October 05, 2011

Installing TMG 2010 Part III – First Configuration

Today we are going to run the first configuration wizard. In Part II we have installed TMG 2010 successful and we launched Forefront TMG Management Console:

A wizard pops up to tell us the first step is to “Configure network settings” Notice on the bottom of the wizard a warning saying that if we need to migrate from ISA 2006 we first close this wizard and import the configuration in TMG. After we can run the getting started wizard.clip_image004
So let’s start!

Click on Configure network settings and hit next:
Choose the topology that corresponds with your network configuration. In this demo i use it as an edge firewall:
Hit next and specify your internal network adapter, specify additional network routes if applicable and choose next:
Specify here your External network adapter and click on next:
Here is an overview of what you have selected and choose finish to confirm these settings:
After the configuration it goes back to the getting started wizard and we are ready to configure system settings, click on “Configure system settings”:
Choose next:
And specify your settings. In most situations this configuration is done prior installing TMG, but here they also allow you to configure it and choose next:
An overview of your changes and confirm by finish
Now the last but not least we need to do is step 3 “Define deployment options”
Click it and choose next:
Specify how you want to use update service and choose next:
If you want to use NIS and Web protection, set here licensing and options for Malware and URL Filtering enable them here: (NIS will be in depth explained in another post.)
Specify NIS signature settings:
Do you want to participate in customer feedback? Specify that in following screens:
And finally check and confirm the settings that will apply:
Finished….We thought, but when we returned to the getting started wizard a new option arrived:
Run the Web Access Wizard will allow us to configure internet web access settings, so as part of initial setup let’s run it.
Choose next:
I selected to create for me rule blocking minimum URL categories. You can edit it later if you want to change your policy.
In the next screen it shows what categories are blocked and you can modify categories here:
In the following options you need to specify how malware inspection settings are defined. In my personal opinion what can be checked/inspect/Filtered by the edge firewall should be checked, but blocking zip/rar and other compressed/encrypted files can give me sometime a headache as users wont be able to download compressed files from webservers . So I leave that option open assuming that the clients are well protected once they open encrypted/compressed files. Again, you need to check this according to your needs, network topology and company policy.
In the next screen we need to specify how to handle HTTPS traffic. Here are also many scenarios possible. I will dedicate a other post for Web Access Policies and how to configure them.
I leave this in my demo not to inspect and allow all HTTPS:
In the next screen we are able to set the cache size for Web caching. I choose to enable cache configured to use 5GB of drive space. The size can be changed according to your needs.
And in the following screen we can review our selections and apply by selecting finish.
Well actually not really “apply” as we see now a popup in the top to “apply” the configuration:
I choose apply, let TMG restart my services:
I need to provide a reason for track log and then we can really, really apply:
And we’re done:
Now we are back in the TMG console to configure lots of other cool stuff:clip_image064
Well so far covering the initial configuration for a TMG server. I hope you it gave you enough information to start building your TMG and if you have any recommendations, questions, tips and tricks for discussing other topics in TMG contact me.

No comments:

Post a Comment

Search This Blog