Forefront Threat Management Gateway 2010. Introduction to Forefront TMG.
Forefront Hub Transport Configuration
Transcript of Forefront Hub Transport Configuration
HUB TRANSPORT CONFIGURATION:
1. Expand Antimalware in the left hand pane2. Expand Hub Transport3. In the right hand pane set the following
a. General Settingsi. Check Enable transport antivirus scan
ii. Check Enable Transport antispyware scanb. Engines and performance
i. Select the second option, Scan with the subset of engines that are available
c. Scan Actionsi. Detection
1. Virus: Action = Clean, Quarantine Files = Yes2. Spyware: Action = Delete, Quarantine Files = Yes
d. Additional Optionsi. Check: Optimize for performance by not rescanning messages
already virus scannedii. Set maximum container scan time (seconds) = 120
iii. Set illegal MIME header action: = Purgeiv. Set transport sender information = Use MIME headerv. Set process count = 4
vi. Set scanning timeout (Seconds) = 600
vii. Set Scan timeout action = delete
4. Expand Anti spam in the left hand pane
5. Make sure that antispam is disabled and all options are grayed out.
6. Skip filter lists as we have none
7. Select Filter Optionsa. Transport filtering options
i. Check Enable file filtersii. Check Enable Header filters
iii. Check Enable keyword filtersb. Enable keyword filtering
i. Check inboundii. Check outbound
c. Enable file filtering for these message directionsi. Check inbound
ii. Check outboundd. Tag text for message header = Junk-Mail
e. Tag text for subject line = SUSPECT:
8. Select online protection in the left hand pane and make sure that it is not enabled.
9. Select Global Settings in the left hand pane and select scan optionsa. Scan Targets – Transport
i. Check enable scanningb. Target types
i. Check inboundii. Check outbound
iii. Check internal
10. Select Engine options in the left hand panea. UNC Authentication
i. Uncheck enable UNCb. Proxy Server
i. Uncheck enable proxy serverc. Additional options
i. Uncheck Update engines on server startupii. Uncheck Enable as an update redistribution server
iii. Set engine download timeout (seconds) = 300
11. Select Advanced options from the left hand panea. Scans
i. Engine error action = Deleteii. Use this extension when replacing a deleted attachment = txt
iii. Uncheck use external “Domains.dat” file instead of valueiv. Domain names used for identifying internal addresses =
int.elekta.comv. Uncheck use reverse DNS lookup when determining whether a
message is inboundvi. Check Quarantine corrupted compressed files
vii. Check Quarantine on timeoutviii. Uncheck rescan messages already scanned by forefront online
protection for exchangeb. Deletion Criteria
i. Check Delete corrupted compressed filesii. Check Delete corrupted UUEncoded files
iii. Check Delete partial SMTP messagesiv. Uncheck delete encrypted compressed files
c. Threshold Levelsi. Maximum container file infections = 5
ii. Maximum container file size =25iii. Maximum compressed file size = 20iv. Maximum uncompressed file size = 100v. Maximum nested attachments = 30
vi. Maximum nested depth compressed files = 5d. Logging options
i. Archive transport mail = noneii. Check enable transport incident logging
iii. Check Enable event loggingiv. Check incidentsv. Check engines
vi. Check operationalvii. Check enable spam agent logging
viii. Uncheck Enable content filtering incident loggingix. Check Enable performance counters
e. Customer Experience Improvement Programi. Uncheck Join the Customer Experience Improvement Program
f. Intelligent Engine Managementi. Engine management = Automatic