Anyone done much with Forefront TMG 2010?

Hyper-Me

I don't have much else to do today so im throwing TMG 2010 in a VM to take a look at it.

Anyone done much with it? Any new cool things about it?

blargoe

I haven't gone under the hood much with TMG but I did install UAG 2010 which uses TMG as the firewall. Just from a quick glance it doesn't look all that much different from ISA 2006 to me, but I'm sure they have added some enhancements along the way. I think they put more into developing UAG.

EDIT: Here's the "What's New" for TMG:

Forefront Threat Management Gateway: What's New

astorrs

Yeah I deployed it recently and tied it into Exchange, RDS, etc. Think ISA 2006 with HTTPS inspection added; and if you don't mind paying an additional annual subscription cost per user (unless you've already licensed either the ForeFront Protection Suite or the Enterprise CAL Suite), content filtering and anti-virus/anti-malware integrated into the product.

UAG 2010 looks like a decent enough attempt at an SSL VPN, it's unfortunate that under the EULA you're not allowed to make use of the ForeFront TMG installed as a part of it for protecting anything else.

blargoe

It's a shame they didn't have a license to for a UAG/TMB bundle for smaller shops so that using both would be legal. I understand why they're doing it... $$$$$, and the fact that it's EASY to F up the rules and config that UAG puts into TMG when you make changes in the UAG console.

The last person I talked with at Microsoft regarding modifying the TMG setup when bundled with UAG is they were currently making a best effort to resolve any issues.

We're currently preparing to roll it out as a reverse proxy and application portal but will be looking at the SSL VPN capability soon.