Forefront TMG 2010 RTM (disponibile per il download)

Il nuovo ISA Server, Forefront TMG 2010, e’ disponibile per il download pubblico; data annuncio 16 Nov 2009.

Di seguito il post sul blog del team di sviluppo ISA Server:
http://blogs.technet.com/isablog/archive/2009/11/17/forefront-threat-management-gateway-2010-release.aspx

E’ possibile scaricare Forefront TMG direttamente da questa pagina:
http://technet.microsoft.com/it-it/evalcenter/ee423778.aspx

E’ disponibile nelle seguenti lingue:
Cinese (semplificato), cinese (tradizionale), coreano, francese, giapponese, inglese, italiano, portoghese (Brasile), russo, spagnolo e tedesco.

Il consiglio personale e’ sempre di usare, sulla parte server sempre versioni in lingua Inglese.

ISA Server 2006 e Forefront TMG sono supportati in produzione anche come Virtual Machine su hypervisor Microsoft e terze parti (VMware, ecc.). Per questi ultimi e’ importante ricordare che devono essere certificati da Microsoft secondo il SVVP program.

Enjoy with TMG
Luca

URL Filtering con TMG Beta 3

Una delle funzionalità più attese con TMG è l'URL filtering. Il set di funzionalità presente in TMG Beta 3 si può considerare completo. Vi rimando al post, in inglese, sul blog del team di sviluppo di TMG per una introduzione al funzionamento dell'URL Filtering. Qeust'ultima fino ad oggi era disponibile con ISA Server solo con l'acquisto di prodotti terze parti.

Il post completo sul blog del team di sviluppo è consultabile da qui

Per domande e commenti vi aspetto sul forum di ISAserver.it, oppure sul blog.
Luca

Luca Conte, MCSE/MCSA:Security, MCT, MCTIP: Windows 2008
MCTS: Windows Virtualization, VMWare VCP
Consulting Services & Professional Training
ISA Server Jumpstart 2009 - http://www.isaserverjumpstart.com
ISA Server Technical Days - http://days.isaserverjumpstart.com
ISA Server Workbook 2a Ed - http://workbook.isaserverjumpstart.com

Forefront TMG Beta 3 - Da scaricare SUBITO!!!

E' disponibile per il download pubblico la Beta 3 di Forefront TMG, il nuovo ISA Server.
Le funzionalità introdotte in questa Beta 3 sono davvero notevoli e da non perdere; quindi il consiglio è di scaricarla subito.
E' possibile scaricare la Beta direttamente da qui

Per domande e commenti vi aspetto sul forum di ISAserver.it, oppure sul blog.
Luca

Luca Conte, MCSE/MCSA:Security, MCT, MCTIP: Windows 2008
MCTS: Windows Virtualization, VMWare VCP
Consulting Services & Professional Training
ISA Server Jumpstart 2009 - http://www.isaserverjumpstart.com
ISA Server Technical Days - http://days.isaserverjumpstart.com
ISA Server Workbook 2a Ed - http://workbook.isaserverjumpstart.com

Forefront TMG (Beta 2) - disponibile per il download

E finalmente disponibile la Beta 2 della nuova versione di ISA Server: Forefront TMG.
Vi riporto il testo del post di annuncio, ho evidenziato in rosso alcune parti di sicuro interesse:

"...I wanted to publish a follow-on to Jim's enthusiastic post about our public beta.  We have reached an important and critical milestone in the release of Forefront Threat Management Gateway (TMG), our comprehensive network protection solution. For those of you catching up on the TMG line, Forefront TMG is the future version of the Microsoft Internet Security & Acceleration Server (ISA Server) and will extend the capabilities of ISA Server with new features and security technologies. Forefront TMG will be available as both a standalone solution but also part of new integrated suites to be released in the future such as the upcoming Forefront “Stirling” security suite

Today, I am announcing that Beta 2 is available for public download and evaluation. This is a significant change from Beta 1 – the content and feature set is almost too rich too blog in a single posting to be honest. But I will try…

We really have 6 unique value propositions with this release that really emphasize our comprehensive approach to network protection:

• Control network policy access at the edge (Firewall)

• Protect users from web browsing threats (Web Client Protection)

• Protect users from E-mail threats (Email Protection)

• Protect desktops and servers from intrusion attempts (NIS)

• Enable users to remotely access corporate resources (VPN, Secure Web Publishing)

• Simplified management (Deployment)

From a “what’s new” perspective in Beta 2 from the Beta 1 release, we have really polished and completed a lot of features. On the firewall side, we have added key components such as VoIP traversal (SIP), enhanced NAT and ISP Link Redundancy. Combined with our NAP (Network Access Protection) integration with the VPN functionality, the firewall and remote access capabilities are richer than ever. On the web client protection area, we now have fully functional HTTP Anti-virus/spyware scanning and detection as well as HTTPS forward inspection. This provides an extremely rich secure web gateway for the clients that protects all web clients regardless of platform when going through the TMG proxy.

Some of the new areas we have added include a secure email relay deployment option providing email protection at the edge through Exchange Server and Forefront Security for Exchange integration to provide a hardened edge based anti-virus and anti-spam solution. Also we are excited to preview is our new Forefront Network Inspection System (NIS). Forefront NIS is a unique intrusion detection and response solution that integrates with the Forefront codename Stirling security suite to provide security assessment and responses.

Last, but not least, our deployment and management capabilities have received a complete upgrade. Everything from a UI and configuration wizards facelift for easier installation and maintenance, but a completely new array management infrastructure to ensure distributed enterprise deployments of multiple TMG installations.

In the end, I will let the beta speak for itself – we would love to hear your feedback on the feature set and quality in your environments and scenarios. The download is available now and public for everyone to install today – I welcome you to give it a test run!..."

fonte: ISA Server Team Blog

E' possibile scaricare la Beta direttamente da qui

Note: Il file è di ca. 400MB, è possibile esportare/importare nella Beta 2 la configurazione del solo ISA Server 2006 Standard; No Enterprise, No ISA 2004/2000.

Per domande e commenti sul forum di ISAserver.it, non perdete i prossimi Technical Days su Bologna ed i webcast.
Luca

Luca Conte, MCSE/MCSA:Security, MCT, VMWare VCP
Consulting Services & Professional Training
ISA Server Jumpstart 2009 - http://www.isaserverjumpstart.com
ISA Server Technical Days - http://days.isaserverjumpstart.com
ISA Server Workbook 2a Ed - http://workbook.isaserverjumpstart.com

Riferimenti
ISA Server Team Blog
Forum su ISAserver.it dedicato a Forefront TMG & Stirling

Download Forefront TMG (Beta 2)

The Next Version of ISA Server (“live” from TechEd EMEA)

Direttamente dal TechEd di Barcellona, cominciano a trapelare indiscrezioni sulla nuova release di ISA Server, che come sappiamo si chiama Forefront TMG.

ISAserver.it, nella mia persona, come membro dell'Advisory Group ha gia' sotto mano una release del nuovo ISA. Purtroppo tutto è coperto da NDA, ma dal post di Roger Halbheer si comincia già a vedere di cosa si tratta...

