When you're working with the TMG firewall, you'll probably find that you spend most of your time with the URL Filtering and web antimalware features. Oh, and you probably also spend a significant amount time publishing key services, such as Exchange and SharePoint, because the TMG firewall is probably the most secure way for you to publish these services.
While these high profile services are important and fun to work with, there are some cool nuggets of technology included with the TMG firewall that don't get nearly as much attention, but you might want to check some of them out and see whether they can solve a problem for you and your customers.
This is my short list of TMG features that are frequently forgotten or overlooked, or that you might not have even known about in the first place:
- Support for BranchCache
- Search the firewall rule set
- SSTP VPN Server
- NAP Support for VPN connections
Support for BranchCache
BranchCache allows you to cache CIFS/SMB and HTTPS content on a branch office network. In this scenario, you put the TMG firewall at the branch office and configure the TMG firewall as your site to site VPN server. When clients on the branch office network connect to file shares at the home office, that content will be cached on the TMG firewall so that when someone makes a request for the same content, the content will be returned from the TMG firewall's BranchCache instead of over the relatively slow site to site VPN connection. BranchCache also works for HTTP content, which gives you two choices for caching HTTP content: the TMG firewall's web proxy cache and the BranchCache HTTP content cache.
Search the firewall rule set
Did you know that you can search the firewall policy rule set now? Yes! This is something that we've been wanting for years and years and now we have it! You can go to the Firewall Policy node in the left pane of the console and you'll see, in the middle pane, the option to Search. You can search for a term in the name of the rule, search by protocol, and search by source or destination; in other words, you can search for almost anything. If you haven't tried out the TMG firewall policy search, zip over to the firewall console now and check it out!
SSTP VPN Server
SSTP is a new VPN protocol that allows you to create a VPN connection using an SSL connection. This allows you to VPN out through firewalls and web proxies that otherwise would block your PPTP or L2TP/IPsec connections. SSTP was actually available before TMG was released, but ISA didn't support SSTP. SSTP is very easy to set up with the TMG firewall and it works great! If you haven't tested it yet, give it a try. There are articles on the ISAserver.org site that can help you get started on your SSTP testing adventure.
NAP Support for VPN connections
Network Access Protection (NAP) is a method you can use to control which machines can connect to your network. NAP can inspect the system state of the computer connecting to the VPN server and if the machine is not secure or does not meet your configuration and updating requirements, then the machine is blocked and won't be able to access resources on the intranet. You also have the option to remediate machines that aren't up to snuff in terms of security configuration and updates. NAP support for the TMG VPN server is nicely integrated and easy to set up. We also have articles on the ISAserver.org site that can help you get up and running with your NAP deployment.
Hiç yorum yok:
Yorum Gönder