Implementing Forefront Threat Management Gateway 2010 Course Introduction

IntroductionNameCompany affiliationTitle/functionJob responsibilityPrevious experience with Microsoft ISA ServerExpectations

FacilitiesClass hoursBuilding hoursParkingRestroomsMealsPhonesMessagesSmokingRecycling

About This CourseDescriptionLearning objectivesAudiencePrerequisites

Course DescriptionPrepares you to create security solutions based on Microsoft Forefront Threat Management Gateway 2010 (TMG)Covers the following usage scenarios:

Secure Web GatewayRemote Access GatewaySecure Mail Relay

Organized in 5 modulesDelivered in 16 hoursInstructor-led with 4 hands-on labs

Course ObjectivesThis course will enable you to:

Understand the new features and the value proposition for Forefront TMGExplain how Forefront TMG protects clients and servers from Web-based threatsDescribe how Forefront TMG enable outside systems to secure connect to internal services and applicationsDescribe how Forefront TMG integrates with Microsoft® Forefront™ Protection 2010 for Exchange Server and Microsoft® Exchange Server 2010 to protect an organization from mail-based threatsDesign an enterprise solution using Forefront TMG, considering availability, scalability, operations, and migration from an existing Microsoft® Internet Security and Acceleration Server (ISA) solution

Target AudienceSolution specialists and technical sales professionals with a focus on selling security solutionsArchitects and consultants involved in designing and deploying solutions based on Forefront TMGTechnical account managers and premier field engineers who want to acquire in-depth knowledge of the design and deployment of Forefront TMG solutions

PrerequisitesWorking knowledge of Active Directory® and Group Policy

No specific Windows Server® 2008 R2 knowledge is required

Good understanding of Windows® networking

Course Outline – Day 1Schedule Module or Activity Goals

9 :00 to 11:00 AM

Module 1: Forefront Threat Management Gateway 2010 Overview

Describe a brief history of the Microsoft edge security products.

Explain the current threat landscape and how this drove changes in the edge security strategy.

List the new features in Forefront TMG and their value propositions.

Describe the key scenarios for Forefront TMG and how it differentiates from Microsoft® IAG/UAG.

Describe the SKU differentiation and subscription model. Explain the installation requirements and install process for

Forefront TMG.11 :00 AM to noon

Lab 1: Installing Threat Management Gateway 2010

Install Forefront TMG to provide web and e-mail access between Contoso and the Internet.

Perform an initial configuration of Forefront TMG using the Getting Started wizards.

Noon to 1:00 PM

Lunch

1:00 to 3:00 PM

Module 1: Secure Web Gateway

Describe the threats affecting enterprise users browsing the Web.

Identify the key Forefront TMG features that address those threats (application proxy, granular access control, malware inspection, URL filtering, HTTPS inspection, NIS), and describe each of these features in detail.

3:00 to 5:00 PM

Lab 2: Configure Secure Web Gateway

Create web access policies for Contoso users, including inspection of HTTPS sessions.

Modify web access policy to include protection from malware.

Investigate the Network Inspection System (NIS).

Schedule Module or Activity

Goals

9:00 to 11:00 AM

Module 3: Remote Access Gateway

Understand how Forefront TMG can publish Web and non-Web services to external users.

Explain the security features and benefits added by Forefront TMG in each of these publishing scenarios.

Discuss the new Forefront TMG features for virtual private networking, such as Secure Socket Tunneling Protocol (SSTP) and Network Access Protection (NAP).

11:00 AM to Noon

Lab 3: Remote Access Gateway

Use Web Publishing to publish Exchange Web Services

Noon to 1 :00 PM

Lunch

1:00 to 2:00 PM

Module 4: Secure Mail Relay

Describe the mail threats facing organization, and explain what the key Forefront TMG features are that address these threats.

Explain how Forefront TMG and Forefront Protection 2010 for Exchange Server are deployed together for premium antispam and antimalware protection.

Describe in detail how Forefront TMG performs spam filtering, malware filtering, and content filtering.

Describe the implementation process for this scenario and how the solution is configured.

2:00 to 3:00 PM

Lab 4: Secure Mail Relay

Configure the Exchange Edge Transport role and Forefront Protection 2010 for Exchange Server on the Forefront TMG server to protect Internet e-mail.

Explore antispam and antimalware protection of Internet e-mail.3:00 to 4:00 PM

Module 5: Forefront TMG Design and Deployment Considerations

Review the network, scalability, availability and operational considerations and best practices when designing and deploying a solution based on Forefront TMG.

Identify the best practices when configuring clients to use Forefront TMG.

Describe migration procedures from ISA Server to Forefront TMG, and between the different versions of Forefront TMG.

Course Outline – Day 2

Classroom SetupEach student has their own virtualized lab environmentVirtual machines:

External Web serverFirewallDomain controllerMail serverCollaboration serverWindows clientForefront Protection Management server

8GB Systemw/ Microsoft Hyper-V

Questions

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Forefront, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.