Roles C À à Configure Your Microsoft Forefront TMCOoloc« Use the links below to configure how Forefront TMG protects ¿ Roles Configuration outbound network traffic, Cau hinh Network `“
Trang 1Sử dụng Network Template trên TMG 2010
Su dung Network Template trén TMG 2010
Mot van dé dat ra la khong phải ai cũng nắm rõ vé TMG Vay những người không chuyên sẽ cấu hình
TMG như thế nào ? Một giải pháp được đưa ra đó là sử dụng các template có sẵn mà TMG hỗ trợ
Perimeter Network
BKNP-SRV08.-01
IP: 172.16.1.2/24
Preferred DNS: 192.168.1.2 BKNP-SRV08-03
BKNP-DC08-01
IP: 192.168.1224 ` GW: 192.168.1.1
Preferred DNS: 192.168.1.2 | Demain Centroller: Bknpewtr+rn
DXNS Serer: Bknpewxern
~—_—
GW: 192.168.1.1
- Preferred DNS: 192.168.1.2
Internal Network
Su dung Network Template trén TMG 2010
Đầu tiên, mở TMG 2010 ở khung phía bên phải, lựa chọn Launch Getting Started Wizard
Trang 2
RE rorefront THG
File Acton View Help
2 O
@ | 2jr2|M mị 4| #@(© XS
a cm Forefront Threat M, % Nga | a b TMG (Bae-SRVORE
~ Forefront
Threat Management Gateway 2010 (i) Click here to learn about the Customer i Improvement m
Roles C
À
à Configure Your Microsoft Forefront TMCOoloc«
Use the links below to configure how Forefront TMG protects ¿ Roles Configuration
outbound network traffic, Cau hinh Network `“ thchưtbet cv
> Provide Secure Internet Access for Internal Users m4 Join Array
Use the Web Access Policy Wizard to create default Web access policy for your organization Use the “ Configure Array Properties wizard and available settings to configure how Forefront TMG protects and improves Web access by = b
applying malware inspection, URL filtering, HTTPS inspection and Web caching #4 Assign Acministatve Roles
Secure your Organization's E-Mail Related Tasks
"Use the E-Mail Policy Wizard to allow secured server-to-server e-mail traffic Protect your network by ‘€) Export (Back applying antivirus and antispam filters to both incoming and outgoing mail messages and attachments, and © ( Sep ener
by stamping inspected mail messages _ Configuration
(>) Import (Restore) Array
Configuration
Use the Intrusion Prevention System to Protect Your Network from Attacks # Pa ae Use Forefront TMG's Intrusion Prevention System (IPS) to protect your organization from network attacks Telemetry Reporting and to help identify potentially compromised computers
Allow Secure Access to Internal Resources
Use the publishing wizards to allow secure access to Web servers and other applications on your network
This includes access to Outlook Web Access Servers, SharePoint sites, and VoIP
Configure VPN Access
Enable and configure a secure virtual private network (VPN) for remote cient access to corporate networks
4, | >|
Tai man hinh tiép theo lua chon Configure network settings
LE Getting Started Wizard
Welcome to Forefront TMG!
To get started, follow the three steps below:
N
> fp Scenes
relationships
settings, routing rules, and network
ộ Configure system settings
Define local system settings for Forefront TMG,
Define deployment options Specify Forefront TMG deployment settings such as how this
Forefront TMG server receives Microsoft updates,
» If you need to import Microsoft Internet Security and Acceleration (ISA) Server 2006 configuration settings to this computer, you must do this before you run this wizard
Tiếp tục chon Next dé bat đầu cấu hình
Trang 3
2€tting Started - Network Setup Wizard
_. This wizard helps you define basic networking settings for
Forefront TMG This indudes network IP settings, network
relationships, and routing rules Advanced network settings can
‘4 be specified after completing the Getting Started Wizard
Trong ví dụ này, chúng ta sẽ lựa chọn “mô hình 3 chân” và nhắn Next
2€tting Started - Network Setup Wizard
Network Template Selection Select the network template that best fits your network topology
Man hinh tiép theo yéu cau lua chon card mạng ứng với mạng cục bộ và điền địa chỉ IP tương ứng
Trang 4
Getting Started - Network Setup Wizard
Local Area Network (LAN) Settings Define the settings for the network adapter connected to your LAN
x
Màn hình tiêp theo yêu câu lựa chọn card mạng ứng với mạng ngoài và điên địa chỉ IP tương ứng
Getting Started - Network Setup Wizard |
é x —
“
Internet Settings có Set the Internet settings based on information from your Internet Service Provider (ISP) \2y
4
_— cm: | Net: | cnet |
Màn hình tiếp theo yêu câu lựa chọn card mạng ứng với vùng DMZ và điền địa chỉ IP tương ứng
Trang 5Nhắn EFinish đề kết thúc
2etting Started - Network Setup Wizard
Perimeter Network Settings Define the settings for the network adapter connected to your perimeter
setting Started - Network Setup Wizard
Completing the Network Setup Wizard
You have successfully completed the Network Setup
_ Wizard The network will have the following
⁄ ih configuration:
Tiếp tục nhân Define deployment options dé cau hinh cap nhat cho TMG
Trang 6
Nhân Next để tiếp tục
(ff specifying update settings and joining the Customer Experience
ws
Cac tuy chon cap nhat:
Trang 7
Getting Started - Deployment Wizard Microsoft Update Setup
Use Microsoft Update service to help keep your computer secure and up to date
Forefront TMG uses Microsoft Update service to keep Forefront TMG protection mechanisms up to date %
To receive these updates, select to use the Microsoft Update service, below
a ( Use the Microsoft Update service to check for updates (recommended)
tà C Ido not want to use the Microsoft Update service
If the computer is not connected to the Internet, configuring the computer to use
` Microsoft Update may take several minutes
Cầu hình các thiết lập bảo mật
Getting Started - Deployment Wizard
Forefront TMG Protection Features Settings Use this page to activate licenses required for receiving updates and to enable Forefront
TMG protection mechanisms
~ Network Inspection System License: lActivate
~ Web Protection License: | Activate evaluation license and enable Web Protection >| Key: | Evaluation Expiration date: | 9/20/2011 A
IV Enable Malware Inspection
[” Enable URL Filtering
The URL Filtering feature queries Microsoft Reputation Service for URL categorization
‘ The full URL string is sent to the service, using a secure connection
_ coon [Fg] _ coe
Đề tùy chỉnh mặc định và nhân Next dé tiếp tục
Trang 8
setting Started - Deployment Wizard
NIS Signature Update Settings Use signatures of known vulnerabilities from the Microsoft Malware Protection Center to detect and potentially block malicious traffic
[Check for and install definitions (recommended) dl ery 15 minutes
Tùy chọn gửi phản hồi lại cho Mierosoft
Trang 9
Getting Started - Deployment Wizard ` ;
re
oF Customer Feedback cv le,
We invite you to join the Customer Experience Improvement Program to help us improve “&
the quality, reliability, and performance of this product
This program collects anonymous information about your hardware configuration and how you use Forefront TMG, without interrupting you Microsoft uses the information to identify trends and usage
patterns
If you choose to participate in the program, Web proxy dient access will be enabled on the Forefront TMG Local Host network
You can change your partidpation choice after closing this wizard To do this, open the array properties
and modify settings on the Customer Feedback tab
No information will be used to identify or contact you
© Yes, lam willing to partiapate anonymously in the Customer Experience Improvement Program (recommended)
Ns I don't want to partidpate
<Back [| Next> Cancel |
Getting Started - Deployment Wizard Microsoft Telemetry Reporting Service Select a participation level for Microsoft telemetry reporting
If you choose to participate in Microsoft telemetry reporting, information regarding malware and other attacks on your network is sent to Microsoft This information helps Microsoft improve Forefront TMG's ability to identify attack patterns and mitigate threats In some cases, personal information may be inadvertently sent, but Microsoft will not use the information to identify or contact you
Select your level of partidpation:
C Basic
Basic information about potential threats induding their type and origin, as well as the response taken, is sent to Microsoft
Advanced
In addition to basic information, information about potential threats in greater detail, induding traffic samples and full URL strings is sent to Microsoft This additional information provides Microsoft with
more help in analyzing and mitigating threats
( None No information is sent to Microsoft
Read our Privacy Statement
<Back [| Next> Cancel |
Nhắn EFinish đề kết thúc
Trang 10
Getting Started - Deployment Wizard
You have successfully completed the Deployment Wizard
| The following settings will be applied:
Microsoft Update Service Settings
Oo Use Microsoft Update service when I check for updates
Z, NIS License: Activated
NS
Nhan Close dé kết thúc cấu hình
[LE Getting Started Wizard
BAI VIET CUNG CHUYEN MUC