SlideShare a Scribd company logo

50357 a enu-labmanual01

Frank olazo
Frank olazo
1 of 12
Download to read offline
Implementing Forefront Threat Management Gateway 2010 Lab Manual Lab 1: Installing Forefront Threat Management Gateway 2010
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. ® 2009 Microsoft Corporation. All rights reserved. Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Table of Contents Lab 1: Installing Forefront Threat Management Gateway 2010 ............................................................................. 1 Introduction..................................................................................................................................................... 1 Objectives..........................................................................................................................................1 Prerequisites .....................................................................................................................................1 Scenario.............................................................................................................................................1 Lab Configuration ............................................................................................................................................ 2 Exercise 1 Install Threat Management Gateway (Release Candidate) .................................................................... 3 Task 1: Install Forefront TMG 2010 ............................................................................................................. 3 Task 2: Install Forefront Protection 2010 for Exchange Server ................................................................... 4 Exercise 2 Perform initial configuration of Forefront TMG ..................................................................................... 6 Task 1: Configure the network configuration using the Network Settings Wizard ..................................... 6 Task 2: Run the System Configuration Wizard ............................................................................................ 7 Task 3: Enable NIS and signature updates using the Deployment Wizard .................................................. 7 i
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Lab 1: Installing Forefront Threat Management Gateway 2010 Introduction Objectives After completing this lab, you will be able to:  Install Microsoft® Forefront™ Threat Management Gateway 2010 (TMG) on a Windows Server® 2008 R2 server.  Perform an initial configuration of Forefront TMG using the Getting Started wizards. Prerequisites Ensure your virtual machines are properly configured on Microsoft® Hyper-V™. Please refer to the Classroom Setup Guide for instructions. Scenario Adatum has deployed a single Forefront TMG server to provide the following services:  Allow Adatum users to browse Internet Web sites. Users must be protected from browser-targeting malicious software (malware) over both HTTP and HTTPS.  Provide secure access to Outlook Web Access (OWA) and internal Microsoft® Windows® SharePoint® Services sites to remote users.  Transfer e-mail between Internet mail servers and Adatum’s Microsoft® Exchange Server 2010 system. Adatum users must be protected from spam and e-mail–borne malware. 1
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Lab Configuration The following diagram illustrates the configuration of the virtual machines that are required for this lab module. Hyper-V is used as the host platform due to the requirement for 64-bit guest machines. VAN-DC1 VAN-EX1 192.168.0.40 192.168.0.42 Internet VAN-CLI1 192.168.0.47 NYC-WEB Adatum.com www.fabrikam.com VAN-EDG 10.0.0.2 10.0.0.1 192.168.0.50 VAN-SP1 192.168.0.43 The following machines will be used in this lab and should be powered on:  VAN-DC1 – Provides Active Directory® and DNS services for the Adatum domain.  VAN-EDG – Runs the Microsoft® Exchange Edge Transport Service to exchange SMTP e- mail between the Internet and the Adatum Exchange Server environment. It also runs Forefront Threat Management Gateway 2010 to secure the SMTP service and to provide secure Web browsing and publishing to Adatum users. The following machines will not be used in this lab and should be powered off:  VAN-CL1 – A Windows® 7 client in the Adatum domain used to access the Exchange Server and Microsoft® SharePoint® Server.  VAN-SP1 – Runs Windows SharePoint Services 3.0 SP1 for collaboration and document sharing between Adatum users.  VAN-EX1 – Runs Exchange Server 2010 for the Adatum domain (Mailbox, Client Access, and Hub Transport roles). It uses the Forefront TMG server to exchange SMTP mail with the Internet.  NYC-WEB – Hosts DNS, Web, and SMTP services. This host is used to implement the fabrikam.com Web site used by Adatum users, as well as the Fabrikam SMTP server. It is also used as the client to published services on Adatum (OWA and SharePoint). All computers should be logged on as AdatumAdministrator with the password Pa$$w0rd. NYC-WEB does not belong to the Adatum domain, so it should be logged on locally using the same user name and password. 2
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Exercise 1 Install Threat Management Gateway (Release Candidate) Note: Because of the length of time it takes for the installation to complete, and the fact that little knowledge would be gained, this exercise has been completed for you. The details have been provided in this lab manual so you can examine the server installation steps. After you read these steps, please begin Exercise 2. In this exercise, you will install Forefront Threat Management Gateway 2010 and Microsoft® Forefront™ Protection 2010 for Exchange Server. The Forefront TMG server (VAN-EDG) is running Windows Server 2008 R2, Enterprise Edition, x64. It has been configured with the following prerequisites in order to reduce the time needed to complete the lab exercises. If they had not been preinstalled, the Preparation Tool that runs at the start of setup would install them for you (with the exception of Exchange Server).  Microsoft® .NET Framework 3.5 SP1.  Microsoft® Exchange Server 2010 – Edge Transport Server role (installed but not configured). This is configured and managed by Forefront TMG to provide protection to inbound and outbound SMTP traffic. Server Roles: Active Directory® Lightweight Directory Services (AD LDS) is required to store the configuration of the Exchange 2010 Edge Transport Server and Forefront TMG Server roles. Server Features:  Windows® PowerShell™  The server VAN-EDG is configured with two network adapters: o External 10.0.0.1 subnet mask: 255.0.0.0 o Internal 192.168.0.50 subnet mask: 255.255.255.0 The Internal address range for Adatum will be defined as 192.168.0.0 – 192.168.255.255. All address ranges outside of this (except local host 127.x) will be considered part of the External network. Task 1: Install Forefront TMG 2010 Note: Perform the following steps on the VAN-EDG computer. 1. Open Windows Explorer, and browse to C:InstallFFTMG2010EE. 2. Double-click autorun. If the computer has Internet access, you should click Run Windows Update to ensure that all of the latest critical and security updates have been installed. 3
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 3. Click Run Preparation Tool. This starts the Preparation Tool before Forefront TMG is installed. The Preparation Tool inspects the server for the necessary prerequisites and installs them if required. This requires Internet connectivity to download the components. 4. Click Next to begin preparation. 5. Accept the license agreement, and then click Next. 6. Select Install Forefront TMG Services and Management, and then click Next. The Preparation Tool checks the system requirements and installs any components that are missing. 7. Select Launch Microsoft Forefront TMG Setup, and then click Finish. 8. Click Next to begin installation. 9. Accept the license agreement, and then click Next. 10. Accept the default user name and serial number, and then click Next. 11. Accept the default location to install to (C:Program FilesMicrosoft Forefront Threat Management Gateway), and then click Next. The next screen allows you to define the address range that will be associated with the internal network (as defined within Forefront TMG). 12. Click Add. 13. Click Add Range. 14. Type 192.168.0.0 for the start address and 192.168.255.255 for the end address. Click OK. 15. Click OK to complete the addition of IP ranges to the internal network. Click Next. 16. Read the warning that services will be stopped during installation, and then click Next. 17. Click Install to begin the installation. 18. Click Finish to complete the installation. Task 2: Install Forefront Protection 2010 for Exchange Server 1. Click Install Microsoft Forefront Protection 2010 for Exchange Server. 2. Accept the license agreement, and then click Next. 3. Click Next on the message that the Microsoft Exchange Transport service will be restarted. 4. Accept the default installation location (C:Program Files (x86)Microsoft Forefront Security for Exchange Server), and then click Next. 5. If the service will access the Internet for updates via a proxy, type the proxy details and credentials if required. Click Next. 6. Select Enable Forefront Security for Exchange antispam now, and then click Next. 7. Configure the use of Microsoft Update, and then click Next. 4
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 8. Choose whether or not you want to be part of the Microsoft Customer Experience Improvement Program (CEIP), and click Next. 9. Verify that the settings are correct, and click Next. 5
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Exercise 2 Perform initial configuration of Forefront TMG Note: The initial configuration of Forefront TMG configures the server to download and install engine and definition updates for Web and e-mail antimalware as well as the antispam engine. Because these definition updates are essential for the remaining exercises in this lab, and because the lab lacks the connectivity to obtain these updates, the initial configuration has been performed for you. The details have been left in this lab manual so you can examine the steps that were taken to install this server. After reading these notes, please begin Exercise 3. When the Forefront TMG Management Console is started for the first time, the Getting Started Wizard runs. Though you don’t have to use the wizard to configure the server, it presents the main configuration options in a logical order. The Getting Started Wizard provides a starting point for four additional wizards that can be accessed sequentially:  The Network Settings Wizard allows you to apply network templates based on common scenarios, and to modify IP, DNS, and routing settings for your network adapters.  The System Configuration Wizard allows you to change the computer name, domain membership, and DNS suffixes.  The Deployment Wizard allows you to license and enable Network Inspection System and Malware Protection services, and to define how signature updates are obtained and used.  The Web Access Wizard allows you to configure Forefront TMG so that internal users can access Internet Web sites. The first three wizards in the list above will be used in this exercise to perform initial configuration of the Forefront TMG server. Configuration of Web access (and other scenarios) will be performed in subsequent exercises. Note: Perform the following steps on the VAN-EDG computer. Task 1: Configure the network configuration using the Network Settings Wizard 1. On the VAN-EDG computer, click Start | All Programs | Microsoft Forefront TMG | Forefront TMG Management. 2. Click Configure network settings. 3. Click Next to start the Network Settings Wizard. 4. Select the Edge firewall template, and then click Next. 5. Select Internal as the adapter that is connected to the LAN, and then click Next. 6
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 6. Select External as the adapter that is connected to the Internet, and then click Next. As noted above, a default gateway would typically be defined on this interface instead of the internal interface. 7. Click Finish to complete the Network Settings Wizard. Task 2: Run the System Configuration Wizard 1. Click Configure system settings. 2. Click Next to start the System Configuration Wizard. 3. There is no need to change the computer name or domain membership, so click Next. 4. Click Finish to complete the System Configuration Wizard. Task 3: Enable NIS and signature updates using the Deployment Wizard Though malware inspection can be enabled using the Deployment Wizard, you will enable it in a later exercise. 1. Click Define deployment options. 2. Click Next to start the Deployment Wizard. 3. Select Use the Microsoft Update service to check for updates, and then click Next. This is required to enable malware definition updates to be received from Microsoft® Update. 4. For the Network Inspection System, select Activate complementary license and enable NIS. 5. For Web Protection, select Activate evaluation license and enable Web Protection. 6. Ensure that both Enable Malware Inspection and Enable URL Filtering are selected, and then click Next. 7. For Network Inspection System signature updates, select Check for and install updates and the default polling interval of 15 minutes. An alert will be triggered if updates are not installed after 45 days. 8. Select Microsoft default policy as the option to use for newly downloaded attack signatures, and then click Next. This ensures that attacks that exploit vulnerabilities will be blocked by Forefront TMG as soon as the signature is published to Microsoft Update and downloaded by Forefront TMG. 9. Answer No to participation in the Customer Experience Improvement Program, and then click Next. 10. For the Microsoft Telemetry Service, select I do not want to join Microsoft Telemetry Service at this time, and then click Next. The telemetry service provides Microsoft with information on attacks and responses as they occur, aiding in the development and distribution of effective threat mitigations. 7
Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Note: Because the labs do not have Internet access, both of the above options are disabled. 11. Click Finish to complete the Deployment Wizard. 12. Ensure that Run the Web Access wizard is not selected, and then click Close to end the Getting Started Wizard. Web Access Policy will be created in the next lab. 8

