Microsoft ISA Server 2006 will be succeeded by the Forefront Threat Management Gateway 2010. TMG went RTM last week, according to the folks at isaserver.org. I have been an ISA user for several years and it has been the target of my wrath on many, many occasions. I hate it, but I haven’t found anything else that gives me the granular control for outbound access filters.
Over those frustrating years, I received much support from the isaserver.org forums. isaserver.org is predominantly been Tom Shinder, a very interesting guy who is an MD yet made his mark as an ISA Server consultant and author. He announced in this month’s newsletter he will be going to The Dark Side, joining Microsoft and the TMG team. Thus both the product and its guru are going away.
Shinder lists the new features of TMG as follows.
- Outbound SSL inspection that prevents attackers and malware from hiding within an SSL tunnel
- The Network Inspection System, which provides the TMG firewall with a very sophisticated and cutting edge intrusion detection and prevention system
- Enhanced NAT, that allows you to control what IP address on the TMG firewall will be used as the source address for outbound connection
- New support for the SSTP VPN protocol – making it easier than every to get users connected to the TMG VPN server using a firewall and proxy friend network level VPN protocol
- SIP support for VoIP, so that you can get your SIP PBXs working with the TMG firewall
- New installation and configuration wizards, that make it easier than ever to get up and running and configuring a secure configuration
- A supercharged firewall client – which has a new named “TMG Client” which provides users notification of outbound SSL inspection and also provides promise in the future for allowing you to control what applications are allowed to connect through the TMG firewall to the Internet
- A new search capability for firewall policy, so that you do not have to poke around to find what rules are using what rule elements – the search feature does all this for you
- Enhanced logging and reporting use SQL and SQL Reporting Services, and an SDK that will allow you to customize reports to provide you the information that you’re interested in
I am not thrilled about have to learn a new product. And most of the functions above are already present in Cisco ASA technology.