This tutorial carries on from the Threat Management Gateway Install tutorial.
Here we will be running through the Threat Management Gateway Setup Wizard.
Threat Management Gateway 2010 Setup Wizard
1. The Getting Started Wizard launches directly after your installation has completed. First up we will be configuring our Threat Management Gateway Network Settings. Click on Configure network settings.
2. The Network Setup Wizard starts. Click Next.
3. I will be selecting the 3-Leg Perimeter Setup for my Threat Management Gateway as I have an internal, external and dmz network. Click Next.
4. For the Local Area Network I will be selecting my Network Card labelled Inside Interface. The IP address, subnet mask and DNS server will be automatically populated. Click Next.
5. for Internet Settings I will be selecting my Network Card labelled External Interface, once again the IP address, subnet mask and default gateway are automatically populated. Click Next.
6. Now for our Perimeter network or DMZ segment, I will select my Network Card that I have labelled DMZ1 Interface. The IP address and subnet mask is automatically populated. Because I’m using private IP addressing on my DMZ I will select the option Private. Therefore a route relationship will exist between my DMZ and Internal network, and a NAT relation between my DMZ and External Network. Click Next.
7. This completes the Network Setup Wizard. A summary of your settings is displayed. Click Finish.
8. We will now move onto configuring the Threat Management Gateway system settings. Click on Configure system settings.
9. The System Configuration Wizard begins. Click Next.
10. Computer name, Windows domain and DNS Suffix is already pre-popullated. Check to make sure the settings are correct. Click Next.
11. The System Configuration Wizard is now complete. Click Finish.
12. We are now ready to configure our Threat Management Gateway deployment options. Click Define deployment options.
13. the Deployment Wizard begins. Click Next.
14. I want to use Microsoft Update service to check for update, so I will leave this option selected. Click Next.
15. I will activate the complementary license and enable Network Inspection System – NIS and I will also activate the evaluation license for Web Protection. Lastly I’ll enable Malware Inspection and URL Filtering. Click Next.
16. For automatic definition update action I will select Check for and install definitions, automatic polling frequency i’ll set to Every 4 hours and i’ll trigger an alert if no update have been installed for 45 days. When a signature fires or is triggered I will select the response to detect only for now. Click Next.
17. I don’t wish to participate in Customer Feedback at this point so i’ll select No. Click Next.
18. I don’t wish to send any information to Microsoft at this point so i’ll select None. Click Next.
19. A summary of the Deployment wizard is displayed. Click Finish.
20. You have now completed the Getting Started Wizard. Make sure Run the Web Access Wizard is selected and click Close.
21. The Threat Management Gateway Web Access Policy Wizard beings. Click Next.
22. I will select yes for the Web Access Policy Wizard to create a rule blocking the minimum recommended URL categories. Click Next.
23. These are the web categories that will be blocked based on the previous step. You can Add or Edit this list. Click Next.
24. I want to add Domain Admins as users with unrestricted web access. Click Add.
25. The Add Exceptions windows is displayed. Click New.
26. I will now create a new User Set called Domain Admins. Click Next.
27. Click Add and select Windows users and groups.
28. Type in Domain Admins and click Check Names. Click Ok.
29. You will see the users or groups displayed here. Click Next.
30. The User Set Wizard is complete. Click Finish.
31. You can now select Domain Admins and click Add.
32. Domain Admins are now listed as users with unrestricted Web Access. Click Next.
33. I will select Yes to inspect Web content requests from the internet and block encrypted archives. Click Next.
34. Allow users to establish HTTPS connections to websites is on by default, I will select Inspect HTTPS traffic and validate HTTPS site certificates for testing purposes. Click Next.
35. I will not be notifying clients of HTTPS inspection, and i’ll use a certificate automatically generated by Forefront Threat Management Gateway. Click Next.
36. I will use the administrator username and password to automatically deploy the certificate using Active Directory. Though this doesn’t have to be the administrator account it must be an account with Domain Admin access. Click Next.
37. I will enable the default web caching rule for my Threat Management Gateway. Click Cache Drives.
38. I want to allocate 1GB for my cache drive on C: so I will enter in 1000 and click Set. I’m only installing the cache drive on C: because this is a lab environment, in production create another drive and install the cache drive on it. Click Ok.
39. That completes the Web Access Policy Wizard and completes the Threat Management Gateway Setup Wizard. Click Finish. You can now move onto creating your access and publishing rules.
Disclaimer: All the tutorials included on this site are performed in a lab environment to simulate a real world production scenario. As everything is done to provide the most accurate steps to date, we take no responsibility if you implement any of these steps in a production environment.