Recommended

Mobile frame getting started guide v5 0
Mobile frame getting started guide v5 0Mobile frame getting started guide v5 0
Mobile frame getting started guide v5 0MobileWorxs
 
Www.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_admin
Www.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_adminWww.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_admin
Www.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_adminVenkata Ramana
 
TWaver Flex Performance Report
TWaver Flex Performance ReportTWaver Flex Performance Report
TWaver Flex Performance Report253725291
 
Siemens Web interface PXG 3.W100
Siemens Web interface PXG 3.W100Siemens Web interface PXG 3.W100
Siemens Web interface PXG 3.W100CONTROLS & SYSTEMS
 
Performance tuningtoolkitintroduction
Performance tuningtoolkitintroductionPerformance tuningtoolkitintroduction
Performance tuningtoolkitintroductionRohit Kelapure
 
O C S Inventory N G Installation And Administration Guide 1
O C S Inventory N G Installation And Administration Guide 1O C S Inventory N G Installation And Administration Guide 1
O C S Inventory N G Installation And Administration Guide 1rossodavide
 
EMC NetWorker Module for Microsoft SQL Server, Release 5.0
EMC NetWorker Module for Microsoft SQL Server, Release 5.0EMC NetWorker Module for Microsoft SQL Server, Release 5.0
EMC NetWorker Module for Microsoft SQL Server, Release 5.0webhostingguy
 
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...IJNSA Journal
 

Recommended

Mobile frame getting started guide v5 0
Mobile frame getting started guide v5 0Mobile frame getting started guide v5 0
Mobile frame getting started guide v5 0MobileWorxs
 
Www.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_admin
Www.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_adminWww.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_admin
Www.vmware.com support developer_windowstoolkit_wintk10_doc_viwin_adminVenkata Ramana
 
TWaver Flex Performance Report
TWaver Flex Performance ReportTWaver Flex Performance Report
TWaver Flex Performance Report253725291
 
Siemens Web interface PXG 3.W100
Siemens Web interface PXG 3.W100Siemens Web interface PXG 3.W100
Siemens Web interface PXG 3.W100CONTROLS & SYSTEMS
 
Performance tuningtoolkitintroduction
Performance tuningtoolkitintroductionPerformance tuningtoolkitintroduction
Performance tuningtoolkitintroductionRohit Kelapure
 
O C S Inventory N G Installation And Administration Guide 1
O C S Inventory N G Installation And Administration Guide 1O C S Inventory N G Installation And Administration Guide 1
O C S Inventory N G Installation And Administration Guide 1rossodavide
 
EMC NetWorker Module for Microsoft SQL Server, Release 5.0
EMC NetWorker Module for Microsoft SQL Server, Release 5.0EMC NetWorker Module for Microsoft SQL Server, Release 5.0
EMC NetWorker Module for Microsoft SQL Server, Release 5.0webhostingguy
 
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...
VIRTUAL MACHINES AND NETWORKS – INSTALLATION, PERFORMANCE, STUDY, ADVANTAGES ...IJNSA Journal
 
