Search This Blog

Wednesday, April 25, 2012

ISAserver.org Monthly Newsletter of April 2012

-------------------------------------------------------
ISAserver.org Monthly Newsletter of April 2012
Sponsored by: AGAT Software Solutions
<http://securemobileemail.com/>
-------------------------------------------------------

Welcome to the ISAserver.org newsletter by Debra Littlejohn Shinder, MVP. Each month we will bring you interesting and helpful information on ISA Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to dshinder@isaserver.org


1. The Future of DirectAccess in Windows 8
--------------------------------------------------------------

I've gotten a lot of questions recently about the future of UAG and although I really don't know, despite being married to a Microsoft employee (who currently works in a whole different area), the signs certainly seem to indicate that its future is up in the air. I haven't heard anything regarding a roadmap for UAG, which is pretty unusual for a product that is going on three years old. The Forefront MVPs haven't been saying anything about a new version of UAG coming and they're pretty vocal about things. Of course, there is always the possibility that Microsoft could be keeping plans for UAG under their collective hat and plan to pull off some kind of October surprise.

But if that's the case, I'll be surprised, and that's because of the improvements in DirectAccess that I see in Windows Server 8. Many of the features included in the UAG DirectAccess can now be found in the next version of Windows Server, e.g., NAT64/DNS64. In addition, some of the features that we had previously expected to be included in the next version of UAG appear to be included with the Windows Server 8 DirectAccess.
Is the UAG functionality being blended into Windows Server? I'm sure that would make some potential customers happy, since they wouldn't have to pay extra for UAG.
So what's new in DirectAccess in the Windows Server 8 beta? Check out this list:

* DirectAccess and RRAS coexistence
* Simplified DirectAccess management for small and medium organization administrators
* Removal of PKI deployment as a DirectAccess prerequisite
* Built-in NAT64 and DNS64 support for accessing IPv4-only resources
* Support for DirectAccess server behind a NAT device
* Simplified network security policy
* Load balancing support
* Support for multiple domains
* NAP integration
* Support for OTP (token based authentication)
* Automated support for force tunneling
* IP-HTTPS interoperability and performance improvements
* Manage-out support
* Multisite support
* Support for Server Core
* Windows PowerShell support
* User and server health monitoring
* Diagnostics
* Accounting and reporting

That's an impressive set of improvements! In the future, we'll cover all of these improvements in detail as ISAserver.org expands its coverage of DirectAccess and other Windows network security features.

See you next month! – Deb.
dshinder@isaserver.org

=======================
Quote of the Month - "DOS is ugly and interferes with users' experience." Bill Gates
=======================


2. ISA Server 2006 Migration Guide - Order Today!
--------------------------------------------------------------

Dr. Tom Shinder's best selling books on ISA Server 2000 and 2004 were the "ISA
Firewall Bibles" for thousands of ISA Firewall administrators. Dr. Tom and his
illustrious team of ISA Firewall experts now present to you , ISA Server 2006
Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. This book
leverages the over two years of experience Tom and his team of ISA Firewall
experts have had with ISA 2006, from beta to RTM and all the versions and builds
in between. They've logged literally 1000's of flight hours with ISA 2006 and
they have shared the Good, the Great, the Bad and the Ugly of ISA 2006 with
their no holds barred coverage of Microsoft's state of the art stateful packet
and application layer inspection firewall.

Order your copy of ISA Server 2006 Migration Guide
<http://www.amazon.com/exec/obidos/ASIN/1597491993/isaserver1-20/>. You'll be
glad you did.


3. ISAserver.org Learning Zone Articles of Interest
--------------------------------------------------------------

* Configuring SCCM with UAG DirectAccess (Part 1)Microsoft Forefront TMG - Best Practices Firewall policy rules
http://www.isaserver.org/tutorials/Configuring-SCCM-UAG-DirectAccess-Part1.html

* Troubleshooting TMG SecureNAT Clients (Part 2)
http://www.isaserver.org/tutorials/Troubleshooting-TMG-SecureNAT-Clients-Part2.html

* Forefront Threat Management Gateway (TMG) 2010 Web Proxy Client Redundancy Deep Dive (Part 2) - Client Configuration
http://www.isaserver.org/tutorials/Forefront-Threat-Management-Gateway-TMG-2010-Web-Proxy-Client-Redundancy-Deep-Dive-Part2.html

* Troubleshooting TMG SecureNAT Clients (Part 1)
http://www.isaserver.org/tutorials/Troubleshooting-TMG-SecureNAT-Clients-Part1.html

* Publishing Microsoft SharePoint 2010 with Forefront TMG and different authentication options (Part 2)
http://www.isaserver.org/tutorials/Publishing-Microsoft-SharePoint-2010-Forefront-TMG-different-authentication-options-Part2.html

* Celestix MSA Threat Management Gateway Series Voted ISAserver.org Readers' Choice Award Winner - Hardware Appliances
http://www.isaserver.org/news/ISAserver-Readers-Choice-Award-Hardware-Appliances-Celestix-MSA-Threat-Management-Gateway-Series-Jan12.html

