2. Introduction
Name
Company affiliation
Title/function
Job responsibility
Previous experience with Microsoft ISA Server
Expectations
3. Facilities
Class hours
Building hours
Parking
Restrooms
Meals
Phones
Messages
Smoking
Recycling
4. About This Course
Description
Learning objectives
Audience
Prerequisites
5. Course Description
Prepares you to create security solutions based on
Microsoft Forefront Threat Management Gateway 2010
(TMG)
Covers the following usage scenarios:
Secure Web Gateway
Remote Access Gateway
Secure Mail Relay
Organized in 5 modules
Delivered in 16 hours
Instructor-led with 4 hands-on labs
6. Course Objectives
This course will enable you to:
Understand the new features and the value proposition for
Forefront TMG
Explain how Forefront TMG protects clients and servers from Web-
based threats
Describe how Forefront TMG enable outside systems to secure
connect to internal services and applications
Describe how Forefront TMG integrates with Microsoft®
Forefront™ Protection 2010 for Exchange Server and Microsoft®
Exchange Server 2010 to protect an organization from mail-based
threats
Design an enterprise solution using Forefront TMG, considering
availability, scalability, operations, and migration from an existing
Microsoft® Internet Security and Acceleration Server (ISA) solution
7. Target Audience
Solution specialists and technical sales professionals with a
focus on selling security solutions
Architects and consultants involved in designing and
deploying solutions based on Forefront TMG
Technical account managers and premier field engineers
who want to acquire in-depth knowledge of the design
and deployment of Forefront TMG solutions
8. Prerequisites
Working knowledge of Active Directory® and Group Policy
No specific Windows Server® 2008 R2 knowledge is required
Good understanding of Windows® networking
9. Course Outline – Day 1
Schedule Module or Activity Goals
9 :00 to Module 1: Forefront Describe a brief history of the Microsoft edge security products.
11:00 AM Threat Management Explain the current threat landscape and how this drove changes in
Gateway 2010 the edge security strategy.
Overview List the new features in Forefront TMG and their value propositions.
Describe the key scenarios for Forefront TMG and how it
differentiates from Microsoft® IAG/UAG.
Describe the SKU differentiation and subscription model.
Explain the installation requirements and install process for
Forefront TMG.
11 :00 AM Lab 1: Installing Install Forefront TMG to provide web and e-mail access between
to noon Threat Management Contoso and the Internet.
Gateway 2010 Perform an initial configuration of Forefront TMG using the Getting
Started wizards.
Noon to Lunch
1:00 PM
1:00 to Module 1: Secure Describe the threats affecting enterprise users browsing the Web.
3:00 PM Web Gateway Identify the key Forefront TMG features that address those threats
(application proxy, granular access control, malware inspection, URL
filtering, HTTPS inspection, NIS), and describe each of these
features in detail.
3:00 to Lab 2: Configure Create web access policies for Contoso users, including inspection
5:00 PM Secure Web Gateway of HTTPS sessions.
Modify web access policy to include protection from malware.
Investigate the Network Inspection System (NIS).
10. Course Outline – Day 2
Schedule Module or Activity Goals
9:00 to Module 3: Remote Understand how Forefront TMG can publish Web and non-Web services to
11:00 AM Access Gateway external users.
Explain the security features and benefits added by Forefront TMG in each of
these publishing scenarios.
Discuss the new Forefront TMG features for virtual private networking, such as
Secure Socket Tunneling Protocol (SSTP) and Network Access Protection (NAP).
11:00 AM to Lab 3: Remote Use Web Publishing to publish Exchange Web Services
Noon Access Gateway
Noon to Lunch
1 :00 PM
1:00 to Module 4: Secure Describe the mail threats facing organization, and explain what the key Forefront
2:00 PM Mail Relay TMG features are that address these threats.
Explain how Forefront TMG and Forefront Protection 2010 for Exchange Server
are deployed together for premium antispam and antimalware protection.
Describe in detail how Forefront TMG performs spam filtering, malware filtering,
and content filtering.
Describe the implementation process for this scenario and how the solution is
configured.
2:00 to Lab 4: Secure Mail Configure the Exchange Edge Transport role and Forefront Protection 2010 for
3:00 PM Relay Exchange Server on the Forefront TMG server to protect Internet e-mail.
Explore antispam and antimalware protection of Internet e-mail.
3:00 to Module 5: Forefront Review the network, scalability, availability and operational considerations and
4:00 PM TMG Design and best practices when designing and deploying a solution based on Forefront
Deployment TMG.
Considerations Identify the best practices when configuring clients to use Forefront TMG.
Describe migration procedures from ISA Server to Forefront TMG, and between
the different versions of Forefront TMG.
11. Classroom Setup
Each student has their own virtualized lab environment
Virtual machines:
External Web server
Firewall 8GB System
Domain controller w/ Microsoft Hyper-V
Mail server
Collaboration server
Windows client
Forefront Protection
Management server