Install
InstallInstall
Installmrdisconnect9
 
Suse service virtualization_image_set up_guide_140214
Suse service virtualization_image_set up_guide_140214Suse service virtualization_image_set up_guide_140214
Suse service virtualization_image_set up_guide_140214Darrel Rader
 
IBM Mail Support for Microsoft Outlook
IBM Mail Support for Microsoft OutlookIBM Mail Support for Microsoft Outlook
IBM Mail Support for Microsoft Outlookjayeshpar2006
 
Web sphere application server performance tuning workshop
Web sphere application server performance tuning workshopWeb sphere application server performance tuning workshop
Web sphere application server performance tuning workshopRohit Kelapure
 
Windows Server Core
Windows Server CoreWindows Server Core
Windows Server CoreMark Wilson
 
LTCY08 - Andras Horvath - Lotus Notes
LTCY08 - Andras Horvath - Lotus NotesLTCY08 - Andras Horvath - Lotus Notes
LTCY08 - Andras Horvath - Lotus NotesJanos Szabo
 
Vdi pre req
Vdi pre reqVdi pre req
Vdi pre reqwizardyoucef
 
Obiee installation guide v2
Obiee installation guide v2Obiee installation guide v2
Obiee installation guide v2Amit Sharma
 
Ibm tivoli access manager for e business tracing http connections redp4622
Ibm tivoli access manager for e business tracing http connections redp4622Ibm tivoli access manager for e business tracing http connections redp4622
Ibm tivoli access manager for e business tracing http connections redp4622Banking at Ho Chi Minh city
 
Share point
Share pointShare point
Share pointSathish Kumar
 
Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210raman pattanaik
 
10135 b 10
10135 b 1010135 b 10
10135 b 10Wichien Saisorn
 
10135 b 13
10135 b 1310135 b 13
10135 b 13Wichien Saisorn
 
10135 a 00
10135 a 0010135 a 00
10135 a 00Bố Su
 
10135 b 03
10135 b 0310135 b 03
10135 b 03Wichien Saisorn
 
10135 a xa
10135 a xa10135 a xa
10135 a xaBố Su
 
war and peace perpektif etis kristen
war and peace perpektif etis kristenwar and peace perpektif etis kristen
war and peace perpektif etis kristenGusdurian Malang
 
10135 a 09
10135 a 0910135 a 09
10135 a 09Bố Su
 
SharePoint 2010’s Virtual Reality - SharePoint Saturday Vietnam
SharePoint 2010’s Virtual Reality - SharePoint Saturday VietnamSharePoint 2010’s Virtual Reality - SharePoint Saturday Vietnam
SharePoint 2010’s Virtual Reality - SharePoint Saturday VietnamOfficience
 
Hol 1940-01-net pdf-en
Hol 1940-01-net pdf-enHol 1940-01-net pdf-en
Hol 1940-01-net pdf-endborsan
 
SharePoint 2010's Virtual Reality - SPC2C
SharePoint 2010's Virtual Reality - SPC2CSharePoint 2010's Virtual Reality - SPC2C
SharePoint 2010's Virtual Reality - SPC2CMichael Noel
 
SharePoint 2010 Virtualisation - SharePoint Saturday UK
SharePoint 2010 Virtualisation - SharePoint Saturday UKSharePoint 2010 Virtualisation - SharePoint Saturday UK
SharePoint 2010 Virtualisation - SharePoint Saturday UKMichael Noel
 

More Related Content

What's hot

Suse service virtualization_image_set up_guide_140214
Suse service virtualization_image_set up_guide_140214Suse service virtualization_image_set up_guide_140214
Suse service virtualization_image_set up_guide_140214Darrel Rader
 
IBM Mail Support for Microsoft Outlook
IBM Mail Support for Microsoft OutlookIBM Mail Support for Microsoft Outlook
IBM Mail Support for Microsoft Outlookjayeshpar2006
 
Web sphere application server performance tuning workshop
Web sphere application server performance tuning workshopWeb sphere application server performance tuning workshop
Web sphere application server performance tuning workshopRohit Kelapure
 
Windows Server Core
Windows Server CoreWindows Server Core
Windows Server CoreMark Wilson
 
LTCY08 - Andras Horvath - Lotus Notes
LTCY08 - Andras Horvath - Lotus NotesLTCY08 - Andras Horvath - Lotus Notes
LTCY08 - Andras Horvath - Lotus NotesJanos Szabo
 
Obiee installation guide v2
Obiee installation guide v2Obiee installation guide v2
Obiee installation guide v2Amit Sharma
 
Ibm tivoli access manager for e business tracing http connections redp4622
Ibm tivoli access manager for e business tracing http connections redp4622Ibm tivoli access manager for e business tracing http connections redp4622
Ibm tivoli access manager for e business tracing http connections redp4622Banking at Ho Chi Minh city
 
Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210raman pattanaik
 

What's hot (11)

Install
InstallInstall
Install
 
Suse service virtualization_image_set up_guide_140214
Suse service virtualization_image_set up_guide_140214Suse service virtualization_image_set up_guide_140214
Suse service virtualization_image_set up_guide_140214
 
IBM Mail Support for Microsoft Outlook
IBM Mail Support for Microsoft OutlookIBM Mail Support for Microsoft Outlook
IBM Mail Support for Microsoft Outlook
 
Web sphere application server performance tuning workshop
Web sphere application server performance tuning workshopWeb sphere application server performance tuning workshop
Web sphere application server performance tuning workshop
 
Windows Server Core
Windows Server CoreWindows Server Core
Windows Server Core
 
LTCY08 - Andras Horvath - Lotus Notes
LTCY08 - Andras Horvath - Lotus NotesLTCY08 - Andras Horvath - Lotus Notes
LTCY08 - Andras Horvath - Lotus Notes
 
Vdi pre req
Vdi pre reqVdi pre req
Vdi pre req
 
Obiee installation guide v2
Obiee installation guide v2Obiee installation guide v2
Obiee installation guide v2
 
Ibm tivoli access manager for e business tracing http connections redp4622
Ibm tivoli access manager for e business tracing http connections redp4622Ibm tivoli access manager for e business tracing http connections redp4622
Ibm tivoli access manager for e business tracing http connections redp4622
 
Share point
Share pointShare point
Share point
 
Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210Fcm rapid-install-11122-1634210
Fcm rapid-install-11122-1634210
 

Viewers also liked

10135 a 00
10135 a 0010135 a 00
10135 a 00Bố Su
 
10135 a xa
10135 a xa10135 a xa
10135 a xaBố Su
 
war and peace perpektif etis kristen
war and peace perpektif etis kristenwar and peace perpektif etis kristen
war and peace perpektif etis kristenGusdurian Malang
 
10135 a 09
10135 a 0910135 a 09
10135 a 09Bố Su
 

Viewers also liked (7)

10135 b 10
10135 b 1010135 b 10
10135 b 10
 
10135 b 13
10135 b 1310135 b 13
10135 b 13
 
10135 a 00
10135 a 0010135 a 00
10135 a 00
 
10135 b 03
10135 b 0310135 b 03
10135 b 03
 
10135 a xa
10135 a xa10135 a xa
10135 a xa
 
war and peace perpektif etis kristen
war and peace perpektif etis kristenwar and peace perpektif etis kristen
war and peace perpektif etis kristen
 
10135 a 09
10135 a 0910135 a 09
10135 a 09
 

Similar to 50357 a enu-labmanual01

SharePoint 2010’s Virtual Reality - SharePoint Saturday Vietnam
SharePoint 2010’s Virtual Reality - SharePoint Saturday VietnamSharePoint 2010’s Virtual Reality - SharePoint Saturday Vietnam
SharePoint 2010’s Virtual Reality - SharePoint Saturday VietnamOfficience
 
Hol 1940-01-net pdf-en
Hol 1940-01-net pdf-enHol 1940-01-net pdf-en
Hol 1940-01-net pdf-endborsan
 
SharePoint 2010's Virtual Reality - SPC2C
SharePoint 2010's Virtual Reality - SPC2CSharePoint 2010's Virtual Reality - SPC2C
SharePoint 2010's Virtual Reality - SPC2CMichael Noel
 
SharePoint 2010 Virtualisation - SharePoint Saturday UK
SharePoint 2010 Virtualisation - SharePoint Saturday UKSharePoint 2010 Virtualisation - SharePoint Saturday UK
SharePoint 2010 Virtualisation - SharePoint Saturday UKMichael Noel
 
SharePoint 2010's Virtual Reality
SharePoint 2010's Virtual RealitySharePoint 2010's Virtual Reality
SharePoint 2010's Virtual RealityMichael Noel
 
Test Lab Guide: Windows Server 2012 R2 Base Configuration
Test Lab Guide: Windows Server 2012 R2 Base ConfigurationTest Lab Guide: Windows Server 2012 R2 Base Configuration
Test Lab Guide: Windows Server 2012 R2 Base ConfigurationTiago Henrique Ribeiro Ferreira
 
SharePoint 2010 Virtualization
SharePoint 2010 VirtualizationSharePoint 2010 Virtualization
SharePoint 2010 VirtualizationMichael Noel
 
IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...
IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...
IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...IRJET Journal
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Windows Server 2008 Management
Windows Server 2008 ManagementWindows Server 2008 Management
Windows Server 2008 ManagementHi-Techpoint
 
Windows Server 2008 Management
Windows Server 2008 ManagementWindows Server 2008 Management
Windows Server 2008 ManagementHi-Techpoint
 
SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010
SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010
SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010Michael Noel
 
Virtualization In Software Testing
Virtualization In Software TestingVirtualization In Software Testing
Virtualization In Software TestingColloquium
 
Protocol
ProtocolProtocol
Protocolm_bahba
 

Similar to 50357 a enu-labmanual01 (20)

SharePoint 2010’s Virtual Reality - SharePoint Saturday Vietnam
SharePoint 2010’s Virtual Reality - SharePoint Saturday VietnamSharePoint 2010’s Virtual Reality - SharePoint Saturday Vietnam
SharePoint 2010’s Virtual Reality - SharePoint Saturday Vietnam
 
Hol 1940-01-net pdf-en
Hol 1940-01-net pdf-enHol 1940-01-net pdf-en
Hol 1940-01-net pdf-en
 
SharePoint 2010's Virtual Reality - SPC2C
SharePoint 2010's Virtual Reality - SPC2CSharePoint 2010's Virtual Reality - SPC2C
SharePoint 2010's Virtual Reality - SPC2C
 
SharePoint 2010 Virtualisation - SharePoint Saturday UK
SharePoint 2010 Virtualisation - SharePoint Saturday UKSharePoint 2010 Virtualisation - SharePoint Saturday UK
SharePoint 2010 Virtualisation - SharePoint Saturday UK
 
Microsoft Exchange Server 2010 Installation
Microsoft Exchange Server 2010 InstallationMicrosoft Exchange Server 2010 Installation
Microsoft Exchange Server 2010 Installation
 
SharePoint 2010's Virtual Reality
SharePoint 2010's Virtual RealitySharePoint 2010's Virtual Reality
SharePoint 2010's Virtual Reality
 
Test Lab Guide: Windows Server 2012 R2 Base Configuration
Test Lab Guide: Windows Server 2012 R2 Base ConfigurationTest Lab Guide: Windows Server 2012 R2 Base Configuration
Test Lab Guide: Windows Server 2012 R2 Base Configuration
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_Battlecard
 
IBM Notes in the Cloud
IBM Notes in the CloudIBM Notes in the Cloud
IBM Notes in the Cloud
 
SharePoint 2010 Virtualization
SharePoint 2010 VirtualizationSharePoint 2010 Virtualization
SharePoint 2010 Virtualization
 
Resume 28th June 2016
Resume 28th June 2016Resume 28th June 2016
Resume 28th June 2016
 
Resume 28th June 2016
Resume 28th June 2016Resume 28th June 2016
Resume 28th June 2016
 
IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...
IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...
IRJET- Real Time Monitoring of Servers with Prometheus and Grafana for High A...
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Gopu_CV_2016
Gopu_CV_2016Gopu_CV_2016
Gopu_CV_2016
 
Windows Server 2008 Management
Windows Server 2008 ManagementWindows Server 2008 Management
Windows Server 2008 Management
 
Windows Server 2008 Management
Windows Server 2008 ManagementWindows Server 2008 Management
Windows Server 2008 Management
 
SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010
SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010
SharePoint 2010 Virtualization - SharePoint Saturday East Bay 2010
 
Virtualization In Software Testing
Virtualization In Software TestingVirtualization In Software Testing
Virtualization In Software Testing
 
Protocol
ProtocolProtocol
Protocol
 

50357 a enu-labmanual01

  • 1. Implementing Forefront Threat Management Gateway 2010 Lab Manual Lab 1: Installing Forefront Threat Management Gateway 2010
  • 2. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. ® 2009 Microsoft Corporation. All rights reserved. Microsoft is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
  • 3. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Table of Contents Lab 1: Installing Forefront Threat Management Gateway 2010 ............................................................................. 1 Introduction..................................................................................................................................................... 1 Objectives..........................................................................................................................................1 Prerequisites .....................................................................................................................................1 Scenario.............................................................................................................................................1 Lab Configuration ............................................................................................................................................ 2 Exercise 1 Install Threat Management Gateway (Release Candidate) .................................................................... 3 Task 1: Install Forefront TMG 2010 ............................................................................................................. 3 Task 2: Install Forefront Protection 2010 for Exchange Server ................................................................... 4 Exercise 2 Perform initial configuration of Forefront TMG ..................................................................................... 6 Task 1: Configure the network configuration using the Network Settings Wizard ..................................... 6 Task 2: Run the System Configuration Wizard ............................................................................................ 7 Task 3: Enable NIS and signature updates using the Deployment Wizard .................................................. 7 i
  • 4.
  • 5. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Lab 1: Installing Forefront Threat Management Gateway 2010 Introduction Objectives After completing this lab, you will be able to:  Install Microsoft® Forefront™ Threat Management Gateway 2010 (TMG) on a Windows Server® 2008 R2 server.  Perform an initial configuration of Forefront TMG using the Getting Started wizards. Prerequisites Ensure your virtual machines are properly configured on Microsoft® Hyper-V™. Please refer to the Classroom Setup Guide for instructions. Scenario Adatum has deployed a single Forefront TMG server to provide the following services:  Allow Adatum users to browse Internet Web sites. Users must be protected from browser-targeting malicious software (malware) over both HTTP and HTTPS.  Provide secure access to Outlook Web Access (OWA) and internal Microsoft® Windows® SharePoint® Services sites to remote users.  Transfer e-mail between Internet mail servers and Adatum’s Microsoft® Exchange Server 2010 system. Adatum users must be protected from spam and e-mail–borne malware. 1
  • 6. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Lab Configuration The following diagram illustrates the configuration of the virtual machines that are required for this lab module. Hyper-V is used as the host platform due to the requirement for 64-bit guest machines. VAN-DC1 VAN-EX1 192.168.0.40 192.168.0.42 Internet VAN-CLI1 192.168.0.47 NYC-WEB Adatum.com www.fabrikam.com VAN-EDG 10.0.0.2 10.0.0.1 192.168.0.50 VAN-SP1 192.168.0.43 The following machines will be used in this lab and should be powered on:  VAN-DC1 – Provides Active Directory® and DNS services for the Adatum domain.  VAN-EDG – Runs the Microsoft® Exchange Edge Transport Service to exchange SMTP e- mail between the Internet and the Adatum Exchange Server environment. It also runs Forefront Threat Management Gateway 2010 to secure the SMTP service and to provide secure Web browsing and publishing to Adatum users. The following machines will not be used in this lab and should be powered off:  VAN-CL1 – A Windows® 7 client in the Adatum domain used to access the Exchange Server and Microsoft® SharePoint® Server.  VAN-SP1 – Runs Windows SharePoint Services 3.0 SP1 for collaboration and document sharing between Adatum users.  VAN-EX1 – Runs Exchange Server 2010 for the Adatum domain (Mailbox, Client Access, and Hub Transport roles). It uses the Forefront TMG server to exchange SMTP mail with the Internet.  NYC-WEB – Hosts DNS, Web, and SMTP services. This host is used to implement the fabrikam.com Web site used by Adatum users, as well as the Fabrikam SMTP server. It is also used as the client to published services on Adatum (OWA and SharePoint). All computers should be logged on as AdatumAdministrator with the password Pa$$w0rd. NYC-WEB does not belong to the Adatum domain, so it should be logged on locally using the same user name and password. 2
  • 7. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Exercise 1 Install Threat Management Gateway (Release Candidate) Note: Because of the length of time it takes for the installation to complete, and the fact that little knowledge would be gained, this exercise has been completed for you. The details have been provided in this lab manual so you can examine the server installation steps. After you read these steps, please begin Exercise 2. In this exercise, you will install Forefront Threat Management Gateway 2010 and Microsoft® Forefront™ Protection 2010 for Exchange Server. The Forefront TMG server (VAN-EDG) is running Windows Server 2008 R2, Enterprise Edition, x64. It has been configured with the following prerequisites in order to reduce the time needed to complete the lab exercises. If they had not been preinstalled, the Preparation Tool that runs at the start of setup would install them for you (with the exception of Exchange Server).  Microsoft® .NET Framework 3.5 SP1.  Microsoft® Exchange Server 2010 – Edge Transport Server role (installed but not configured). This is configured and managed by Forefront TMG to provide protection to inbound and outbound SMTP traffic. Server Roles: Active Directory® Lightweight Directory Services (AD LDS) is required to store the configuration of the Exchange 2010 Edge Transport Server and Forefront TMG Server roles. Server Features:  Windows® PowerShell™  The server VAN-EDG is configured with two network adapters: o External 10.0.0.1 subnet mask: 255.0.0.0 o Internal 192.168.0.50 subnet mask: 255.255.255.0 The Internal address range for Adatum will be defined as 192.168.0.0 – 192.168.255.255. All address ranges outside of this (except local host 127.x) will be considered part of the External network. Task 1: Install Forefront TMG 2010 Note: Perform the following steps on the VAN-EDG computer. 1. Open Windows Explorer, and browse to C:InstallFFTMG2010EE. 2. Double-click autorun. If the computer has Internet access, you should click Run Windows Update to ensure that all of the latest critical and security updates have been installed. 3
