Errata for Microsoft® Forefront™ Threat Management Gateway (TMG) Administrator's Companion
The errata list is a list of errors and their corrections that were found after the product was released. If the error was corrected in a later version or reprint the date of the correction will be displayed in the column titled "Date Corrected".
The following errata were submitted by our customers and approved as valid errors by the author or editor.
Color key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update
| Version |
Location |
Description |
Submitted By |
Date submitted |
Date corrected |
|
CH 12
ICMP Example |
?If TMG locates a rule that denies this traffic, TMG will drop it??
Even if the traffic is in response to internal traffic that was allowed by an internal-to-external rule? I?m unable to re-produce this. What kind of rules would be in place? I could not re-produce with access rules below. In this setup I could successfully ping from internal to an external host and receive replies
1. Deny all ICMP external to internal
2. Allow all traffic internal to external
Note from the Author or Editor:
Correct, that statement is in error. You can ignore the statement ?If TMG locates a rule that denies this traffic, TMG will drop it?. |
Steve Ware |
Mar 31, 2010 |
|
|
CH 12
12.1.3 Web Proxy Example |
Comment on #9 ?and special handling in the **context** of the TMG web cache? ?
Note from the Author or Editor:
The note on page 247 should read:
Note Web filters are ordered so as to preserve proper encoding, compression, and special handling in the context of the TMG Web cache. |
Steve Ware |
Mar 31, 2010 |
|
| Printed |
Page xxii
chapter 22, left pages from 633 to 664 |
I have found this book left some pages in chapter 22, left pages from 633 to 664. Also has repeated pages from 573 to 600. I kindly request a replacement of the book.
Note from the Author or Editor:
Bad printing |
Anonymous |
Apr 07, 2011 |
|
|
12.2.1
3rd paragraph |
"If the new policy is more restrictive, that might result in termination of the connection, even if the new policy does not allow it" ?? This doesn't make sense to me. Perhaps the "even" should be removed?
Note from the Author or Editor:
Correct; the sentence should read "If the new policy is more restrictive, that might result in termination of the connection if the new policy does not allow it" |
Steve Ware |
Mar 31, 2010 |
|
| PDF, Other Digital Version |
Page 232
step 3 |
In step 3 there is no mention of the Networks tab. If the console was previoulsy change to a different tab then the internal tab is not appearent.
It would make it easier for people un familiar with the interface if the section was rewritten like this:
1. On the TMG computer, open the Forefront TMG Management Console.
2. Click Forefront TMG (Server Name) in the left pane.
3. Click the Networking node in the left pane of the console and then make sure the console displays the networks tab and click the Internal
tab in the middle pane.
4. Click Edit Selected Network in the right pane and you should see a dialog box similar
to the one shown in Figure 11-30.
or something similar
Note from the Author or Editor:
Thank you for your comments.
You are correct that similar phrasing would make the context clearer to the reader. |
Francois Fournier |
Aug 03, 2011 |
|
| PDF |
Page 244
Step 8 & 9 |
Steps 8 and 9 should read:
8. TMG then repeats the rule association process, as discussed in Step 3. If TMG locates a rule that denies this traffic, TMG will drop it and log the rule that triggered this action.
9. If no deny action is found, TMG then examines the destination-IP address of the Incoming ICMP packet. If it is owned by TMG in that network, it scans the existing connection objects to determine whether this traffic is expected. TMG will locate the connection object created in Step 4.
|
Jim Harrison
|
Apr 11, 2010 |
|
| Printed |
Page 293
Table 13-3 |
A note (*) should be added below the table 13-3 as:
Note: the limitations for using any load-balancing for TMG Client traffic are:
- Using DNS-RR for the TMGC auto-discovery, RWS and WSP traffic is ok because the TMG Client manages the connections between itself and TMG.
- Using a LB-owned VIP for TMGC auto-discovery is ok IF the response directs the TMGC to a DIP or DNS-RR-defined name that points to the array member?s DIPs
- Using a LB-owned VIP for TMGC RWS and WSP traffic is a failure state waiting to happen because the client cannot manage the connections between itself and TMG
|
Yuri Diogenes
|
Mar 19, 2010 |
|