Installing Threat Management Gateway 2010 RTM Enterprise Edition Part -2

7/29/2019 Installing Threat Management Gateway 2010 RTM Enterprise Edition Part -2

1/18

16/12 Insta lling Threat Management Gateway 2010 RTM Enterprise Edition

ww.isaserver.org/tutorials/installing_threat_management_gateway _2010_rtm_enterprise_edition.ht

TweetTweet 0 0

Installing Threat Management Gateway 2010 RTM

Enterprise EditionTackling the bas ics; how to install Microsoft Threat Management Gateway 2010 EE RTM.

Published: Dec 08, 2009

Updated: Jan 21, 2010

Section: Tutorials :: Configuration - General

Author: Deb Shinder

Rating: 3.7/5 - 23 Votes

If you would like to read the next part in this article series please go toInstalling Threat Management Gateway 2010 RTMEnterprise Edition (Part 2).

NOTE:

As those of you who read the most recent newsletter know, Tom is taking a full time position with Microsoft and I am going to

be taking over some of his former duties here on ISAserver.org. - including writing articles for the site. Many of you already

know me through my work on Windowsecurity.com, TechRepublic, WXPnews/VistaNews/Win7News and other venues . For

those who don't, you can find out more about at www.debshinder.com.

Introduction

I love new things , and I am excited about coming into this new pos ition jus t in time to introduce a new product : Microsoft's

Threat Management Gateway 2010 EE RTM. In this article, we'll start at the beginning, with how to how to install TMG 2010 EE

RTM.

Of course, the real beginning is the planning phase, where you determine what the hardware requirements are going to be, and

what role the TMG firewall is go ing to play on your network. However, if you're new to the TMG firewall, you probably just

want to get it installed and see what it looks like. Planning for deployment can take place later if you decide you like what you

see, and we'll address that in a later article. Meanwhile, this is the first of a two-part piece that will guide you through the

installation process and point out potential "gotchas" that you might encounter along the way.

Let us get started!

As always , the first step is to make sure your hardware meets the minimum requirements , which you can find here.

Many of you will be doing this initial installation for testing and evaluation purposes. So we will install the RTM release of the

TMG firewall in a virtual machine, and the VM will have two network interfaces :

An external interface, which is bridged to the production network that allows it to connect to the Internet, and

An internal interface that only allows it to connect to other virtual machines.

In this example, the only other virtual machine is a domain controller, and the TMG firewall belongs to the s ame domain as the

domain controller.

This is going to be a "vanilla" install. The only thing we have done in advance is join the TMG virtual machine to the domain

and then installed Windows Updates . I have not installed any Exchange components or any other "out of band" software. Our

Like 0


2/18



goal is to do what most admins will do - install the software in an "out of the box" configuration and then try to make it do wha

we want it to do as we learn more about the product.

NOTE:

One thing that you should know before we get started is the DNS configuration on the TMG VM's NICs. Because you s hould

never (well, almost never) include an external DNS server on any of the firewall's NICs, I have configured the external interface

with no DNS server setting, and the internal interface with the IP address of the internal DNS server, which is also a domain

controller. This is going to cause s ome issues that I'll take about later when we run into them.

Here is a simple network diagram of what I am working with right now and for this article:

Diagram 1

The first s tep is to download the evaluation version of the software. At this t ime, TMG is not available on MSDN, but you can

download an evaluation here.

After you get the file downloaded, double click on it and it will unpack the files. After the files are unpacked, you will see the

Welcome to Microsoft Forefront TMG page. This looks a bit d ifferent compared to what we saw with the ISA firewall and it

includes s ome welcome new opt ions. Notice the Prepare and Install section - now you can run Windows Updates from the


3/18



installation page. We already did that, so we dont need to do it now. Another new option, Run Preparation Tool, is one that

we will use. Click that one now.