  • 8. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 3. Click Run Preparation Tool. This starts the Preparation Tool before Forefront TMG is installed. The Preparation Tool inspects the server for the necessary prerequisites and installs them if required. This requires Internet connectivity to download the components. 4. Click Next to begin preparation. 5. Accept the license agreement, and then click Next. 6. Select Install Forefront TMG Services and Management, and then click Next. The Preparation Tool checks the system requirements and installs any components that are missing. 7. Select Launch Microsoft Forefront TMG Setup, and then click Finish. 8. Click Next to begin installation. 9. Accept the license agreement, and then click Next. 10. Accept the default user name and serial number, and then click Next. 11. Accept the default location to install to (C:Program FilesMicrosoft Forefront Threat Management Gateway), and then click Next. The next screen allows you to define the address range that will be associated with the internal network (as defined within Forefront TMG). 12. Click Add. 13. Click Add Range. 14. Type 192.168.0.0 for the start address and 192.168.255.255 for the end address. Click OK. 15. Click OK to complete the addition of IP ranges to the internal network. Click Next. 16. Read the warning that services will be stopped during installation, and then click Next. 17. Click Install to begin the installation. 18. Click Finish to complete the installation. Task 2: Install Forefront Protection 2010 for Exchange Server 1. Click Install Microsoft Forefront Protection 2010 for Exchange Server. 2. Accept the license agreement, and then click Next. 3. Click Next on the message that the Microsoft Exchange Transport service will be restarted. 4. Accept the default installation location (C:Program Files (x86)Microsoft Forefront Security for Exchange Server), and then click Next. 5. If the service will access the Internet for updates via a proxy, type the proxy details and credentials if required. Click Next. 6. Select Enable Forefront Security for Exchange antispam now, and then click Next. 7. Configure the use of Microsoft Update, and then click Next. 4
  • 9. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 8. Choose whether or not you want to be part of the Microsoft Customer Experience Improvement Program (CEIP), and click Next. 9. Verify that the settings are correct, and click Next. 5
  • 10. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Exercise 2 Perform initial configuration of Forefront TMG Note: The initial configuration of Forefront TMG configures the server to download and install engine and definition updates for Web and e-mail antimalware as well as the antispam engine. Because these definition updates are essential for the remaining exercises in this lab, and because the lab lacks the connectivity to obtain these updates, the initial configuration has been performed for you. The details have been left in this lab manual so you can examine the steps that were taken to install this server. After reading these notes, please begin Exercise 3. When the Forefront TMG Management Console is started for the first time, the Getting Started Wizard runs. Though you don’t have to use the wizard to configure the server, it presents the main configuration options in a logical order. The Getting Started Wizard provides a starting point for four additional wizards that can be accessed sequentially:  The Network Settings Wizard allows you to apply network templates based on common scenarios, and to modify IP, DNS, and routing settings for your network adapters.  The System Configuration Wizard allows you to change the computer name, domain membership, and DNS suffixes.  The Deployment Wizard allows you to license and enable Network Inspection System and Malware Protection services, and to define how signature updates are obtained and used.  The Web Access Wizard allows you to configure Forefront TMG so that internal users can access Internet Web sites. The first three wizards in the list above will be used in this exercise to perform initial configuration of the Forefront TMG server. Configuration of Web access (and other scenarios) will be performed in subsequent exercises. Note: Perform the following steps on the VAN-EDG computer. Task 1: Configure the network configuration using the Network Settings Wizard 1. On the VAN-EDG computer, click Start | All Programs | Microsoft Forefront TMG | Forefront TMG Management. 2. Click Configure network settings. 3. Click Next to start the Network Settings Wizard. 4. Select the Edge firewall template, and then click Next. 5. Select Internal as the adapter that is connected to the LAN, and then click Next. 6
  • 11. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 6. Select External as the adapter that is connected to the Internet, and then click Next. As noted above, a default gateway would typically be defined on this interface instead of the internal interface. 7. Click Finish to complete the Network Settings Wizard. Task 2: Run the System Configuration Wizard 1. Click Configure system settings. 2. Click Next to start the System Configuration Wizard. 3. There is no need to change the computer name or domain membership, so click Next. 4. Click Finish to complete the System Configuration Wizard. Task 3: Enable NIS and signature updates using the Deployment Wizard Though malware inspection can be enabled using the Deployment Wizard, you will enable it in a later exercise. 1. Click Define deployment options. 2. Click Next to start the Deployment Wizard. 3. Select Use the Microsoft Update service to check for updates, and then click Next. This is required to enable malware definition updates to be received from Microsoft® Update. 4. For the Network Inspection System, select Activate complementary license and enable NIS. 5. For Web Protection, select Activate evaluation license and enable Web Protection. 6. Ensure that both Enable Malware Inspection and Enable URL Filtering are selected, and then click Next. 7. For Network Inspection System signature updates, select Check for and install updates and the default polling interval of 15 minutes. An alert will be triggered if updates are not installed after 45 days. 8. Select Microsoft default policy as the option to use for newly downloaded attack signatures, and then click Next. This ensures that attacks that exploit vulnerabilities will be blocked by Forefront TMG as soon as the signature is published to Microsoft Update and downloaded by Forefront TMG. 9. Answer No to participation in the Customer Experience Improvement Program, and then click Next. 10. For the Microsoft Telemetry Service, select I do not want to join Microsoft Telemetry Service at this time, and then click Next. The telemetry service provides Microsoft with information on attacks and responses as they occur, aiding in the development and distribution of effective threat mitigations. 7
  • 12. Implementing Forefront Threat Management Gateway 2010 Lab Manual - Lab 1 Note: Because the labs do not have Internet access, both of the above options are disabled. 11. Click Finish to complete the Deployment Wizard. 12. Ensure that Run the Web Access wizard is not selected, and then click Close to end the Getting Started Wizard. Web Access Policy will be created in the next lab. 8