Overview of New Features in TMG Beta 2 (Part 5)
If you would like to read the other parts in this article series please go to:
I can not believe we are here! This is the last in our series on what’s new and improved in the Beta 2 of the TMG firewall. This could not have come too soon! Why? Because it would not be more than a few weeks before we will see the next version of the TMG firewall, which will be the Beta 3. No, I would not go through another 5 part series on the Beta 3 of the TMG firewall, but I will go over in detail some of the new features, such as the return of URL filtering.
In this, the last part of the series, we will go over the System, the Logs & Reports, the Update Center and the Troubleshooting nodes. Let us get started.
The System Node
In the left pane of the TMG firewall console, click the System node, as seen in the figure below.
In the middle pane of the TMG firewall console, on the Servers tab, you will see the name of your firewall and its host ID number and CARP load factor. If you have run the Enterprise edition of the ISA firewall, you will probably find this information familiar. Double click on the server name and you will see what appears on the General tab. Notice the TMG version is version 7.x. I found this interesting as it does not seem to be in line with the versioning used for the ISA firewall. I do not have an answer to why their starting with version 7, but I will let you know when I find out.
Click on the Application Filters tab in the middle pane of the console. Here you will see your list of application filters installed on the TMG firewall, similar to what you saw on your ISA firewalls. However, if you look closely, you will see two new filters that are included right out of the box. These are the SIP Access Filter and the TFTP Access Filter. Both SIP and TFTP are complex protocols, thus, in order for SecureNET clients to work with these protocols, they need the help of an application filter. Of course, if you have the Firewall client installed on the computer who needs to use these protocols, application filters are not required. But because it is most likely servers who will need to use these protocols, it is a good idea to have an application filter, since you rarely if ever install the Firewall client on a server.
Click the Web Filters tab in the middle pane. Here you will find the list of Web filters installed on the TMG firewall, similar to what appears in previous versions of the firewall. However, if you look closely, you will see two new entries here, included right out of the box. These are the Generic Web Protocol Analyzer Filter and Malware Inspection Filter. Now this brings up and interesting question – if the GAPA filter is implemented a Web Filter and not an application filter, does that mean that only Web connections are analyzed by GAPA for IDS/IPS? That would seem to make sense, but if everything made sense, we’d never have to read the documentation. Unfortunately, there really is no useful documentation on the Network Inspection System at this time, so any assessments I might try to make at this time would be nothing more than a guess.
The Logs & Reports Node
Click on the Logs & Reports node in the left pane. Then take a look at the Tasks tab in the Task Pane in the right side of the console. Here you’ll see some new and some familiar settings that were formerly available on the Logging tab in the Monitoring node of the ISA firewall console.
If you click the Configure Log Queue link, you will see the Log Queue Storage Folder dialog box. Here you can define where you want the TMG firewall to store the log queue. When the TMG firewall logs information faster than they can be formatted by the firewall, the log records will be stored in the log queue until they can be attended to, when the firewall is less busy. This enables the firewall to continue running without stopping due to logging failures, something we used to see with the ISA firewall.
If you click the View Log Status link, you can see the Log Status dialog box. Here you can see the logging status and whether or not the log queue is in use. If the queue is being used, you will see how long it is in this dialog box.
The Logging tab in the Logs & Reports node is similar to the logging tab we had with previous versions of the firewall. There’s not too much in terms of new features here, except for the options available in the area of what you can filter on. In the figure below you can see a number of new fields on which you can filter. This is very nice, but my single compliant here is that some of the entries are unreadable because you cannot make the dialog box wider. Maybe this is something they can fix before the product goes RTM.
The Update Center Node
The Update Center node is a completely new one. The reason for this is because in previous versions of the firewall wasn’t an antimalware, anti-spam, and Network Inspection System to update. Click on the Update Center node in the left and you’ll see in the middle pane something similar to what appears in the figure below. There are four main features that benefit from updates. These include:
- E-mail Antivirus
- Malware Inspection
- Antispam Filtering
- Network Inspection System
When you right click one of these entries, you will see a context sensitive menu that will be different depending on which of the entries you right click on. In the example in the figure below, I have right clicked on the Malware Inspection entry. Here you see that you have the following options:
- Check and Install New Definitions
- Check for New Definitions
- Import Definitions from File
- Override Current Definitions
When you check the Tasks tab in the Task Pane, you will see similar options as those seen in the context menu. These will change based on which entry you’ve selected in the middle pane.
When you double click on one of the update entries in the middle pane, you will see the Properties dialog box for that update. What’s interesting here is that for some of these options, you’re not just presented with the update options, but with the entire configuration interface for the feature. For example, if you check the figure below. Regarding the update options, you can see that you can set the automatic update action and the polling frequency for the update.
You can also focus on the update properties in the Update Center Properties dialog box. Here you have three tabs, with the Definition Updates tab being the default. Here you can set the update action and polling frequency for each of the Protection mechanisms.
On the Microsoft Updates tab, you can choose to Use the Microsoft Update service to check for updates (recommended) or I do not want to use the Microsoft Update service. Note that in order to receive updates, you must use Microsoft Update. What I make out of this is that you would not be able to use WSUS to obtain these updates. This is most likely due to the fact that WSUS can not check your TMG firewall’s license status for the updates that require licensing.
On the Microsoft Update Service tab, you have the following options:
- Use machine default service (Microsoft Update or WSUS Server)
- Use Microsoft Update directly
- Use machine default service but fallback to Microsoft Update
The default settings is to use the machine default service, but fallback to Microsoft Update. This allows you to use WSUS for TMG and operating system updates, but if the WSUS is not available, the firewall will be able to fallback and use Microsoft Update directly. A System Policy Rule is in place that allows the firewall to receive the updates directly from Microsoft if required.
The Troubleshooting Node
Click the Troubleshooting node in the left pane of the console and you will see what appears in the figure below in the middle pane. Note that at this time there is nothing new here. However, I expect that in the next version of the TMG firewall, which will be Beta 3, there will be some significant enhancements so that you’ll have the features and capabilities similar to those available in the ISA 2006 supportability update.
In this, the last part in our series on what’s new and improved in the TMG firewall, we went over the new features included in the System, Logs & Reports, Update Center and Troubleshooting nodes. I hope you enjoyed this series and that you saw some things that you like. Next week we will go into a deep dive on the outbound SSL inspection feature, which is one of the most impressive features included with the TMG firewall. After that, we will do a deep dive into the E-mail protection feature, including the Exchange configuration. See you then! –Tom.
If you would like to read the other parts in this article series please go to: