Announcing: Forefront Threat Management Gateway, Medium Business Edition

I am pleased to announce that the first version of the new Forefront Threat Management Gateway (TMG) has been released to manufacturing as part of the Windows Essential Business Server 2008 (EBS) release. As I first blogged in April of this year, Forefront TMG is a new era for the ISA Server product line. It is taking us and our customers into new and innovative protection directions based on the ever-increasing threats we are seeing on the Internet today.

Forefront TMG, Medium Business Edition is fully integrated in Windows Essential Business Server and installed by default. One of the unique capabilities of this edition is the simplified setup and configuration – without taking away the ability for customers or value added service providers to provide the customization or control they may require for their specific environments. We took a specific approach in this release by asking the administrator what he/she wants to achieve, not how to do it. The end result is a server pre-configured with best practices for the most common security and access needs including Internet access, remote access and common firewall rules.

Not only does Forefront TMG include a fully featured and highly rated corporate firewall capability, but it adds a Unified Threat Management (UTM) capability to the EBS installation. It truly provides a comprehensive, all-in-one integrated edge security solution, for both the headquarters and the branch offices. The real value comes through the tight integration of the different UTM components, as well as with the other applications and solutions encompassing EBS. The integrated anti-virus subscription services provide administrative relief to IT professionals from having to constantly monitor the security threats and changing edge policies. The “Am I Secure?” page provides an easy, at a glance view of the security state and statistics of the system avoiding the need for complex understanding and expertise to provide protection for the business.

As our software, hardware and appliance partners announce exciting value–add offerings, I will keep the community informed. In addition, I will be announcing future details around the public beta for the next edition of TMG later this year on this blog. I think you will be excited and surprised and certainly well worth the wait when we announce. Stay tuned to this channel for continual updates!

David B. Cross

Product Unit Manager

Published Tuesday, September 16, 2008 1:13 PM by isablog

Forefront TMG (ISA Server) Product Team Blog : Announcing: Forefront Threat Management Gateway, Medium Business Edition

ISA 2006 SP1 and IAG 2007 Supportability Statement

Introduction

Occasionally you find the combination of two things that result in something better than the sum of the individual parts. Some combinations that come to mind are peanut butter and chocolate, steak and lobster, and ISA Server 2006 and IAG 2007. You can’t eat ISA and IAG but combined in the IAG 2007 product they create an awesome SSLVPN with rich features. Just like a good soup, IAG 2007 benefits from high quality ingredients. For more information on this “better together” approach review the articles below:

http://www.microsoft.com/forefront/edgesecurity/iag/en/us/secure-remote-access.aspx

http://www.microsoft.com/Forefront/edgesecurity/iag/en/us/faq.aspx

Real World Experience

Recently, I began seeing questions about the addition of ISA 2006 SP1 on customers IAG 2007 systems. After some research it turned out that Windows update was detecting the lack of ISA 2006 SP1 and prompting administrators to install the service pack on their IAG 2007 servers. If you are familiar with IAG 2007 predecessor eGap 3.6 you will remember that the internal server was protected by a SCSI interface that shuttled between the external and internal servers. In IAG 2007 the external server and SCSI interconnect have been removed and replaced by ISA 2006. In this configuration ISA 2006 protects the external interface of IAG 2007 amongst other things.

Since SP1 for ISA 2006 includes feature updates as well as security updates, just like any other windows application it is essential to make sure there is no security vulnerability that might affect the ISA application. Hence it is important to make sure the ISA server is also updated from time to time.

When you first initialize the IAG 2007 system you will notice that ISA server 2006 is installed as well. As applications are added to the portal trunk, rules are created in ISA 2006 to allow the specific traffic types that IAG 2007 will publish. If IAG 2007 is configured for automatic updates or you visit the Windows update site, SP1 for ISA 2006 will be queued for installation if it is not already installed. You can review the benefits of SP1 for ISA 2006 by following this link: http://blogs.technet.com/isablog/archive/2008/05/23/isa-server-2006-service-pack-1-features.aspx

As you can see from reading the list we fixed a few things in ISA 2006 with SP1. In addition, patch management is part of the Desktop, Device, and Server security process best practices that IT professionals should be following. Recently, while testing IAG 2007 SP2 our product group tested with ISA 2006 SP1 installed and found no issues related to this service pack. So go ahead and add ISA 2006 SP1 to your IAG 2007 system. I bet you will find it’s a great combination and is a high quality ingredient in your security soup.

Author
Dan Watson
Security Support Engineer –IAG Team
Microsoft – NC

Technical Reviewers
Yuri Diogenes
Security Support Engineer – ISA/IAG Team
Microsoft – Texas

Mohit Saxena
Security Technical Lead – ISA/IAG Team
Microsoft – Washington

Published Thursday, September 18, 2008 8:02 PM by edgeaccessblog
Filed under: Intelligent Application Gateway, ISA Server 2006 SP1

Intelligent Application Gateway Product Team Blog : ISA 2006 SP1 and IAG 2007 Supportability Statement

Independent research firm recognizes Microsoft NAP as a leader in Network Access Control

Published 18 September 08 12:45 AM | Forefront Blogger

Microsoft’s Network Access Protection (NAP) solution was cited as a leader (the top category) in a recent independent report, “The Forrester Wave: Network Access Control, Q3 2008.”  Microsoft was one of the many network access control (NAC) vendors invited to participate in the report.

Forrester placed a lot of emphasis on different access control scenarios for the evaluation and the different vendors were evaluated around twelve different scenarios as well as strengths across technology, strategy and market presence.

“Microsoft has the strongest NAC product for managed endpoints,” the report stated. The report goes on to state that even though its official product has only been shipping since the inception of Windows Server 2008, Microsoft has already established itself as a critical thought leader and contributor to the standardizations of NAC. “Microsoft has the overall highest score among the 12 scenarios we evaluated,” the report added.

Microsoft Network Access Protection ships with Windows Server 2008 and Windows Vista and XP SP3, and has a framework that provides interoperability with over 100 different vendors. The NAP statement of health (SOH) has also been adopted as a standard by the Trusted Computing Group’s Trusted Network Connect (TNC).

More information about Microsoft NAP can be found here http://www.microsoft.com/nap

Forefront Team Blog : Independent research firm recognizes Microsoft NAP as a leader in Network Access Control