Microsoft Forefront TMG and UAG Comparison ==================================== 01)-Forefront TMG: =============== Forefront Threat Management Gateway 2010 (TMG) is the successor of ISA Server 2006. For a detailed comparison between ISA Server 2006 and Forefront TMG read the following article. Forefront TMG is a Multilayer Enterprise Firewall with several features: • Stateful Packet filtering • Application Layer Firewalling • HTTP Filter • HTTPS Inspection • URL Filtering • Malware Inspection • VPN Server (Client VPN and Site to Site VPN) • Web proxy and Web caching Server • Forward- and reverse Proxy • E-Mail Protection Gateway • Intrusion Prevention (IPS) and Intrusion Detection (IDS) system Forefront TMG is available in two versions: Standard and Enterprise. For an overview about the Forefront TMG editions . System requirements for Forefront TMG: ----------------------------------------------------- Component----> Minimum requirements CPU---> 64-bit, 1.86 GHz, 2 core (1 CPU x dual core) processor Memory---> 2 GB, 1 GHz RAM Hard Disk --->2.5 GB available space. This is exclusive of the hard disk space required for caching or for temporarily storing files during malware inspection. One local hard disk partition that is formatted with the NTFS file system Network adapters---> One network adapter that is compatible with the computers operating system, for communication with the Internal network Operating system---> Windows Server 2008Version: SP2 or R2 Edition: Standard, Enterprise or Datacenter Windows Roles and Features These Roles and Features are installed by the Forefront TMG Preparation Tool:---> =>Network Policy Server =>Routing and Remote Access Services =>Active Directory Lightweight Directory Services Tools =>Network Load Balancing Tools =>Windows PowerShell =>Other software Microsoft .NET Framework 3.5 SP1 =>Windows Web Services API =>Windows Update =>Microsoft Windows Installer 4.5 02):Forefront UAG: =============== Forefront Unified Access Gateway 2010 (UAG) is the successor of Microsoft IAG (Intelligent Application Gateway) and is designed to control inbound access to corporate resources from several client types such as, Windows, Linux, and Macintosh clients, including mobile devices. One of the major strengths of Forefront UAG is the so called Endpoint access policy which can be used to give clients access to internal resources only when a predefined set of rules, defined by UAG administrators are satisfied. You can think about Forefront UAG Endpoint access Policies as an enhanced version of NAP (Network Access Protection). Forefront UAG enhances the basic Webserver publishing options found in Forefront TMG by integrating a deep understanding of the applications published, the state of health of devices being used to gain access, and the users identity. Forefront UAG provides portal support for gaining access to internal resources. A portal is a website where users can gain access to different published applications like OWA, Remote Desktop connections, SSL VPN, Microsoft CRM, SharePoint and many others. Forefront UAG supports several authentication providers like Active Directory, Netscape, LDAP, RADIUS, OTP and many more. Another primary development goal of Forefront UAG is remote access via SSL VPN and a technique calledDirectAccess. System requirements for Forefront UAG: ------------------------------------------------------ Component----- Minimum requirements CPU---> 2.66 gigahertz (GHz) or faster processor. Dual core CPU Memory----> 4 GB Hard Disk---> 2.5 gigabyte (GB) (in addition to Windows requirements) Network adapters---> Two network adapters that are compatible with the computer operating system. These network adapters are used for communication with the internal corporate network, and the external network (Internet). Note that deploying Forefront UAG with a single network adapter is not supported Operating system---> Forefront UAG can be installed on computers running the Windows Server 2008 R2 Standard or Windows Server 2008 R2 Enterprise 64-bit operating systems. Forefront UAG must be a domain member Windows Roles and Features---> =>Network Policy Server =>Routing and Remote Access Services =>Active Directory Lightweight Directory Services Tools =>Message Queuing Services =>Web Server (IIS) Tools =>Network Load Balancing Tools =>Windows PowerShell Other software--- Microsoft .NET Framework 3.5 SP1 =>Windows Web Services API =>Windows Update =>Microsoft Windows Installer 4.5 =>SQL Server Express 2005 Forefront TMG is installed as a firewall during Forefront UAG setup. Following setup, Forefront TMG is configured to protect the Forefront UAG server. *The Windows Server 2008 R2 DirectAccess component is automatically installed. Comparing Forefront TMG and Forefront UAG: =================================== During my work as a Consultant and Trainer for MS Forefront products, I noticed that many people were not completely aware of the main differences between Forefront TMG and UAG and were uncertain which product best fits a given scenario. I will try to give a short description of each product that helps you take the right decision: Forefront TMG is the Enterprise Edge Firewall that protects the internal network from the Internet and that provides protected access from internal resources to the Internet. Forefront TMG has powerful publishing features to publish internal services to the Internet such as, Outlook Web Access, Exchange Active Sync and a whole slew of other services, but it is limited in intelligent publishing. It only allows limited control on client devices which should access the internal published resources. In fact, Forefront TMG acts as a Firewall for incoming and outgoing requests. Forefront UAG is used to extend and enhance the basic publishing features of Forefront UAG, and comes with extended features like portals, SSL VPN (note: Forefront TMG supports SSL VPN in form of SSTP), DirectAccess and powerful Endpoint Access Policies to control the client devices, accessing the Forefront UAG server. During a Forefront UAG installation, Forefront TMG will also be installed but only to protect the Forefront UAG Server. In fact, Forefront UAG acts as an Application Layer Gateway and is the solution for incoming access to internal resources from the Internet. This screenshot gives a clear explanation about Forefront TMG and Forefront UAG usage scenarios: I hope this article will help you to understand the main difference between TMG & UAG. Regards, M.Nadeem Chief Instructor ASIPT Systems 10A-Wahdat Road Near Butt Sweet, Lahore, Pk. +92-345-0786662, 0423-5912800 SkypeId: asipt.training | FB: asipttraining | [email protected]
Posted on: Mon, 01 Sep 2014 11:36:34 +0000
Trending Topics
Recently Viewed Topics
© 2015