While reading over the Forefront TMG firewall release notes this morning, I found several interesting issues that you should be aware of when testing the Forefront TMG on your network.
- In previous versions of the ISA Firewall you had the option to force 128bit encryption on Web Publishing Rules. This option is removed and this requirement is always enforced on the Forefront TMG firewall. This is a function of Windows Server 2008
- The TMG Beta 1 trial version is limited to 300 licensed users. However, it's not stated how these users are enumerated by the TMG firewall. Is it IP addresses? AD User accounts that authenticate to the TMG firewall? Something else? I'll try to find out.
- RDP is the recommended mode of remote administration. I agree with this completely and never understood why anyone would want to use the remote console.
- Reporting is only available if you use local SQL logging. That means no reports if you use .txt file logging or off-box SQL server
- TCP port 8008 is used by the local Web server on the TMG firewall for SQL reporting services, so you must not configure any listeners to use that port
- When you view the site to site VPN configuration settings after creating a Remote Site Network, the Apply and Discard buttons will appear, even if you didn't make any changes. You can click Discard since no actual changes are made when you just view the settings
- The beta 1 of the TMG firewall must be a domain member. No workgroup configs are supported in the Beta 1
I thought these were interesting and also important, as you might run into some strange problems if you're not aware of these issues and limitations in the beta 1 of the Forefront TMG firewall.
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
MVP — Microsoft Firewalls (ISA)