Brigham

15,465
7
72
113

votes

3 answers

Allow Broadcast to 255.255.255.255 through TMG/VPN (for NetBios Resolution)

Is it possible to allow a VPN client to do NetBIOS broadcast name resolution through TMG? In the TMG Queries I can see the rule that is blocking ClientIP->255.255.255.255 I've tried adding 255.255.255.255 to the Internal IP Range. My VPN Client…

vpn netbios microsoft-ftmg-2010 microsoft-ftmg

asked Dec 07 '11 at 15:58

Alex Duggleby

votes

3 answers

How to send authentication credentials to a published web site without prepending the AD domain name?

ISA Server 2006 publishing a web site; ISA does forms-based authentication against an Active Directory domain (which ISA itself is joined to), then, if the user is authorized, ISA sends the user's credentials to the published web site using HTTP…

active-directory authentication reverse-proxy isa-server microsoft-ftmg-2010

asked Nov 29 '11 at 11:30

Massimo

68,714
56
196
319

2 3 4 5 Next