Implementing Forefront Threat
Management Gateway 2010

This course provides students with the knowledge and skills to envision, design, and deploy web access, remote access and mail protection solutions using Microsoft Forefront Threat Management Gateway 2010 (TMG), enabling them to identify the requirements and make the appropriate design decisions that will come up during the deployment process, and providing hands-on experience with the products.

After completing this course, students will be able to:

  • Understand the new features and the value proposition for Forefront TMG.
  • Explain how Forefront TMG protects clients and servers from Web-based threats.
  • Describe how Forefront TMG enable outside systems to secure connect to internal services and applications.
  • Describe how Forefront TMG integrates with Forefront Protection 2010 for Exchange and Microsoft Exchange Server 2010 to protect an organization from mail-based threats.
  • Design an enterprise solution using Forefront TMG considering availability, scalability, operations, and migration from an existing Microsoft Internet Security and Acceleration (ISA) solution.

Learning Resources

Published on: November 2010

Step 1

Forefront Threat Management Gateway (TMG) 2010 Overview

This module explains the new features introduced in Forefront TMG 2010, the different deployment scenarios for the product, and introduces the basic concepts used in its configuration.

After completing this module, students will be able to:

  • Describe a brief history of the Microsoft edge security products.
  • Explain the current threat landscape and how this drove changes in the edge security strategy.
  • List the new features in Forefront TMG and their value propositions.
  • Describe the key scenarios for Forefront TMG and how it differentiates from Microsoft® IAG/UAG.
  • Describe the SKU differentiation and subscription model.
  • Explain the installation requirements and install process for Forefront TMG.
Step 2

Secure Web Gateway

This module explains the new features introduced in Forefront TMG 2010, and how they can be used to enable users to securely and safely browse the Web.

After completing this module, students will be able to:

  • Describe the threats affecting enterprise users browsing the Web.
  • Identify the key Forefront TMG features that address those threats (application proxy, granular access control, malware inspection, URL filtering, HTTPS inspection, NIS), and describe each of these features in detail.
Step 3

Remote Access Gateway

This module explains the new features introduced in Forefront TMG 2010 can be used to enable users to securely access corporate network resources from anywhere.

After completing this module, students will be able to:

  • Understand how Forefront TMG can publish Web and non-Web services to external users.
  • Explain the security features and benefits added by Forefront TMG in each of these publishing scenarios.
  • Discuss the new Forefront TMG features for virtual private networking, such as Secure Socket Tunneling Protocol (SSTP) and Network Access Protection (NAP).
Step 4

Secure Mail Relay

This module explains how Forefront TMG 2010 and Forefront Protection 2010 for Exchange Server can work together with Microsoft Exchange Server to provide premium protection from spam and malware.

After completing this module, students will be able to:

  • Describe the mail threats facing organization, and explain what the key Forefront TMG features are that address these threats.
  • Explain how Forefront TMG and Forefront Protection 2010 for Exchange Server are deployed together for premium antispam and antimalware protection.
  • Describe in detail how Forefront TMG performs spam filtering, malware filtering, and content filtering.
  • Describe the implementation process for this scenario and how the solution is configured.
Step 5

Forefront TMG 2010 Design and Deployment Considerations

This module explains the common deployment scenarios for Forefront TMG 2010, and what to consider when designing Forefront TMG 2010 solutions.

After completing this module, students will be able to:

  • Review the network, scalability, availability and operational considerations and best practices when designing and deploying a solution based on Forefront TMG.
  • Identify the best practices when configuring clients to use Forefront TMG.
  • Describe migration procedures from ISA Server to Forefront TMG, and between the different versions of Forefront TMG.