Thursday, 28 April 2011

Installing Forefront Threat Management Gateway (TMG) Beta 2

Published
:

February 22, 2009
Last Updated : February 22, 2009
     
Introduction

In a previous post, I have told you that Forefront Threat Management Gateway is the future version of Microsoft ISA Server. In this article, I will be installing TMG Beta 2. Before this I will be pinpointing few notes, then showing you the hardware and software prerequisites. Then will install Forefront TMG.

I wanted to cover the installation of Forefront TMG Beta 2, because I have seen many administrators are having issues and errors while installing TMG. This is because there are few things that you have to take care before proceeding into installing TMG.
To avoid having any issue while we are installing Forefront TMG, and before we start, I want to grab your attention to the following notes :
  • Forefront Threat Management Gateway is native 64-bit. It can only be installed on Windows Server 2008 64-bit.
  • One of the most important steps before installing ISA/TMG, is to configure the network interfaces settings on the server. please have a look at this article so that you correctly configure the network interfaces : Configuring ISA Server Interface Settings.
  • TMG BETA 2 server has to be a domain member. Join the TMG server to a domain before installing Forefront TMG software. Later on, with future builds of TMG,  Workgroup scenario will be supported.
Forefront TMG has a hardware & software requirements, as stated below :
Hardware Requirement:
  • A computer with a 64-bit processor.
  • Windows Server® 2008 64-bit operating system. You cannot install Forefront TMG on 32-bit versions of Windows Server 2008.
  • 2 gigabytes (GB) or more of memory
  • 2.5 GB of available hard disk space. This is exclusive of hard disk space that you want to use for caching or for temporarily storing files during malware inspection.
  • One network adapter that is compatible with the computer's operating system, for communication with the Internal network.
  • An additional network adapter for each network connected to the Forefront TMG computer.
  • One local hard disk partition that is formatted with the NTFS file system.
Software Prerequisites:

You must install the following programs on your server before installing TMG
  • Dot Net Framework 3.5 - Download it from here
  • Two features on Windows Server 2008 have to be added :
  1. Windows Powershell Feature
  2. Message Queuing Server and Directory Service Integration Feature


Installing TMG Beta 2
  1. Double click on the setup file that you have downloaded. On the Welcome screen, click Next



  2. Select the path where the extracted files will be stored, you can either keep the default path or change it to a custom path by clicking on the Change... button and browse to another path. Then click Next



    extracting the setup package will start



  3. Once extracting is completed, the Install Forefront TMG page will open automatically, click on Install Forefront TMG



  4. On the Welcome to the installation wizard page, click Next





  5. On the License Agreement page, accept the terms and click Next

    I just want to grab your attention to a simple note in the terms:

    INSTALLATION AND USE RIGHTS.

    · You may install and use any number of copies of the software on your premises to design, develop and test your programs for use 
      with the software.

    · You may not test the software in a live operating environment unless Microsoft permits you to do so under another agreement.



  6. Type your info, and for the product key it will be automatically filled, as this is a Beta version. Click Next



  7. On the Setup Scenarios page, choose the installation option


  • Selecting scenario # 1 : Install Forefront Threat management Gateway services
    This will install Forefront TMG services plus its management console and the Configuration storage server which stores the enterprise configuration for forefront TMG arrays.



  • Selecting scenario # 2 : Install Forefront Threat Management Gateway Management only
    This will only installs the MMC part of TMG, so that you can control remote Forefront TMG servers. This for example can be installed on a client machine, so that you can remotely connect to your TMG server using this installed MMC snap-in.



  • Selecting scenario # 3 : Install Enterprise Management Server
    This will  install both the MMC part of TMG and the Configuration Storage Server, which stores the enterprise configuration for TMG arrays



    I will be selecting scenario # 1 Install Forefront Threat management Gateway services , click Next.
    If you want to change the default installation path, then click on the Change... and choose your installation path, if you want to keep the default installation path, simply click on Next

    As you may have noticed, the concept of Standard Edition or Enterprise Edition is no more available with Forefront TMG. There are new terms that we will have to get used to them , such as Standalone Server, Array Manager, Standalone Array, Enterprise Management Server (EMS). You might find it misleading at the current moment. Don't feel that, later on we will get used to these terms, and they will be covered in future articles. To give you a brief illustration, at the moment I'll be installing a Standalone Forefront TMG server.
  1. On the Internal Network page, we need to specify the address ranges that we want to include in the Internal Network . Click on the Add button



    To add the Internal Network range, you can either click on Add Adapter, select the appropriate adapter representing the Internal Network ( in case you have multiple adapters ), or you can simply click Add Private and select from a list of predefined  address ranges, or click on Add Range and type the range manually, where you have to specify the beginning and the ending IP address of the range.



    Once you finish from defining the internal network range, click on the OK button



    You will be taken back to the Internal Network page, if you want to edit the address range click on the Change... button, else click on Next



  2. On the Services Warning page, you will be notified that the following services will be restarted or disabled during installation as seen in the below screen shot, click Next



  3. Ok, we are set for the installation, on the Ready to Install page, click Install



    Instantly you will receive a notification alert that if you plan to enable E-mail policy protection, you must install Exchange Edge Transport role + Service Pack One for Exchange Server 2007 before installing Forefront TMG, if you do not plan to use the E-mail policy protection then click on the OK button so that installation continues, else if you do plan to use the E-mail policy protection, click on the Cancel button, install Exchange Edge and then run the Forefront installation again.



    Installation will proceed









  4. When installation completes, you can invoke TMG Management when the wizard closes by enabling the checkbox available in the below screenshot. Click on Finish



    An html page will pop up after you click the Finish button, listing few recommendations. Take a moment to read them.



  5. To open Forefront TMG Management Console, click on Start > All Programs > Microsoft Forefront TMG, click on Microsoft Forefront TMG Management



  6. Forefront TMG management console will open, and we will be greeted with the Getting Started Wizard page opened. This wizard is used to configure or modify basic deployment settings. I believe I will be covering it in my next article.



    For the time being you can ignore this wizard and click on Close. I did this because I want to show you the left pane multiple new nodes such as Web Access Policy , E-mail Policy, Intrusion Prevention System , Logs & Reports and Update Center.



One last reminder, this is a Beta version, do not use it in a production environment. And if you were hoping to have a specific feature and found out that it is not there with this build, don't feel down, a lot of builds yet to be released and a lot of current features are not yet 100% polished.




No comments:

Post a Comment