• (...)ISA Server will be renamed in Threat Management Gateway and will be part of the Forefront Suite. Therefore TMG (the new abbreviation for Threat Management Gateway) will collaborate and share information with the other Forefront products in your network (e.g. Forefront Client Security, NAP etc) in order to assess the threats and protect information. This would mean that if a client sends out information to the Internet on an unusual level, we will block it, but it into Quarantine and Scan it… Way cool.
  • It you want to, you can block encrypted zip-files :)
• Web Protection:
  • Scan files that are downloaded by the users for malware and block them on the gateway by the TMG server.
    • We can even inspect outbound SSL traffic as we are bridging SSL on the server if you want it. The user is informed that SSL will be inspected. This is very important from a privacy perspective. So, with this technology we can block invalid or expired certs. Last but not least here, you can exclude certain sites or site groups (e.g. Finance and Banking) from the SSL inspection. So, you can configure it the way that you do not inspect the traffic but the certificate will be validated or nothing is done at all.
    • For large files, the user gets a page to inform him/her that the file is downloaded by the TMG server and scanned there. If it is ok, it is forwarded to the client. Whether this is kicked off it decided by the download time (more than 10s).
    • We can handle files in cache as well.
  • We include URL filtering
    • Block sites you do not want the users to browse to
    • We can even categorize sites (e.g. to categorize them as Malicious) and you can override the setting as you need.
• Logging and Reporting
  • The console itself still looks very similar to what you are used to from ISA Server 2006 – there is no need to change a lot, isn’t it?
  • We enhanced logging with e.g. the information we just touched upon above.
  • There is a new node called Web Access Policy where you configure all the different policies above. There is even a really good wizard to deploy these policies.
• Active Protection Technology (Network Intrusion System from Microsoft Research named GAPA)
  • GAPA will be part of Forefront Client Security as well.
  • As I said above, there will be quite some ways to protect your network from attacks. By determining unusual behavior we can block traffic from infected machines and in addition we would be able to kick off actions in the rest of the product suite.
  • We will deliver signatures to help you a little bit in order to gain some time before you patch as we learned that the average customer needs more than a month to deploy a security update. To be clear here: This does not replace proper patch management!
• Network Access Protection
  • We include NAP into the VPN part of the product. We had quarantine in the VPN implementation of ISA Server 2004 already. However, for a lot of customers that took them a long time to deploy as they had to write customer scripts. With NAP you can build on the same technology you can deploy on your network and it is much easier than the scripting version. However, do not just switch it on – this is a project not just a feature…..
  • The nice thing is that you not only check the machine during the logon but during the whole session. So, if the machine falls out of compliance during a session, it is taken into quarantine, fixed and brought back to the network again..
• Array Support
  • You will be able to take two Standard server, join them and have an array. There will still be an Enterprise version to manage multiple arrays but for smaller deployments, this is definitely good news.
• And a lot more (...)

fonte: Blog Microsoft Technet

Il post completo è consultabile sul blog di Roger qui.

Virtualizzare ISA Server/Forefront TMG - il video di Jim Harrison

E' disponibile una video intervista con Jim Harrison - Program Manager ISA SE - sul portale Technet Edge.
In questo video Jim parla proprio della problematiche (e soluzioni) inerenti la virtualizzazione di ISA Server /Forefront TMG, in particolare chiarisce alcuni dubbi sul supporto di ISA/TMG Virtualizzato.
Un video da non perdere.

Consiglio inoltre la lettura, se lo fate prima di vedere il video meglio, di questo white paper segnalato nel mio precedente post: Virtualizzare ISA Server 2006/Forefront TMG - Considerazioni sulla protezione

Nota: Vi rimando anche al Video di Yossi Siles - PM di Forefront TMG - segnalato in un mio vecchio post del dic 2007. Per vedere il video di Yossi Siles fare clic qui.

Per visualizzare il video di Jim Harrison fare clic qui

Grazie Jim!!

Virtualizzare ISA Server 2006/Forefront TMG - Considerazioni sulla protezione

Siete in procinto di partire con progetti di virtualizzazione? Avete pensato di virtualizzare il vostro ISA Server 2006 ed i relativi servizi Web e Applicativi? Volete rendere sicura la vostra "nuova" soluzione di virtualizzazione?

Prima di partire e trovarsi ad affrontare "nuovi" problemi la cui soluzione, in produzione, puo' essere difficoltosa; vi consiglio di dedicare un pò del vostro tempo alla lettura di questo documento:
Security Considerations with Forefront Edge Virtual Deployments

pubblicato su Microsoft Technet e scritto da Jim Harrison e Gershon Levitz . 

Questo documento ha l'indubbio pregio della sintesi, di andare subito al succo delle questioni e fornire indicazioni delle Best Practise da seguire. La ricca sezione di collegamenti ed il glossario lo completano. 

Luca