Microsoft® Forefront® Threat Management Gateway (TMG) Administrator’s Companion

Microsoft® Forefront® Threat Management Gateway (TMG) Administrator’s Companion

by Jim Harrison Yuri Diogenes and Mohit Saxena
Released February 2010
Publisher(s): Microsoft Press
ISBN: 9780735640535

Explore a preview version of Microsoft® Forefront® Threat Management Gateway (TMG) Administrator’s Companion right now.

O’Reilly members get unlimited access to live online training experiences, plus books, videos, and digital content from 200+ publishers.

Start your free trial

Book Description

Get your Web security, network perimeter security, and application layer security gateway up and running smoothly. This indispensible, single-volume reference details the features and capabilities of Microsoft Forefront Threat Management Gateway (TMG). You'll gain the real-world insights, implementation and configuration best practices, and management practices you need for on-the-job results. Discover how to:

  • Implement TMG

  • integrated security features

  • Analyze your Web and perimeter security requirements and infrastructure

  • Plan, install, and configure TMG

  • Implement network intrusion prevention, proxy, caching, filtering

  • Configure security for the Web, Microsoft Exchange Server, and SharePoint Products and Technologies

  • Implement remote access and site-to-site VPNs

  • Select and configure clients

  • Monitor and troubleshoot protected systems with Network Monitor 3 and other tools

  • Use scripting to configure systems and automate administration

  • Plus, get a fully searchable eBook on the companion CD

    • For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.

    Table of Contents

    1. Microsoft® Forefront® Threat Management Gateway (TMG) Administrator's Companion
    2. A Note Regarding Supplemental Files
    3. Foreword
    4. Acknowledgments
      1. From "The Collective"
      2. From Jim
      3. From Yuri
      4. From Mohit
    5. Introduction
      1. The Target Audience
      2. Organization and Usage
        1. Part 1 A New Era for the Microsoft Firewall
          1. Chapter 1 What's New in TMG
          2. Chapter 2 What Are the Differences Between TMG and UAG?
        2. Part 2 Planning for TMG
          1. Chapter 3 System Requirements
          2. Chapter 4 Analyzing Network Requirements
          3. Chapter 5 Choosing the Right Network Topology
          4. Chapter 6 Migrating to TMG
          5. Chapter 7 Choosing a TMG Client Type
        3. Part 3 Implementing a TMG Deployment
          1. Chapter 8 Installing TMG
          2. Chapter 9 Troubleshooting TMG Setup
          3. Chapter 10 Exploring the TMG Console
        4. Part 4 TMG as Your Firewall
          1. Chapter 11 Configuring TMG Networks
          2. Chapter 12 Understanding Access Rules
          3. Chapter 13 Configuring Load-Balancing Capabilities
          4. Chapter 14 Network Inspection System
        5. Part 5 TMG as Your Caching Proxy
          1. Chapter 15 Web Proxy Auto Discovery for TMG
          2. Chapter 16 Caching Concepts and Configuration
        6. Part 6 TMG Client Protection
          1. Chapter 17 Malware Inspection
          2. Chapter 18 URL Filtering
          3. Chapter 19 Enhancing E-mail Protection
          4. Chapter 20 HTTP and HTTPS Inspection
        7. Part 7 TMG Publishing Scenarios
          1. Chapter 21 Understanding Publishing Concepts
          2. Chapter 22 Publishing Servers
          3. Chapter 23 Publishing Microsoft Office SharePoint Server
          4. Chapter 24 Publishing Exchange Server
        8. Part 8 Remote Access
          1. Chapter 25 Understanding Remote Access
          2. Chapter 26 Implementing Dial-in Client VPN
          3. Chapter 27 Implementing Site-to-Site VPN
        9. Part 9 Logging and Reporting
          1. Chapter 28 Logging
          2. Chapter 29 Enhanced NAT
          3. Chapter 30 Scripting TMG
        10. Part 10 Troubleshooting
          1. Chapter 31 Mastering the Art of Troubleshooting
          2. Chapter 32 Exploring the HTTP Protocol
          3. Chapter 33 Using Network Monitor 3 for Troubleshooting TMG
        11. Appendices
          1. Appendix A From Proxy to TMG
          2. Appendix B TMG Performance Counters
          3. Appendix C Windows Internet Libraries
          4. Appendix D WPAD Script CARP Operation
      3. Terminology
      4. Companion CD
      5. System Requirements
      6. Feedback and Support for This Book
        1. We Want to Hear from You
    6. I. A New Era for the Microsoft Firewall
      1. 1. What's New in TMG
        1. Introducing TMG
          1. New Feature Comparisons
          2. Management Console
          3. Deployment
            1. TMG Medium Business Edition
            2. TMG 2010
          4. Traffic Filtering
            1. Windows Filtering Platform (WFP) Integration
            2. Network Driver Interface Specification Miniport
        2. Beyond the Firewall
          1. Integration: The Security Challenge
          2. Types of Firewalls
          3. Where TMG Fits In
        3. What's New?
          1. Windows Server 2008, Windows Server 2008 R2, and Native 64-Bit Support
          2. Web Antivirus and Anti-Malware Support
          3. Enhanced User Interface, Management, and Reporting
          4. URL Filtering
          5. HTTPS Inspection
          6. E-Mail Anti-Malware and Anti-Spam Support
          7. Network Intrusion Prevention
          8. The Session Initiation Protocol (SIP) Filter
          9. TFTP Filter
          10. Network Functionality Enhancements
            1. NAT Address Selection
            2. ISP Sharing/Failover
          11. Feature Comparison Summary
        4. Summary
      2. 2. What Are the Differences Between TMG and UAG?
        1. Enabling Anywhere Access
        2. Understanding IAG 2007
        3. IAG 2007 Integration with ISA Server 2006
        4. Forefront UAG: The Next Generation of IAG 2007
        5. What's New in UAG?
        6. Aligning UAG with Security Needs
        7. Designing Network Protection
          1. When Do You Deploy UAG?
          2. When Do You Deploy TMG?
          3. Network Designs for TMG and UAG
            1. Edge Firewall