Figure 1

Its clear that the TMG developers had large monitors when they created this interface. The dialog boxes are huge. I suppose

that makes it nice for both the devs and the us ers but makes it a bit of a pain for writers who have limited horizontal space for

screenshots J

On the Welcome to the Preparation Tool for Microsoft Forefront Threat Management Gateway (TMG) page, clickNext.


4/18



Figure 2

On the License Agreement page, put a checkmark in the I accept the terms of the License Agreements checkbox and click

Next. Here you are accepting the license agreements for the Microsoft Chart Controls for Microsoft .NET Framework 3.5 and

3.5 SP1 and Microsoft Windows Installer 4.5.


5/18



Figure 3

On the Installation Type page, you have three options:

Forefront TMG services and Management

Forefront TMG Management only

Enterprise Management Server (EMS) for centralized array management

The new TMG makes it easier than ever to work with TMG EE, in contrast to the complexity of EE management with the ISAfirewall. That is why we are installing EE in this article series to show that you can get EE installed easily. Later well create a

standalone array and then we will take down the standalone array and create an enterprise array. Its eas y and fun! But first ,

lets just handle the basics and select the Forefront TMG services and Management option. ClickNext.


6/18



Figure 4

On the Preparing System page, you will see ins tallation progress for the prerequisite software.

Figure 5

The Preparation Complete page s hows that the prerequisite software was installed s uccess fully.


7/18



Figure 6

Now the Welcome to the Installation Wizard for Forefront TMG Enterprise page appears. ClickNext to start installing TMG

EE.

Figure 7

On the License Agreement page, select the I accept the terms in the license agreement option and clickNext.


8/18



Figure 8

Enter your cus tomer information (user name, organization name and product serial number) on the Customer Information page

and clickNext.

Figure 9

On the Installation Path page, you can use the default path or choos e your own path in specifying the location where you

want to install the TMG firewalls files. In this example, well use the default path and clickNext.


9/18



Figure 10

Ah, now here is a blast from the past - the Define Internal Networkpage. For the TMG firewall, as for the ISA firewall, the

default Internal Network is where your core infrastructure s ervices are contained; thes e include Active Directory, DNS, DHCP

and WINS. You can change this definition later if you like, but we need to be able to access these resources during installation

so we have to define the default Internal Network now.

Click the Add button on the Define Internal Networkpage. This brings up the Addresses dialog box. There are several ways to

add the addresses for the default Internal Network, but my preferred method is to use the Add Adapter approach. ClickAdd

Adapter.


10/18



Figure 11

On the Select Network Adapters dialog box, select the LAN NIC (or whatever name you have defined for that NIC) and then

put a checkmark in the checkbox for that NIC. Make sure the information in the Network adapter details section accurately

reflects the details of the NIC you selected. Then clickOK.


11/18



Figure 12

The addresses associated with the internal NIC now appear in the Addresses text box. These addresses are based on routing

table entries on the firewall - if you have not configured routing table entries on the firewall yet, these addressees might not be

entirely correct, but its something that we can fix later, which youll see as we move through the installation proces s.


12/18



Figure 13

ClickNext on the Define Internal Networkpage.


13/18



Figure 14

As with the installation of the ISA firewall, a number of services will need to be restarted or disabled when youre installing the

TMG firewall. In this case, these include:

SNMP service

IIS Admin service

WWW Publishing Service

Microsoft Operations Manager Service

NOTE:

TMG is not saying that thes e are currently installed its just telling you that if they are ins talled, theyll be disabled or

restarted.

ClickNext.


14/18



Figure 15

ClickInstall on the Ready to Install the Program page.

Figure 16

A progress bar shows your progress in the installation.


15/18



Figure 17

Another dialog box will appear and give you more information about how long things are going to take. Notice that these are

est imated figures; despite the numbers you see here, it took almost 30 minutes for ins tallation to complete for me. This might be

related to DNS iss ues , which I'll discuss later.

