Course Number: TMG10-PDM
Authors: Anders Pistaceci, MCTS, MCITP, MCSE, MCT
Miha Pihler, MVP, CISSP, MCSE, MCT
Erez Ben-Ari, CISSP, MCSE, MCT
Miklos Cari, MVP, MCSE, MCT, MCITP
Paula Januszkiewicz, MVP, MCT, MCSE, MCITP
Mohit Saxena (from Microsoft Forefront TMG Team)
Training Days: 5
Audience: Security Professionals, Systems Engineers, Network Administrators, IT Professionals
Technical Level: 300-400
Microsoft Exam: 70-157
Status: IN DEVELOPMENT
Order Date: TBA
The goal of this five-day instructor-led course is to provide students with the knowledge and skills necessary to effectively plan, deploy and manage Microsoft ForeFront Threat Management Gateway 2010.
This course is intended for Security Professionals, Administrators, Systems Engineers, IT Professionals, Consultants and other people responsible for implementing network and perimeter security measures, including Internet firewalls, application layer filters, and screened networks. They will also implement caching servers and additional mechanisms to protect public-facing Web servers. These individuals will have a need to simplify ongoing management, reduce support costs and prevent security breaches.
Typical environments in which they work have the following characteristics:
• Supported users ranging from 50 to 10,000+
• Multiple physical locations
Typical products and technologies used with a ForeFront TMG 2010 solution include: Windows Server 2008, Active Directory, Internet Information Services (IIS), Load Balancing, Failover Clustering, Network Access Protection, Microsoft Exchange, Microsoft SharePoint Technologies, and other 3rd party network security products and technologies.
After completing this course, students will be able to:
• Describe the functionality provided by TMG 2010 and explain valid deployment scenarios.
• Install and maintain TMG 2010 and install and configure TMG clients.
• Install and use new features of Service Pack 1.
• Configure secure access to Internet resources for internal network clients using TMG 2010.
• Configure the following TMG 2010 roles:
o Firewall Role
o Web Proxy/Caching Role
o Logging Role
o VPN Role
• Configure secure access to internal network resources for Internet clients who are using Web and Server publishing rules.
• Configure Intrusion Detection and Malware Inspection
• Configure TMG 2010 to provide secure access to Exchange and SharePoint Server for servers and clients located on the Internet.
• Configure Application, Web and URL Filters on TMG 2010.
• Deploy a Virtual Private Network for remote clients and remote networks using TMG 2010 using:
o L2TP over IPsec
o NAP Integration
• Manage TMG 2010 using scripts
• Design and implement a TMG disaster recovery plan
• Deploy TMG 2010 Enterprise in High Availability configurations
Students should have a working knowledge of the following:
• Microsoft Windows Server 2003/2008 operating system and network concepts.
• Basic understanding of common Internet protocols, such as HTTP, SMTP, IPSec, PPTP and so on.
• Experience implementing network resources such as Web, FTP, VPN, Exchange and SharePoint servers.
Course Outline Details
Module 1: Overview of Microsoft ForeFront TMG 2010
This module provides an overview of ForeFront TMG 2010. Lessons presented in this module will provide an understanding of firewalls and routers, the logical and physical architecture and the features and licensing of TMG 2010. You will also learn the difference between TMG, UAG and ISA Server 2006 and learn the various deployment scenarios.
Module 2: Installing TMG 2010
This module describes how to install ForeFront TMG 2010. Lessons presented in this module will detail the requirements of TMG 2010, applying security templates and customizing the configuration. You will also install and learn the new features of Service Pack 1.
Module 3: Configuring Networks and Routing
This module describes how to configure TMG 2010 network and routing objects. Lessons presented in this module will provide an introduction to IPv6 and TMG networks. You will also learn for to create/configure TMG networks, modify network rules and routing and troubleshooting TMG networks.
Module 4: Configuring TMG as a Firewall
This module describes how to configure the firewall role on TMG 2010. Lessons presented in this module will provide an overview of the firewall role and how to configure firewall rules and system policy rules. You will also configure and monitor Intrusion Detection and Network Inspection Systems (NIS).
Module 5: Configuring TMG as a Proxy/Caching Server
This module describes how to configure the proxy and caching roles on TMG 2010. Lessons presented in this module will explain the proxy and caching roles and how to configure and troubleshoot these roles. You will also learn about Cache Array Routing Protocol (CARP), Web Proxy Auto Discovery (WPAD) and how to configure and troubleshoot CARP and WPAD.
Module 6: Configuring TMG Clients
This module describes the various TMG client types and how to configure them. Lessons presented in this module will explain SecureNAT, Proxy and TMG Firewall clients and how to configure them.
Module 7: Configuring TMG Client Protection
This module describes how to configure client protection using TMG 2010. Lessons presented in this module will provide an overview of Malware Inspection, URL Filtering, Email Inspection, Application Filters and HTTP/HTTPS Inspection. You will also learn how to implement, configure, monitor and troubleshoot using these tools and techniques.
Module 8: Publishing Client Access to Internal Resources
This module describes how to publish client access to internal resources. Lessons presented in this module will provide an overview of publishing, publishing rules. You will also learn how to configure publishing for Web, HTTPS and miscellaneous servers.
Module 9: Publishing Exchange and SharePoint Client Access
This module describes how to publish client access to internal Exchange and SharePoint server resources. Lessons presented in this module will describe the configuration requirements and how to configure SMTP access rules. You will also learn how to publish Exchange and SharePoint client access.
Module 10: Configuring Remote Access
This module This module describes how to configure different remote access scenarios using TMG 2010. Lessons presented in this module will provide an overview of Virtual Private Networks and how to enable /configure VPN for Secure Remote Access, Site-to-Site VPNs and Quarantines.
Module 11: Logging, Reporting and Monitoring
This module describes the logging, reporting and monitoring tools available in TMG 2010. Lessons presented in this module will provide an overview of the monitoring options available, how to configure alerts, session monitoring filters and log storage options.
Module 12: Backing Up, Restoring and Troubleshooting TMG
This module describes how to backup, restore and troubleshoot TMG 2010. Lessons presented in this module will provide instructions how to backup and restore the TMG server and specific configurations. You will also learn how troubleshoot TMG in various scenarios using built-in tools and the TMG SDK.
Module 13: Working with Advanced Features
This module describes the advanced features of TMG 2010. Lessons presented in this module will detail how to use scripts to manage TMG, how to implement Network Load Balancing (NLB) and Failover Clustering for various TMG roles. You will also learn how to implement TMG 2010 in a virtual environment using Hyper-V.
Appendix A: Working with Advanced Features (continued)
This module describes additional advanced features of TMG 2010. Lessons presented in this module will provide an overview of security considerations with TMG; it will also explain how to migrate from ISA Server 2006 to TMG 2010. You will also learn how to plan for deploying ForeFront UAG with TMG and how to install and configure Network Access Protection.