* Roles TMG Plays
http://www.isaserver.org/tutorials/Roles-TMG-Plays.html



4. ISA/TMG/UAG Content of the Month
---------------------------------------------------------------

Are you new to the TMG firewall? Don't have time to set up your own test lab using a Test Lab Guide? Then I have some good news for you! There is a Microsoft Virtual Lab that you can use to get started learning about the TMG firewall. Check it out at https://cmg.vlabcenter.com/default.aspx?moduleid=3f9b93f1-f9d2-47bc-b2e2-e64cf45bf19e


5. Tip of the Month
--------------------------------------------------------------

One of the most common issues that new TMG firewall admins run into is interface configuration on the firewall. What IP addressing information should you assign to the different interfaces? Well, it depends on the deployment scenario for your TMG firewall. Luckily, we've already sorted that out for you. If you're confused, then get unconfused by checking out my article TMG Firewall Interface Configuration over at http://www.isaserver.org/tutorials/TMG-Firewall-Interface-Configuration.html


6. ISA/TMG/IAG/UAG Link of the Month
--------------------------------------------------------------

Jason Jones, Forefront MVP, recently reported an interesting problem with UAG Java client components. Apparently, there is a problem with the digital signature expiring. Turns out that the signature for the Java client components expired on March 23, 2012. Jason has contacted the UAG Product Group, but has not received a reply at the time of this writing. Make sure to check Jason's blog regularly for an update to find out what action Microsoft takes on this issue at http://blog.msedge.org.uk/2012/04/forefront-uag-java-client-components.html


7. Blog Posts
--------------------------------------------------------------

* Migrate from UAG DirectAccess to Windows Server 8 DirectAccess
http://blogs.isaserver.org/shinder/2012/03/31/migrate-from-uag-directaccess-to-windows-server-8-directaccess/

* Changing to Text Logging on TMG Firewall Lead to Event ID 11003 Fail
http://blogs.isaserver.org/shinder/2012/03/31/changing-to-text-logging-on-tmg-firewall-lead-to-event-id-11003-fail/

* Network Load Balancing Fails after Migration to TMG
http://blogs.isaserver.org/shinder/2012/03/31/network-load-balancing-fails-after-migration-to-tmg/

* HTTP Redirects Fail When Exchange Edge Role Installed on TMG Firewall
http://blogs.isaserver.org/shinder/2012/03/31/http-redirects-fail-when-exchange-edge-role-installed-on-tmg-firewall/

* CRM Publishing Woes with TMG Firewalls
http://blogs.isaserver.org/shinder/2012/03/31/crm-publishing-woes-with-tmg-firewalls/

* Connection Owner for Site to Site VPN Connection Missing
http://blogs.isaserver.org/shinder/2012/03/31/connection-owner-for-site-to-site-vpn-connection-missing/

* Publishing an RDS Web Site with RSA Log On
http://blogs.isaserver.org/shinder/2012/03/31/publishing-an-rds-web-site-with-rsa-log-on/

* Using UAG to Publish File Access and DFS
http://blogs.isaserver.org/shinder/2012/03/31/using-uag-to-publish-file-access-and-dfs/

* Publishing VMware View using TMG Firewalls
http://blogs.isaserver.org/shinder/2012/03/31/publishing-vmware-view-using-tmg-firewalls/

* Understand and Troubleshoot Remote Access in Windows Server 8
http://blogs.isaserver.org/shinder/2012/03/31/understand-and-troubleshoot-remote-access-in-windows-server-8/


8. Ask Sgt Deb
--------------------------------------------------------------

QUESTION:

Hi Deb,

I'm in a bit of a bind – do you know if you can do a site to site VPN between a TMG firewall and a Check Point firewall? I know how to create a site to site VPN between two TMG firewalls, but never have set it up to connect with Check Point.

Thanks! – Pernod.


ANSWER:

Hi Pernod,

Getting IPsec tunnel mode connections working right even between two TMG firewalls can be tough. Getting it to work between a TMG firewall and a non-TMG firewall can sometimes be even tougher. But "tough" doesn't mean "impossible." Fortunately, there is a great article on the web that shows you how to do this. Check it out at http://www.carbonwind.net/ISA/CheckPointVPNs2s/CheckPointVPNs2s.htm


Do you have any questions or ideas for content? Email me on dshinder@isaserver.org.


TechGenix Sites
--------------------------------------------------------------

MSExchange.org <http://www.msexchange.org/>
WindowSecurity.com <http://www.windowsecurity.com/>
WindowsNetworking.com <http://www.windowsnetworking.com/>
VirtualizationAdmin.com <http://www.virtualizationadmin.com/>

--
Visit the Subscription Management <http://www.techgenix.com/newsletter/>
section to unsubscribe.
ISAserver.org is in no way affiliated with Microsoft Corp.
http://www.techgenix.com/advert/index.htm for sponsorship
information or contact us at advertising@isaserver.org
Copyright c ISAserver.org 2012. All rights reserved.

No comments: