Forefront Threat Management Gateway Setup Wizard

Shares

This tutorial carries on from the Threat Management Gateway Install tutorial.

Here we will be running through the Threat Management Gateway Setup Wizard.

Threat Management Gateway 2010 Setup Wizard

1. The Getting Started Wizard launches directly after your installation has completed. First up we will be configuring our Threat Management Gateway Network Settings. Click on Configure network settings.


Microsoft Forefront Threat Management Gateway 2010

2. The Network Setup Wizard starts. Click Next.


Microsoft Forefront Threat Management Gateway 2010

3. I will be selecting the 3-Leg Perimeter Setup for my Threat Management Gateway as I have an internal, external and dmz network. Click Next.


Microsoft Forefront Threat Management Gateway 2010

4. For the Local Area Network I will be selecting my Network Card labelled Inside Interface. The IP address, subnet mask and DNS server will be automatically populated. Click Next.


Microsoft Forefront Threat Management Gateway 2010

5. for Internet Settings I will be selecting my Network Card labelled External Interface, once again the IP address, subnet mask and default gateway are automatically populated. Click Next.


Microsoft Forefront Threat Management Gateway 2010

6. Now for our Perimeter network or DMZ segment, I will select my Network Card that I have labelled DMZ1 Interface. The IP address and subnet mask is automatically populated. Because I’m using private IP addressing on my DMZ I will select the option Private. Therefore a route relationship will exist between my DMZ and Internal network, and a NAT relation between my DMZ and External Network. Click Next.


Microsoft Forefront Threat Management Gateway 2010

7. This completes the Network Setup Wizard. A summary of your settings is displayed. Click Finish.


Microsoft Forefront Threat Management Gateway 2010

8. We will now move onto configuring the Threat Management Gateway system settings. Click on Configure system settings.


Microsoft Forefront Threat Management Gateway 2010

9. The System Configuration Wizard begins. Click Next.


Microsoft Forefront Threat Management Gateway 2010

10. Computer name, Windows domain and DNS Suffix is already pre-popullated. Check to make sure the settings are correct. Click Next.


Microsoft Forefront Threat Management Gateway 2010

11. The System Configuration Wizard is now complete. Click Finish.


Microsoft Forefront Threat Management Gateway 2010

12. We are now ready to configure our Threat Management Gateway deployment options. Click Define deployment options.


Microsoft Forefront Threat Management Gateway 2010

13. the Deployment Wizard begins. Click Next.


Microsoft Forefront Threat Management Gateway 2010

14. I want to use Microsoft Update service to check for update, so I will leave this option selected. Click Next.


Microsoft Forefront Threat Management Gateway 2010

15. I will activate the complementary license and enable Network Inspection System – NIS and I will also activate the evaluation license for Web Protection. Lastly I’ll enable Malware Inspection and URL Filtering. Click Next.


Microsoft Forefront Threat Management Gateway 2010

16. For automatic definition update action I will select Check for and install definitions, automatic polling frequency i’ll set to Every 4 hours and i’ll trigger an alert if no update have been installed for 45 days. When a signature fires or is triggered I will select the response to detect only for now. Click Next.


Microsoft Forefront Threat Management Gateway 2010

17. I don’t wish to participate in Customer Feedback at this point so i’ll select No. Click Next.


Microsoft Forefront Threat Management Gateway 2010

18. I don’t wish to send any information to Microsoft at this point so i’ll select None. Click Next.


Microsoft Forefront Threat Management Gateway 2010

19. A summary of the Deployment wizard is displayed. Click Finish.


Microsoft Forefront Threat Management Gateway 2010

20. You have now completed the Getting Started Wizard. Make sure Run the Web Access Wizard is selected and click Close.


Microsoft Forefront Threat Management Gateway 2010

21. The Threat Management Gateway Web Access Policy Wizard beings. Click Next.


Microsoft Forefront Threat Management Gateway 2010

22. I will select yes for the Web Access Policy Wizard to create a rule blocking the minimum recommended URL categories. Click Next.


Microsoft Forefront Threat Management Gateway 2010

23. These are the web categories that will be blocked based on the previous step. You can Add or Edit this list. Click Next.


Microsoft Forefront Threat Management Gateway 2010

24. I want to add Domain Admins as users with unrestricted web access. Click Add.


Microsoft Forefront Threat Management Gateway 2010

25. The Add Exceptions windows is displayed. Click New.


Microsoft Forefront Threat Management Gateway 2010

26. I will now create a new User Set called Domain Admins. Click Next.


Microsoft Forefront Threat Management Gateway 2010

27. Click Add and select Windows users and groups.


Microsoft Forefront Threat Management Gateway 2010

28. Type in Domain Admins and click Check Names. Click Ok.


Microsoft Forefront Threat Management Gateway 2010

29. You will see the users or groups displayed here. Click Next.


Microsoft Forefront Threat Management Gateway 2010

30. The User Set Wizard is complete. Click Finish.


Microsoft Forefront Threat Management Gateway 2010

31. You can now select Domain Admins and click Add.


Microsoft Forefront Threat Management Gateway 2010

32. Domain Admins are now listed as users with unrestricted Web Access. Click Next.


Microsoft Forefront Threat Management Gateway 2010

33. I will select Yes to inspect Web content requests from the internet and block encrypted archives. Click Next.


Microsoft Forefront Threat Management Gateway 2010

34. Allow users to establish HTTPS connections to websites is on by default, I will select Inspect HTTPS traffic and validate HTTPS site certificates for testing purposes. Click Next.


Microsoft Forefront Threat Management Gateway 2010

35. I will not be notifying clients of HTTPS inspection, and i’ll use a certificate automatically generated by Forefront Threat Management Gateway. Click Next.


Microsoft Forefront Threat Management Gateway 2010

36. I will use the administrator username and password to automatically deploy the certificate using Active Directory. Though this doesn’t have to be the administrator account it must be an account with Domain Admin access. Click Next.


Microsoft Forefront Threat Management Gateway 2010

37. I will enable the default web caching rule for my Threat Management Gateway. Click Cache Drives.


Microsoft Forefront Threat Management Gateway 2010

38. I want to allocate 1GB for my cache drive on C: so I will enter in 1000 and click Set. I’m only installing the cache drive on C: because this is a lab environment, in production create another drive and install the cache drive on it. Click Ok.


Microsoft Forefront Threat Management Gateway 2010

39. That completes the Web Access Policy Wizard and completes the Threat Management Gateway Setup Wizard. Click Finish. You can now move onto creating your access and publishing rules.


Microsoft Forefront Threat Management Gateway 2010

Disclaimer:
All the tutorials included on this site are performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.