            2. 3-leg Perimeter
            3. Back Firewall
            4. Single-NIC
        8. Summary
    7. II. Planning for TMG
      1. 3. System Requirements
        1. Hardware Requirements
        2. Software Requirements
        3. General Recommendations
          1. Network Infrastructure
            1. Name Resolution
            2. Authentication
            3. Traffic Control Devices
          2. Performance Monitoring
            1. Disk Performance
            2. Network Performance
          3. Behavioral Monitoring
        4. Deploying in Virtual Environments
        5. Summary
      2. 4. Analyzing Network Requirements
        1. Determining Your Traffic Profile
          1. Network Mapping
          2. Application Mapping
          3. Protocol Mapping
        2. TMG Deployment Options
          1. Edge Firewall
          2. Back Firewall
          3. Single Network Adapter
          4. Domain Isolation
        3. Addressing Complex Networks
        4. Configuring TMG Networks
        5. Understanding How Name Resolution Impacts TMG
          1. Reviewing How Windows Resolves Names
          2. Recommendations for DNS Configuration on TMG
            1. Edge or Perimeter in a Workgroup
            2. Edge or Perimeter in a Domain
            3. Single NIC Scenario (Workgroup or Domain)
          3. Side Effects of DNS Issues
          4. DNS Cache in TMG
        6. Summary
      3. 5. Choosing the Right Network Topology
        1. Choosing the Network Template
          1. Edge Firewall Network Template
          2. 3-Leg Perimeter Network Template
          3. Back Firewall Network Template
          4. Single NIC Network Template
        2. Examining High Availability
          1. Designing High Availability for Publishing Rules
            1. Web Publishing
            2. Server (non-Web) Publishing
            3. ISP Redundancy
            4. High Availability from TMG to Published Web Servers
          2. Designing High Availability for Access Rules
            1. External Network
            2. Protected Networks
            3. ISP Failover
        3. Joining the Firewall to a Domain or Workgroup
        4. Summary
      4. 6. Migrating to TMG
        1. General Considerations
          1. Go No Further Until You Understand This!
          2. Base Software
          3. Service Level
          4. If It Breaks
          5. Practice, Practice, Practice!
        2. Scenarios
          1. Publishing
            1. Listeners
            2. Certificates
            3. Network Structure
          2. Dial-In VPN
            1. Network Access Protection (NAP) vs. Quarantine Scripts
            2. IP Assignments
            3. Network Structure
            4. Name Services
          3. Site-to-Site (S2S) VPN
            1. Network Structure
            2. IP Assignments
            3. Name Services
          4. Proxy
            1. Network Structure
            2. WPAD
            3. Certificates
            4. TMG Client (TMGC)
          5. Common Points
            1. Domain Membership vs. Workgroup
            2. Coordination
            3. Performance and Scale
            4. Name Resolution
            5. Load-Balancing (LB)
              1. Hardware LB
              2. Windows Network Load Balancing (NLB)
              3. DNS Round-Robin (RR)
        3. Example Checklists
        4. Example Migration from ISA 2006 SE to TMG 2010 EE Forward Proxy Scenario
        5. Summary
      5. 7. Choosing a TMG Client Type
        1. Web Proxy Client
          1. How the Web Proxy Client Works
          2. Server-Side Configuration
          3. When to Use the Web Proxy Client
        2. SecureNET Client
          1. How the SecureNET Client Works
          2. Name Resolution for SecureNET Clients
          3. SecureNET Client Advantages
          4. SecureNET Client Disadvantages
        3. Forefront TMG Client
          1. Winsock: A Primer
          2. Winsock Service Providers
          3. The TMGC as a Layered Service Provider
          4. TMGC Configuration Data
          5. Example Winsock Usage without TMGC
          6. Winsock Usage with the TMGC
          7. Web Proxy Client with TMGC
          8. TMG Client Authentication
        4. Choosing the Right Client for Your Environment
          1. Ease of Deployment
          2. Support for Heterogeneous Operating Systems
          3. Protocol Support
          4. Authentication Requirements and User-or Group-Based Access Control
          5. Security
        5. Summary
    8. III. Implementing a TMG Deployment
      1. 8. Installing TMG
        1. Final Considerations Before Installing TMG
          1. Additional Recommendations
        2. Installing TMG MBE
          1. Manual Installation
        3. Installing TMG 2010
          1. Manual Installation
          2. Unattended Installation
        4. Summary
      2. 9. Troubleshooting TMG Setup
        1. Understanding Setup Architecture
          1. Setup Goals
          2. Setup Architecture
          3. Setup Process
        2. Setup Options
          1. Applying Security Updates and Service Packs
          2. Installing TMG with Updates
        3. What to Look for When Setup Fails
          1. Understanding the Setup Log Files
          2. Reading Log Files
          3. Setup Failed—Now What?
        4. Summary
      3. 10. Exploring the TMG Console
        1. TMG Medium Business Edition
          1. Monitoring
          2. Update Center
          3. Firewall Policy
          4. Web Access Policy
          5. Networking
          6. System
        2. Updates for TMG 2010
          1. Monitoring
          2. Firewall Policy
          3. Web Access Policy
          4. E-Mail Policy
          5. Intrusion Prevention System
          6. Networking
          7. Logs and Reports
          8. Update Center
        3. New Wizards
          1. The Getting Started Wizard
          2. The Network Setup Wizard
          3. The System Configuration Wizard
          4. The Deployment Wizard
          5. The Web Access Policy Wizard
          6. The Join Array and Disjoin Array Wizards (TMG 2010 only)
          7. The Connect to Forefront Protection Manager 2010 Wizard (TMG 2010 only)
          8. The Configure SIP Wizard (TMG 2010 only)
          9. The Configure E-Mail Policy Wizard (TMG 2010 only)
          10. The Enable ISP Redundancy Wizard (TMG 2010 only)
        4. Summary
    9. IV. TMG as Your Firewall
      1. 11. Configuring TMG Networks
        1. Understanding Network Relationships
          1. Basic IP Routing
          2. Route Relationships
          3. NAT Relationships
          4. NAT Address Selection
          5. Network Rules
        2. Creating Networks
          1. Built-In Networks
          2. Creating a New Network
          3. Creating a Network Rule
        3. Configuring Your Protected Networks
          1. Authenticating Traffic from Protected Networks
            1. Digest
            2. WDigest
            3. Integrated Authentication
            4. Basic
            5. SSL Certificate
            6. RADIUS
            7. Require All Users To Authenticate
        4. Summary
      2. 12. Understanding Access Rules
        1. Traffic Policy Behavior
          1. Policy Engine Rule Basics
          2. Ping Access Rule Example
          3. CERN Proxy HTTP Example
        2. Understanding Policy Re-Evaluation
          1. Policy Enforcement
          2. Exemptions in Policy Enforcement
          3. Policy Enforcement in Certain Scenarios
            1. Forcing Authentication
            2. Changing Authentication Type
            3. Changing Allowed Content Type
        3. Troubleshooting Access Rules
          1. Basic Internet Access
          2. Authentication
          3. Name Resolution
          4. Using the Traffic Simulator
        4. Summary
      3. 13. Configuring Load-Balancing Capabilities
        1. Multiple Paths to the Internet
          1. What Is ISP Redundancy?
          2. How ISP Redundancy Works
          3. Link Availability Testing
        2. Implementing ISP Redundancy
          1. Planning for ISP-R
          2. ISP-R Constraints
          3. Enabling ISP-R
          4. Failover Mode
          5. Load-Balancing Mode
        3. Understanding and Implementing NLB
          1. NLB Architecture
            1. Network Considerations When Using NLB
          2. Considerations When Enabling NLB on TMG
            1. DNS Configuration
            2. Client Consideration
          3. Configuring NLB on TMG
          4. Post-Installation Best Practices
          5. Considerations When Using TMG NLB in Virtual Environments
          6. Troubleshooting NLB on TMG
            1. Using the TMG Management Console
            2. Using wlbs.exe
              1. WLBS Query
              2. WLBS IP2MAC
              3. WLBS Display
        4. Summary
      4. 14. Network Inspection System
        1. Understanding Network Inspection System
        2. Implementing Network Inspection System
          1. Configuring NIS
          2. Customizing Individual Signatures
            1. Additional Options
          3. Monitoring NIS
          4. NIS Update
          5. IPS Compared to IDS
        3. Implementing Intrusion Detection
          1. Configuring Intrusion Detection
          2. Configuring DNS Attack Detection
          3. Configuring IP Preferences
          4. Configuring Flood Mitigation
            1. IP Exceptions and Custom Limits
            2. Session Initiation Protocol (SIP) Quotas
          5. TMG Preconfigured Attack Protection
            1. Spoof Detection
            2. Broadcast Protection
            3. TCP Syn Attack Protection
            4. TCP Sequence Protection
            5. Logging and Alerts
        4. Summary
    10. V. TMG as Your Caching Proxy
      1. 15. Web Proxy Auto Discovery for TMG
        1. WPAD as Protocol and Script
          1. WPAD Protocol
            1. Dynamic Host Configuration Protocol (DHCP)
            2. Domain Name Service (DNS)
          2. WPAD Script
            1. Script Initialization
            2. The Major Functions
        2. Configuring Automatic Discovery in the Network
          1. Preparing for Automatic Discovery
            1. Configuring TMG
            2. Configuring DHCP
            3. Configuring DNS
            4. Securing DNS on Windows Server 2008
        3. Configuring Client Applications
          1. Configuring Internet Explorer for Automatic Discovery
            1. Automatically Detect Settings
            2. Automatic Configuration Script
            3. Using Group Policy to Configure Automatic Discovery Settings in Internet Explorer
          2. Automatic Proxy Cache
          3. Troubleshooting Issues with Auto Discovery and IE
          4. Configuring TMG Client for Automatic Discovery
          5. Configuring Windows Media Player
          6. Using AutoProxy in Managed Code
        4. Summary
      2. 16. Caching Concepts and Configuration
        1. Understanding Proxy Cache
          1. How Caching Works
          2. Cache Storage
          3. Caching Scenarios
            1. Forward Caching
            2. Reverse Caching
          4. Cache Rules
          5. Caching Web Objects
          6. Caching Compressed Content
          7. Monitoring Cache
            1. General Recommendations
          8. Cache Array Routing Protocol (CARP)
          9. How CARP Works
            1. Client-Side CARP
            2. Server-Side CARP
        2. Configuring the Forefront TMG 2010 Cache
          1. Enable Web Caching
          2. Add a Cache Rule
          3. Add a Content Download Job
          4. CARP Configuration
          5. Configuring the Intra-Array Address
          6. Configuring the CARP Load Factor
        3. Troubleshooting Cache
          1. Analyzing Cache Behavior
          2. Using CacheDir
          3. Using FetchURL
          4. Rebuilding the Cache
        4. Summary
    11. VI. TMG Client Protection
      1. 17. Malware Inspection
        1. Understanding Malware Inspection in TMG
        2. Configuring Malware Inspection
          1. Configuring Malware Inspection for Your Environment
            1. Inspection Settings
            2. Content Delivery
            3. Storage
            4. Update Configuration
            5. License
          2. Defining Per-Rule Malware Inspection
          3. Testing Internet Access with Malware Inspection
        3. Creating Reports with Malware Statistics
          1. Configuring a One-Time Report
          2. Configuring a Recurring Report
          3. Generating and Viewing Malware Inspection Reports
          4. Customizing Malware Inspection Content in Reports
        4. Summary
      2. 18. URL Filtering
        1. How URL Filtering Works
          1. Components Involved in URL Filtering
        2. Configuring URL Filtering
          1. Global URL Filtering Configuration
          2. Rule-Based URL Filtering Configuration
          3. Testing URL Filtering
          4. URL Category Overrides
        3. Update Center
          1. How Update Center Works
          2. Configuring Update Center
        4. Summary
      3. 19. Enhancing E-Mail Protection
        1. Understanding E-Mail Threats
          1. E-Mail Attack Methods
            1. E-Mail Attachments with Malicious Code
            2. Malformed MIME Headers
            3. Embedded Scripts and ActiveX Content
            4. Spam and Phishing
        2. How SMTP Protection Works in TMG
        3. Configuring SMTP Protection on TMG
          1. Running the E-Mail Protection Wizard
          2. Configuring Spam Filtering
            1. IP Allow List
            2. IP Allow List Providers
            3. IP Block List
            4. IP Block List Provider
            5. Content Filtering
            6. Spam Confidence Level
            7. Recipient Filtering
            8. Sender Filtering
            9. Sender ID
            10. Sender Reputation
          3. Configuring Virus and Content Filtering
            1. File Filtering
            2. Virus Filtering
            3. Message Body Filtering
        4. Summary
      4. 20. HTTP and HTTPS Inspection
        1. The Web Proxy Application Filter
          1. Troubleshooting Web Proxy Traffic in TMG
          2. HTTP Filter
        2. Configuring HTTPS Inspection
          1. Configuring HTTPS Inspection
          2. Common HTTPS Inspection Errors
        3. Configuring the HTTP Filter
          1. General Options
          2. HTTP Methods
          3. Extensions
          4. Headers
            1. Validating Inbound Access
          5. Signatures
            1. Blocking MSN Messenger
            2. Validating Outbound Traffic
            3. Blocking the Conficker Worm
        4. Summary
    12. VII. TMG Publishing Scenarios
      1. 21. Understanding Publishing Concepts
        1. Core Publishing Scenarios
          1. Server Publishing
          2. Server Publishing and Network Relationships
          3. Server Publishing vs. Access Rules
          4. Web Publishing
        2. Publishing Rule Elements
          1. Elements in a Web Publishing Rule
            1. Web Listener
            2. HTTP Policy
            3. Schedules
            4. Link Translation
            5. Bridging
            6. Pre-Authentication
            7. Authentication Delegation
            8. Web Server Farm
          2. Elements in a Server Publishing Rule
            1. Network Listener
            2. Protocol
            3. Application Filters
            4. Ports
        3. Planning Publishing Rules
          1. Evaluating System Capacity
          2. Protocol Considerations
          3. Certificate Considerations
          4. Load Balancing
        4. Summary
      2. 22. Publishing Servers
        1. How to Publish a Web Server
          1. Publishing a Web Server Using HTTP Protocol
            1. Reviewing the Web Server Publishing Rule
          2. Publishing a Web Server Using HTTPS
            1. Installing Certificates on TMG
            2. Creating an HTTPS Web Listener
            3. Creating a Secure Web Publishing Rule
        2. Publishing a Non-Web Server
          1. Creating a Non-Web Server Publishing Rule
        3. Troubleshooting Publishing Rules
          1. Web Publishing Rules
            1. Contextually Inappropriate Request
            2. Host Mismatch
            3. Path Mismatch
            4. Authentication Failure
            5. Authentication Delegation Failure
            6. Web Listener Certificate Errors
            7. Client Certificate Errors
            8. Published Server Certificate Errors
          2. Web Publishing Test Button
          3. Non-Web Publishing Rules
        4. Summary
      3. 23. Publishing Microsoft Office SharePoint Server
        1. Planning to Publish SharePoint
          1. Security Considerations
            1. Access Based on Source Networks
            2. Access for Encrypted or Unencrypted Traffic
            3. Allowing Caching
            4. Allowing Access Based on Time
            5. Allowing Access Based on User Groups
          2. Authentication
          3. Alternate Access Mapping
        2. Configuring SharePoint Publishing
          1. Common Starting Point
            1. Single-Server
            2. Multi-Server
            3. Server Farm
        3. Troubleshooting
          1. Review Your Publishing Rule First
            1. Useful Tools
        4. Summary
      4. 24. Publishing Exchange Server
        1. Planning
          1. Understanding Exchange Server Roles
          2. Planning Client Access
          3. Certificates
          4. Authentication
          5. Using the Wizards
          6. Capacity Planning
            1. Type of Traffic
            2. Type of Client
            3. Total Number of Users
            4. Total Number of Concurrent Users
            5. Type of Authentication
          7. Specific Client Considerations
        2. Configuring Exchange Client Access through Forefront TMG
          1. Configuring the OWA Publishing Rule
            1. Configuring the OWA Publishing Rule
            2. Configuring an Outlook Anywhere Publishing Rule
            3. Configuring an ActiveSync Publishing Rule
        3. Troubleshooting
          1. General Troubleshooting Rules
          2. Exchange ActiveSync (EAS) and Office Mobile Access (OMA)
            1. Paths
            2. Authentication
            3. Certificates
          3. Outlook Web Access (OWA)
            1. Paths
            2. Authentication
            3. Certificates
          4. Exchange Web Services (EWS)
            1. Paths
            2. Authentication
            3. Certificates
          5. Outlook Anywhere (OA)
            1. Paths
            2. Authentication
            3. Certificates
          6. Using the Test Rule Button
        4. Summary
    13. VIII. Remote Access
      1. 25. Understanding Remote Access
        1. Understanding VPN Concepts
          1. Tunnel Types
          2. Protocols
            1. Point-to-Point Tunneling Protocol (PPTP)
            2. Layer-Two Tunneling Protocol Over IPsec (L2TP/IPsec)
            3. Secure Socket Tunneling Protocol (SSTP)
            4. Address Assignment
          3. Authentication
          4. VPN Technology Comparison
        2. Planning VPN Access
          1. Selecting the VPN Protocol
            1. Client Operating System Support
            2. Security
            3. Performance
          2. Hardware Requirements
          3. Authentication
          4. VPN Access Policy
          5. Supportability
            1. VPN Supportability Boundaries within Forefront TMG
        3. NAP Integration
          1. Considerations When Planning NAP Integration
        4. Summary
      2. 26. Implementing Dial-in Client VPN
        1. Configuring VPN Client Access
          1. Configuring a VPN Client
        2. Configure VPN Client Access with NAP Integration
          1. Configuring Forefront TMG for NAP Integration
          2. Configuring NPS to Use Forefront TMG as a RADIUS Client
        3. Configuring VPN Client Access Using SSTP
          1. Planning SSTP
          2. Enabling SSTP on Forefront TMG
          3. Changing Client Configuration
        4. Summary
      3. 27. Implementing Site-to-Site VPN
        1. Configuring L2TP Over IPsec Site-to-Site VPN
        2. Configuring PPTP Site-to-Site VPN
        3. Troubleshooting VPN Client Connections
          1. PPTP
          2. L2TP over IPsec
            1. IPsec ESP
            2. IPsec NAT-T
          3. SSTP
          4. Common Errors and Likely Causes
        4. Summary
    14. IX. Logging and Reporting
      1. 28. Logging
        1. Why Logging Is Important
          1. New Firewall and Web Proxy Log Fields
            1. TMG Client Fields
            2. Enhanced Malware Inspection (EMP) Fields
            3. Network Inspection (NIS) Fields
        2. Configuring TMG Logging
          1. Common Logging Options
          2. Log File and Disk Space Controls
          3. SQL Express
          4. SQL Database
          5. Local Text Logging
          6. Logging Queue
        3. Logging Best Practices
          1. Collecting Information about Your Environment
          2. Logging Options
          3. General Guidelines
            1. Disk
            2. Connectivity
            3. Large Logging Queue (LLQ) Recommendations
            4. Log Retention
        4. Summary
      2. 29. Enhanced NAT
        1. Understanding Enhanced NAT
        2. Configuring Enhanced NAT
        3. Troubleshooting Enhanced NAT
        4. Summary
      3. 30. Scripting TMG
        1. Understanding the TMG Component Object Model (COM)
          1. Forefront TMG COM Hierarchy
          2. New COM Elements in TMG
        2. Administering TMG with VBScript or JScript
          1. TMG Scripting Best Practices
          2. TMG Task Automation Example
            1. Step 1: Locating Arrays Associated by an Enterprise Policy
            2. Step 2: Exporting and Importing Using Files
            3. Step 3: Saving the Changes
        3. Administering TMG with Windows PowerShell
          1. Windows PowerShell Automation Examples
        4. Summary
    15. X. Troubleshooting
      1. 31. Mastering the Art of Troubleshooting
        1. General Troubleshooting Methodology
          1. You've Defined the Problem—What's Next?
          2. Time to Analyze the Data
          3. Got It, Now I'm Going to Fix It!
        2. Troubleshooting Tools
          1. TMG Troubleshooting Tab
          2. Best Practices Analyzer
          3. Network Monitor
          4. Performance Monitor
          5. Windows Event Logs
        3. Putting It All Together
