TMG 2010 can protect your IT environment more securty and powerful

05 Apr

TMG as next generation product version of ISA was RTM release last month. IT can help to protect your it enironment more securty and powerful. there are 3 functions, https inspection , URL filtering, Malware inspection.

the https inspection function is a spotlight. as before in ISA, https connection can not be inspected as product design. malware can transport to/from https tunnel. In TMG, this is changed.

it works  like below:

Phase 1 – Client Request

  1. Client connects to the TMG Web proxy listener.
  2. Client issues an SSL tunnel request: CONNECT HTTP/1.1.
  3. TMG resolves to IP address
  4. TMG connects to on TCP port 443.
  5. TMG negotiates an SSL connection with the server and evaluates the certificate.
  6. If the certificate is valid and trusted, TMG responds “200 OK” to the client.

Phase 2 – Encrypted conversation with Inspection

  1. Client and TMG exchange SSL handshake messages, encryption keys and certificates. Note that because TMG builds a server certificate using information derived from the Web server certificate, the client believes it is communicating with the Web server.
  2. Client now has an encrypted tunnel with Forefront TMG and Forefront TMG has an encrypted tunnel with the destination server. Forefront TMG will be able to inspect all traffic sent between client and server by following this sequence:

    a)     TMG receives and decrypts the encrypted traffic from the destination server.

    b)     TMG applies Malware Inspection and NIS filters to the traffic.

    c)      If the malware and NIS filters allow, TMG will encrypt the results and send it to the client workstation.

    d)     Client will receive, decrypt and process the traffic

for more information, see the article

Leave a comment

Posted by on April 5, 2010 in Forefront


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: