This product is part of Microsoft's strategy to be a key player in the security and protection space long term. As well as a name change, Microsoft have re-positioned the marketing of the product and are now referring to it as a 'Secure Web Gateway'. Apparently since the change in marketing began for ISA Server last year sales have increased dramatically. This doesn't mean it's any less capable as a firewall but it does highlight there areas that most interest businesses.
When compared to the product it supersedes, Forefront TMG 2010 is a big step forward and will be a welcome free upgrade to customers who have software assurance for their existing ISA Server 2006 licenses (I pity those of you who bought the product outright without SA!).
According to Microsoft's Forefront blog the key areas of note for this release are as follows:
- URL Filtering: URL Filtering allows controlling end-user access to Web sites, protecting the organization by denying access to known malicious sites and to sites displaying inappropriate or nonproductive materials, based on URL categories. TMG features over 80 URL categories including security-oriented categories, productivity-oriented and liability-oriented categories. Forefront TMG uses Microsoft Reputation Services (MRS), a cloud-based categorization system hosted in Microsoft data center. To ensure the best bandwidth utilization and low latency, Forefront TMG has implemented a local URL cache. There is a lot more on URL Filtering available in an earlier URL Filtering post.
- Anti Malware: Stopping malware on the edge significantly decreases the possibility that a virus will hit a computer with anti-virus signatures that are not up-to-date or a test computer without an anti-virus to protect it. TMG has integrated the Microsoft Anti Malware engine to provide world class scanning and blocking capability on the edge.
- Network Inspection System (NIS): NIS is a generic application protocol decode-based traffic inspection system that uses signatures of known vulnerabilities, to detect and potentially block attacks on network resources. NIS provides comprehensive protection for Microsoft network vulnerabilities, researched and developed by the Microsoft Malware Protection Center - NIS Response Team, as well as an operational signature distribution channel which enables dynamic signature snapshot distribution. NIS closes the vulnerability window between vulnerability disclosures and patch deployment from weeks to few hours.
- In addition, we have introduced HTTPS scanning to enable inspection of encrypted sessions, eased the deployment and management with a set of easy to use wizards and significantly improved logging and reporting to provide full visibility into how your organization is accessing the web and whether it's compliant with your organization's policy.
- VPN, Firewall, Email Protection and Infrastructure.
We have also made significant investments to ensure that we keep delivering top notch VPN and Firewall functionality. We made quality improvements in Web Caching and made sure it works well with the new Windows 7 BranchCache feature. We have added several new features, among them: Email Protection, ISP redundancy, NAP integration with VPN role, SSTP, VoIP traversal (SIP support), Enhanced NAT, SQL logging and Updated TMG Client (previously known as the Firewall Client). In addition TMG was built as a native 64bit product that supports Windows Server 2008 R2, and Windows Server 2008 SP2, allowing better scalability and increased reliability.
Other related posts:
Live Event–Tue 10 March: NZ Tech Podcast with Dai Henwood, Michelle Dickinson (Nanogirl), Paul Spain
Sneak Peek: HP Envy X2
Want to start a career in IT Support?
Comment by tonyhughes, on 25-Nov-2009 13:39
Did "ISA" need to be replaced with 16 syllables.
Add a comment
Please note: comments that are inappropriate or promotional in nature will be deleted.
E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.