          1. Real-Life Case Study
            1. Scenario
            2. Roadblocks
            3. Environment
            4. Troubleshooting
            5. Conclusion
        4. Summary
      2. 32. Exploring HTTP Protocol
        1. Understanding the HTTP Protocol
          1. HTTP Transaction
        2. How HTTP Authentication Works
          1. Rules of the Game
            1. 401 – Unauthorized
            2. 407 – Proxy Authentication Required
          2. HTTP Authentication in Action
            1. Anonymous Request
            2. Authentication Methods
            3. Server Authentication
            4. Proxy Authentication
            5. Dual Authentication (Proxy and Server)
            6. Special Case for NTLM (NT LAN Manager) Authentication
            7. Authentication Delegation
        3. Understanding HTTPS
          1. Negotiation Phase
          2. Client Acknowledgment
          3. Server Acknowledgment
        4. Summary
      3. 33. Using Network Monitor 3 for Troubleshooting TMG
        1. Using Network Monitor to Capture Traffic
        2. Data Gathering with Network Monitor
          1. Using Network Monitor GUI
          2. Using Nmcap.exe
        3. Reading a Network Monitor Capture
          1. Open Network Monitor
            1. Open Network Monitor
            2. Open the Example Capture File
            3. Apply the Basic WPAD Display Filter
            4. Narrow the DNS Filter Scope
            5. Narrow the HTTP Filter Scope
            6. Narrow the Whole Display Filter
        4. Troubleshooting TMG Using Network Monitor
        5. Summary
    16. A. From Proxy to TMG
      1. Understanding the HTTP Protocol
        1. Methods and Status Code
        2. HTTP Content
        3. Additional Fields
          1. Accept
          2. User Agent
          3. Connection
          4. Cache-Control
        4. Putting It All Together
      2. Understanding Proxy Servers
        1. Managing and Aggregating IP Addresses
        2. Caching
          1. Passive Caching
          2. Active Caching
          3. Forward Caching
          4. Reverse Caching
        3. Access Control
        4. Functions of a Proxy Server
          1. Forward Proxy
          2. Reverse Proxy
          3. Proxy Chaining
          4. Caching
        5. CERN-Proxy Requests
      3. The History Behind TMG
        1. Proxy Server 1.0
        2. Proxy Server 2.0
        3. Internet Security and Acceleration (ISA) Server 2000
        4. Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1
        5. Internet Security and Acceleration (ISA) Server 2004
        6. Internet Security and Acceleration (ISA) Server 2004 Service Pack 2
        7. Internet Security and Acceleration (ISA) Server 2004 Service Pack 3
        8. Internet Security and Acceleration (ISA) Server 2006
        9. Internet Security and Acceleration (ISA) Server 2006 Supportability Update
        10. Internet Security and Acceleration (ISA) Server 2006 Service Pack 1
        11. Forefront TMG Medium Business Edition
    17. B. TMG Performance Counters
      1. TMG Performance Counters
        1. Firewall Packet Engine Performance Counters
        2. H.323 Filter Performance Counters
        3. Cache Performance Counters
        4. Microsoft Firewall Service Performance Counters
        5. SOCKS Filter Performance Counter
        6. Performance Counters
        7. Compression Performance Counters
        8. Diffserv Performance Counters
        9. Malware Protection Performance Counters
        10. HTTPS Performance Counters
        11. E-mail Hygiene Performance Counters
        12. URL Filtering Performance Counters
        13. TMG Performance Monitor
        14. System Performance
      2. How to Use These Counters
      3. Summary
    18. C. Windows Internet Libraries
      1. WinHTTP vs. WinInet
        1. WinInet
        2. WinHTTP
      2. Autoproxy (WPAD)
        1. WinInet
        2. WinHTTP
      3. Applications That Use WinHTTP
      4. Summary
    19. D. WPAD Script CARP Operation
      1. CARP Logic
      2. CARP Action Examples
        1. Normal CARP Destination
        2. Client CARP Destination
        3. No-CARP Destination
      3. Summary
    20. Index
    21. About the Authors
    22. Copyright

    Product Information

    • Title: Microsoft® Forefront® Threat Management Gateway (TMG) Administrator’s Companion
    • Author(s): Jim Harrison Yuri Diogenes and Mohit Saxena
    • Release date: February 2010
    • Publisher(s): Microsoft Press
    • ISBN: 9780735640535