As network threats have become more complex, every node in a network has become a potential target, from routers to switches to workstations. Enter Microsoft Threat Management Gateway (TMG) 2010. The successor to Microsoft Internet Security and Acceleration (ISA) Server, TMG 2010 offers a more robust set of features than its predecessor. In the book, Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion, authors Yuri Diogones, Jim Harrison and Mohit Saxena guide you through the features and functionality of TMG.
The writing style, typical of a team effort, is somewhat dry and technical. On the plus side, the book assumes a basic knowledge of most networking protocols but doesn’t come across as patronizing. Sections detailing the history of TMG were especially interesting, as the past critique of ISA server has typically been that it’s running on a Windows platform. Despite the historical notes, however, one glaring area is a lack of context and comparison to other equivalent products. Forefront TMG is currently going up against a large number of SMB firewall products (and a few enterprise ones) and addressing the strengths and weaknesses would’ve been a good addition. Unlike most of Microsoft’s other products, TMG needs to deal with a strong anti-software-based-firewall sentiment among many network administrators.
On the plus side, the book goes into great depth about each of the key features that make TMG a great product. The width of abilities (web proxying/high availability/firewall/vpn/IDS/IPS/scripting) included with TMG is breathtaking, and one of the strongest feature sets around. If anything, the short chapter comparing TMG to UAG left me thinking (despite the best efforts of the authors) “why bother using UAG…TMG may subsume those features at a later point?” Once systems administrators realize that TMG contains many of the enterprise level-features in a small, easy-to-scale package, they’ll certain want to evaluate it.
This then, plays to the greatest strength of TMG: as a software firewall, I can download it, install it, cluster it with a second VM, and play with it for days without needing additional hardware. I could even have a spare VM sitting unused, with dedicated network cards, just waiting for a failure (if for some reason I haven’t made use of the excellent TMG clustering features, that is!).
At the end of the book, the work succeeded on a basic level: I can’t wait to spin up TMG and see how it fares. Congrats to the Forefront TMG team for an excellent book.