Figure 18

Now the Installation Wizard has competed and you might think youre finished. In the pas t, with the old ISA firewall, this

would have been it. The next step would have been to go into the ISA firewall cons ole and get to configuring Networks,

Access Rules, and other components to get the thing working. But with TMG, youre not quite done yet.

If you select the Launch Forefront TMG Management when the wizard closes , there will be a set of three more wizards that

make it poss ible to get up and running at the end of the installation process.


16/18



Figure 19

Because these wizards are new, and were at the end of our word count for this article, well save our discuss ion of the new

installation wizards for the next article in this two part s eries. Hopefully this will whet your appetite for what comes next.

Summary

advertisement

In this article, we started off by explaining that we would install the new TMG 2010 EE firewall in a plain vanilla configuration.

The only settings on the TMG firewall VM are the DNS settings, and the firewall VM has been joined to the domain before

beginning the installation of the firewall software. Next we launched the ins tallation processes, configured the default Internal

Network, and let the installation complete. In the next ins tallment of this series, well complete the installation of the firewall by

going through the three new wizards that are nested in a new Getting Started Wizard. See you then! - Deb.


17/18



TweetTweet 0 0

If you would like to read the next part in this article series please go toInstalling Threat Management Gateway 2010 RTM

Enterprise Edition (Part 2).

About Deb Shinder

DEBRA LITTLEJOHN SHINDER, MCSE, MVP (Security) is a technology consultant, trainer and writer who

has authored a number of books on computer operating systems, networking, and security. She is also a

tech editor, developmental editor and contributor to over 20 additional books. Her articles are regularly

published on TechRepublics TechProGuild Web s ite and Windowsecurity.com, and have appeared in print

magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training

material, corporate whitepapers, marketing material, and product documentat ion for Microsoft Corporation,

Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies. Deb

lives and works in the Dallas-Ft Worth area and can be contacted at [email protected] or via the website at www.shinder.net

Click here for Deb Shinder's section.

Latest articles by Deb Shinder

Comprehensive Overview of Web and Server Publishing Rules in TMG 2010 (Part 5)





Web Security, Internet Monitoring and Internet Access Control for ISA/TMG

Like 0

Facebook social plugin

Add a comment.. .

Comment using...

Ismat Sahar

thanks for help,it is amazing and awsome

Reply Like 9 September at 21:36

Zikhrulahi Bolaji Consultant at 1st intellit solution limited

this is amazing

Reply Like 6 August at 01:29

Khurram Shahzad Network / System Engineer at Lucky Cement Limited

thanks for help

Reply Like 30 July at 22:57

Muhammad Shehzad Arshad Barani University of Information Technology (BIIT)

that's really nice.

Reply Like 8 January at 06:56


18/18


Gear up ISA/TMG with advanced web security (AV scans on d lds and ant i-spyware on browsing), internet monitoring

and control internet access through flexible user policies.

IP Binder - Outbound One-to-One NAT support for ISA/TMG Server - Static NAT

With IP Binder you can select which external IP address to us e for traffic going out your access rules. Works with

outbound HTTP, SMTP, and all TCP protocols.

Fastvue for TMG Live Dashboard and Reporting with Alerts

Fastvue is the fastes t way to view activity from your TMG logs via a live dashboard, alerts, and now with advanced

reporting. Free 30 day trial, free support.

Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!

Click forReal-Time s ample & Monthly sample

Enter Email

Become an ISAserver.org member!Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

About Us : Email us : Product Submiss ion Form: Advertising Information

ISAserver.org is in no way affiliated with Microsoft Corp. *Links are sponsored by advertisers.

Copyright 2012 TechGenix Ltd. All rights reserved. Please read ourPrivacy Pol icy andTerms & Conditions.

Installing Threat Management Gateway 2010 RTM Enterprise Edition Part -2

Documents

Transcript of Installing Threat Management Gateway 2010 RTM Enterprise Edition Part -2