This course is not currently offered by Global Knowledge. Information here is provided for reference only.

This course provides you with the knowledge and skills to envision, design, and deploy web access, remote access, and mail protection solutions using Microsoft Forefront Threat Management Gateway 2010 (TMG) and Forefront Unified Access Gateway 2010 (UAG). You will learn to identify the requirements and make the appropriate design decisions during the deployment process while gaining hands-on experience with the products.

This course incorporates materials from the Official Microsoft Learning Products 50357: Implementing Forefront Threat Management Gateway 2010 and 50402: Implementing Forefront Unified Access Gateway 2010.

What You'll Learn

• New features and the value of Forefront TMG
• How Forefront TMG protects clients and servers from web-based threats
• How Forefront TMG enables outside systems to secure connect to internal services and applications
• How Forefront TMG integrates with Forefront Protection 2010 for Exchange and Microsoft Exchange Server 2010 to protect an organization from mail-based threats
• Design an enterprise solution using Forefront TMG considering availability, scalability, operations, and migration from an existing Microsoft Internet Security and Acceleration (ISA) solution
• Install and configure Forefront UAG as a stand-alone server or an array member
• Publish Microsoft Exchange Server, Microsoft Office SharePoint Server, and Remote Desktop Gateway applications to external users
• Configure Forefront UAG to authenticate and authorize users and enforce security policies on clients
• Use Forefront UAG as a gateway for DirectAccess clients
• Design and deployment considerations when building an enterprise access solution using Forefront UAG

Who Needs to Attend

IT security and infrastructure specialists/professionals, architects, consultants who have experience with Windows networking and who are involved in designing, deploying, or operating security solutions

Prerequisites

• Good understanding of Active Directory and Group Policies
• Good understanding of Windows TCP/IP networking
• Solid understanding of Windows networking (experience with IPv6 is desirable but not required)
• Working knowledge of Active Directory, LDAP, and RADIUS authentication
• Basic understanding of Microsoft Exchange Server 2007 and Microsoft Office SharePoint Server 2007

Follow-On Courses

There are no follow-ons for this course.

Course Outline

1. Forefront Threat Management Gateway (TMG) 2010 Overview

• Introduction to Forefront TMG
• Installation and Initial Setup
• Basic Configuration Concepts

2. Secure Web Gateway

• Secure Web Gateway Overview
• HTTPS Inspection
• URL Filtering
• Malware Protection
• Intrusion Prevention

3. Remote Access Gateway

• Remote Access Gateway Overview
• Non-HTTP Server Publishing
• Web Publishing
• Virtual Private Networking (VPN) Connectivity

4. Secure Mail Relay

• Secure Mail Relay Overview
• Solution Components
• Configuring SMTP Protection

5. Forefront TMG 2010 Design and Deployment Considerations

• Logical Design Considerations
• Scalability and Availability
• Client Configuration
• Migration Options

6. Forefront UAG Overview

• Microsoft Business Ready Security Strategy (BRS)
• Forefront Unified Access Gateway Architecture
• Licensing and Availability

7. Forefront Unified Access Gateway Setup and Upgrade

• Installing Forefront UAG
• Initial Configuration

8. Forefront UAG Portal

• Trunks and Portals
• Portal Customization
• Client Detection

9. Publishing Web Applications

• Web Publishing Overview
• Publishing Microsoft Exchange
• Publishing Microsoft SharePoint
• Deploying Federation with AD FS

10. Remote Desktop Gateway Publishing

• Remote Desktop Publishing Overview
• Deploying RD Gateway Publishing

11. Remote Network Access

• Remote Network Access Overview
• UAG/SSTP Integration Architecture
• Configuring Remote Network Access

12. IPv6 and IPv6 Transition Technologies

• IPv6 Overview
• IPv6 Transition Technologies

13. DirectAccess

• DirectAccess Overview
• DirectAccess Solution Components
• Planning a DirectAccess Deployment
• Deploying DirectAccess Using Forefront UAG

14. Endpoint Security Policies and NAP Integration

• Endpoint Policies
• Network Access Protection Integration

15. Array Management

• Forefront UAG Array Management Overview
• Deploying and Operating Forefront UAG Arrays
• Network Load Balancing Integration

16. Enterprise Deployment and Troubleshooting

• Deploying Forefront UAG in Enterprise Environments
• Supporting and Troubleshooting Forefront UAG

Labs

Lab 1: Installing Forefront Threat Management Gateway 2010

• Install Forefront TMG on a Windows Server 2008 R2 server
• Perform an initial configuration of Forefront TMG using the Getting Started wizards

Lab 2: Secure Web Gateway

• Create web access policies for Contoso users, including inspection of HTTPS sessions
• Modify web access policy to include protection from malware
• Investigate the Network Inspection System (NIS)

Lab 3: Remote Access Gateway

Use Web Publishing to publish Exchange Web Services

Lab 4: Secure Mail Relay

• Install Active Directory LDS and Exchange Edge Server
• Install Forefront Protection 2010 for Exchange Server
• Install Forefront Threat Management Gateway
• Configure Exchange EdgeSync
• Define an E-mail Policy

Lab 5: Install Forefront Unified Access Gateway 2010

• Install Forefront UAG 2010
• Configure the initial settings using the Getting Started Wizard

Lab 6: Create and Configure a Portal Trunk

• Create an HTTPS trunk in Forefront UAG
• Configure an Active Directory authentication repository

Lab 7: Publishing Exchange Applications

• Configure Outlook Web Access (OWA) publishing using the OWA look and feel
• Configure OWA publishing inside the Forefront UAG portal
• Publish Outlook Anywhere and Exchange Autodiscover

Lab 8: Publishing Remote Desktop Services

• Publish RemoteApp applications using the Forefront UAG portal
• Publish a predefined Remote Desktop

Lab 9: Remote Network Access using SSTP

• Configure remote network access using SSTP
• Publish remote network access in the Forefront UAG portal

Lab 10: IPv6 and ISATAP

• Use IPv6 link-local addresses for local network connectivity
• Deploy an ISATAP router in an intranet

Lab 11: Deploying DirectAccess

• Prepare the infrastructure requirements for DirectAccess
• Configure DirectAccess using Forefront UAG

Lab 12: Endpoint Policies and Network Access Protection

• Use the Endpoint Policies with a Forefront UAG portal application
• Configure Network Access Protection (NAP) with Forefront UAG DirectAccess

Lab 13: Configuring Forefront UAG Arrays

• Install an additional Forefront UAG server
• Configure a Forefront UAG array and perform post-array configuration tasks