Pages

October 05, 2011

Installing TMG 2010 Part III – First Configuration

Today we are going to run the first configuration wizard. In Part II we have installed TMG 2010 successful and we launched Forefront TMG Management Console:
clip_image002

A wizard pops up to tell us the first step is to “Configure network settings” Notice on the bottom of the wizard a warning saying that if we need to migrate from ISA 2006 we first close this wizard and import the configuration in TMG. After we can run the getting started wizard.clip_image004
So let’s start!

Click on Configure network settings and hit next:
clip_image006
Choose the topology that corresponds with your network configuration. In this demo i use it as an edge firewall:
clip_image008
Hit next and specify your internal network adapter, specify additional network routes if applicable and choose next:
clip_image010
Specify here your External network adapter and click on next:
clip_image012
Here is an overview of what you have selected and choose finish to confirm these settings:
clip_image014
After the configuration it goes back to the getting started wizard and we are ready to configure system settings, click on “Configure system settings”:
clip_image016
Choose next:
clip_image018
And specify your settings. In most situations this configuration is done prior installing TMG, but here they also allow you to configure it and choose next:
clip_image020
An overview of your changes and confirm by finish
clip_image022
Now the last but not least we need to do is step 3 “Define deployment options”
clip_image024
Click it and choose next:
clip_image026
Specify how you want to use update service and choose next:
clip_image028
If you want to use NIS and Web protection, set here licensing and options for Malware and URL Filtering enable them here: (NIS will be in depth explained in another post.)
clip_image030
Specify NIS signature settings:
clip_image032
Do you want to participate in customer feedback? Specify that in following screens:
clip_image034
clip_image036
And finally check and confirm the settings that will apply:
clip_image038
Finished….We thought, but when we returned to the getting started wizard a new option arrived:
clip_image040
Run the Web Access Wizard will allow us to configure internet web access settings, so as part of initial setup let’s run it.
Choose next:
clip_image042
I selected to create for me rule blocking minimum URL categories. You can edit it later if you want to change your policy.
clip_image044
In the next screen it shows what categories are blocked and you can modify categories here:
clip_image046
In the following options you need to specify how malware inspection settings are defined. In my personal opinion what can be checked/inspect/Filtered by the edge firewall should be checked, but blocking zip/rar and other compressed/encrypted files can give me sometime a headache as users wont be able to download compressed files from webservers . So I leave that option open assuming that the clients are well protected once they open encrypted/compressed files. Again, you need to check this according to your needs, network topology and company policy.
clip_image048
In the next screen we need to specify how to handle HTTPS traffic. Here are also many scenarios possible. I will dedicate a other post for Web Access Policies and how to configure them.
I leave this in my demo not to inspect and allow all HTTPS:
clip_image050
In the next screen we are able to set the cache size for Web caching. I choose to enable cache configured to use 5GB of drive space. The size can be changed according to your needs.
clip_image052
And in the following screen we can review our selections and apply by selecting finish.
clip_image054
Well actually not really “apply” as we see now a popup in the top to “apply” the configuration:
clip_image056
I choose apply, let TMG restart my services:
clip_image058
I need to provide a reason for track log and then we can really, really apply:
clip_image060
And we’re done:
clip_image062
Now we are back in the TMG console to configure lots of other cool stuff:clip_image064
Well so far covering the initial configuration for a TMG server. I hope you it gave you enough information to start building your TMG and if you have any recommendations, questions, tips and tricks for discussing other topics in TMG contact me.

No comments:

Post a Comment

Search This Blog

Loading...