启用TMG2010中的Internet 服务提供商 (ISP) 冗余(双线接入)
作者:rickyfang 日期:2010-01-26
Forefront TMG Release Candidate已提供下载
作者:admin 日期:2009-10-12
What's new in Forefront TMG Beta 2
作者:admin 日期:2009-03-18
Note:
Keep in mind that the information in this article is based on a beta version of Microsoft Forefront TMG and are subject to change.
A few days ago, Microsoft released Beta 2 from Microsoft Forefront TMG (Threat Management Gateway), which has a lot of new exciting features.
In this first article, I will show you some of the new features and how they work. Part two of this article series will show you other changes in Microsoft Forefront TMG. Both articles should only give you some basic information about new and changed features in Microsoft Forefront TMG, so we will not go into much detail in these two articles.
System requirements
Overview of ISA and TMG Networking (Part 3)
作者:admin 日期:2009-02-20
Overview of ISA and TMG Networking and ISA Networking Case Study (Part 3)
老方说:此篇文章摘自ISASERVER.ORG网站,出自Thomas Shinder达人之手。严重建议ISA爱好者看看。
- Published: Dec 16, 2008
- Updated: Jan 21, 2009
- Author: Thomas Shinder
Overview of ISA and TMG Networking and ISA Networking Case Study (Part 2)
Overview of ISA and TMG Networking and ISA Networking Case Study (Part 1)
只有经过身份认证的才允许上网!-ISA Server防火墙客户端使用记要
作者:admin 日期:2009-02-20
老方说:从51CTO的博客转载了王春海老师的这篇经验之作,对ISA的初学者来说是一篇不错的文章。此文把域、DHCP、DNS、ISA身份验证、ISA客户端类型、流量控制等结合在一起。技术上也许不是重点。重要的是思路和方法!!也这是老方转载及推荐此文的最大目的!
(附记)在奥运期间,一些政府加强了上网行为监控,但传统的防火墙,只能通过IP地址进行限制。而用户很容易修改IP地址,事后也不能查找、定位用户。基于此,我采用Windows Server 2003的Active Directory、DHCP、ISA Server,将计算机加入到域、让只有加入到域的用户(每人一个用户名、密码并登录计算机)才能上网,其他用户不能上网。这样就做到了经过认证的用户才能上网,并且出了事情,可以追察到人。同时,在奥运期间,由于许多用户在线看比赛,经过实际测量,新华网的 视频,每个视频需要占用1M以上的带宽,如果一个网络中, 有20个人观看视频,会占用大量的网络带宽。采用Bandwidth_Splitter限制每个用户带宽在350K以内。
在整个奥运期间,这个方案经受住了考验。
河北 王春海
在大多数单位,都是通过限制工作站的IP地址,控制其上网行为,例如,根据部门、人员的不同,为其分配不同的地址或者地址段,在防火墙(或代理服务器)中设置上网策略。但这样的设置,存在一些问题:
ForefrontTMG关于单一的网络适配器限制
作者:admin 日期:2009-02-19
来自于ISA2008的帮助文件.
Microsoft Forefront Threat Management Gateway 可以安装在具有单一网络适配器的计算机上。 通常,当 Forefront TMG 位于公司内部网络或位于外围网络而网络边缘有另一防火墙时使用此配置,防止公司资源受到来自 Internet 的攻击。
在具有单一网络适配器的计算机上安装 Forefront TMG 时,Forefront TMG 只意识到以下两个网络:
- 代表 Forefront TMG 计算机本身的本地主机网络。
- 包含不属于本地主机网络的所有单播 IP 地址的内部网络。
在此配置中,当内部客户端浏览 Internet 时,Forefront TMG 将查看 Web 请求属于内部网络时的源地址和目标地址。 没有外部网络的概念。 Microsoft 防火墙服务和应用程序筛选器只能在本地主机网络的上下文中进行操作。 (在所有方案中,Forefront TMG 都会保护其自身。) 由于防火墙服务和应用程序筛选器在本地主机网络的上下文中进行操作,因此可以使用访问规则来允许非 Web 协议通过 Forefront TMG 服务器。
安装和配置
在具有单一网络适配器的计算机上安装时,应为内部网络配置所有 IP 地址范围,但以下地址除外:
- 0.0.0.0
- 255.255.255.255
- 127.0.0.0-127.255.255.255(本地主机)
- 224.0.0.0-254.255.255.255(多播)
Overview of ISA and TMG Networking (Part 2)
作者:admin 日期:2009-02-19
Overview of ISA and TMG Networking and ISA Networking Case Study (Part 2)
老方说:此篇文章摘自ISASERVER.ORG网站,出自Thomas Shinder达人之手。严重建议ISA爱好者看看。
- Published: Dec 16, 2008
- Updated: Jan 21, 2009
- Author: Thomas Shinder
Overview of ISA and TMG Networking and ISA Networking Case Study (Part 1)
In our last article on ISA and TMG firewall networking, I talked about how ISA and TMG firewalls use Networks to control traffic moving through and to the firewall. To recap, ISA and TMG Firewall Networks are collections of IP addresses located behind a specific NIC on the firewall. The addresses can be on and off-subnet for the specific NIC, but in order for a client behind any NIC on the TMG or ISA firewall to reach a destination through the firewall, that client’s IP address must be included in the definition of the ISA or TMG Firewall Network from which it connects. If the client’s IP address is not part of the ISA Firewall Network definition for the NIC that receives the request, the connection will be dropped as spoofed.
If you have not read part 1 of this series on ISA and TMG Networking, or want to brush up on what ISA/TMG Firewall Networks are all about, click here.
Overview of ISA and TMG Networking (Part 1)
作者:admin 日期:2009-02-19
Overview of ISA and TMG Networking and ISA Networking Case Study (Part 1)
老方说:此篇文章摘自ISASERVER.ORG网站,出自Thomas Shinder达人之手。严重建议ISA爱好者看看。
- Published: Dec 16, 2008
- Updated: Jan 21, 2009
- Author: Thomas Shinder
What ISA/TMG firewall Networks are about and how the firewall uses these networks to perform several key functions.
Last week I did a blog post asking our ISAserver.org members what kind of content they would like to see on the site. I expected the typical stuff, such as “more articles on integrating with other networking equipment vendors” and “more information on how NLB works” and “more articles on how to make ISA and TMG work with Exchange 2007, SharePoint and OCS” and maybe even “more stuff about ISA and TMG add-ons”. I was not disappointed. I did get requests for all of that kind of content.
