Presentation is loading. Please wait.

Presentation is loading. Please wait.

Installing TMG & Choosing a Client Type

Similar presentations


Presentation on theme: "Installing TMG & Choosing a Client Type"— Presentation transcript:

1 Installing TMG & Choosing a Client Type
6NPS Session 2

2 Objectives To understand some final considerations before installing TMG Installing TMG 2010 Troubleshoot an installation Upstanding the client types

3 Some Final Considerations
Internal addresses Determine what IP address range will be used for the internal network. Authentication methods and requirements Define the internal client authentication methods and requirements. Network template Decide which network template to apply during and after installation. Name resolution Define the DNS server that will provide name resolution for TMG.

4 Some Final Considerations
Installation location Define the physical disk that you will use during TMG installation. Operating system security update level Update the operating system install all important and critical security updates before and after installing TMG. Drivers Ensure that all drivers are up to date

5 Additional Recommendations
Rename your network interfaces Review the binding order of the NICs, it is more efficient if the internal NICS is on top.(windows name resolution) disable all unnecessary services on the External NIC so that TMG will not respond external.

6 Troubleshooting TMG Setup
Applying Security Updates and Service Packs After installation install any TMG rollup updates or service packs. What to Look for When Setup Fails During installation, TMG Setup logs step in the %systemroot%\temp folder.

7 Understanding the Setup Log Files
Table 9-1 TMG setup log files

8 Setup Failed—Now What? When setup fails, the TMG Installer triggers an error It explains the reasons for the failure. If you click OK, the TMG Setup rolls back the changes. To workout the error search the log, use notepad to open it

9 Types of Clients Does not require you to deploy client software
Internet SecureNET Client TMG Web Proxy Client Forefront TMG Client Allows internet access only for authenticated users

10 Choosing a TMG Client Type
Web Proxy Client Any client that sends CERN proxy requests to TMG is considered a Web proxy client. Eg.: Browser, Antivirus, Bit torrent client, IM clients, etc Windows apps that need Internet access through a Web proxy can use the WinHTTP application programming interface (API) Restricted to http, https & ftp

11 How the Web Proxy Client Works
The client sends an HTTP GET request to TMG on the listening port. By default on TCP port 8080. After TMG receives the request, the firewall service checks its access rules to determine if this request is allowed or denied. The request is sent to the destination host. When this operation succeeds, TMG responds with an HTTP 200 status code to inform the client that the connection has been established. 2 3 1 4 TMG

12 When to Use the Web Proxy Client

13 SecureNET Client Any computer with TCP/IP networking can be a SecureNET client. No additional software is required. Just configure TMG as the default gateway. TMG needs at least two NICs.

14 SecureNET Client

15 Advantages Vs Disadvantages

16 Forefront TMG Firewall Client
A software component that provides the ability to proxy any application that uses Winsock, regardless if the application itself is proxy aware. Require the installation of the Forefront TMG firewall client software on to the workstation. Allows administrators to control access to non-web-proxy protocols based on users or groups.

17 Choosing the Right Client
Need to consider the functionality and security requirements Ease of deployment and restrictions on installing software Support for various operating systems Protocol support (simple versus complex protocols) Authentication requirements for user- or group-based access controls Security of your network and applications.

18 Choosing the Right Client

19 Choosing the Right Client

20 Choosing the Right Client
SecureNet Client No configuration is required other than setting up a default gateway Supports all operating systems supports all simple protocols. Application filters enable support of complex protocols. SecureNET supports non-TCP/UDP protocols Does not forward user credentials therefore cannot support authentication-based access rules. Connections are unencrypted; uses the application’s protocol default port Client does it’s own name resolution

21 Choosing the Right Client
Web Proxy Client Need to specify Web proxy settings in the Web browser or use WPAD. Web proxy–aware apps can use the Web proxy client Limited to Web protocols. (http, https & http proxied ftp) Forwards credentials when challenged for authentication. Connections are unencrypted and are sent to the port on TMG that is set to listen for Web proxy connections (TCP port 8080 by default). TMG resolve name for clients

22 Choosing the Right Client
TMG Firewall Client Need to install the TMGC software. Only on windows OS Supports all TCP and UDP simple and complex protocols. Forwards credentials of the logged-in user automatically;(supports authentication based access rules.) The TMGC sets up a control channel on TCP port 1745 and then all information within the control channel may be encrypted if any rule requires authentication. TMG resolve name for clients

23 Practice: Installing TMG Server
Installing TMG(Textbook page 156) Basic access rules for a web proxy TMG Internet Windows 7 Web proxy client


Download ppt "Installing TMG & Choosing a Client Type"

Similar presentations


Ads by Google