Install Microsoft Forefront TMG 2010 (part 3 of 3)

The previous article(part 2) has already finished the Getting Started Wizard. In the moment, it will continue to run the Web Access wizard after enable check box and click “Close” button.
In the beginning screen, please directly click “Next >” button if you clearly this wizard will helps you define something.
URL FilteringSelect “Yes, create a rule blocking the minimum recommended URL categories” option next to click “Next >” button
It will show a rule about Block access to these Web destinations. If no need to add other rule, please directly click “Next >” button
Malware and HTTPS Inspection
In Malware Inspection Settings, selecting “Yes, inspect Web content requested from the Internet” and “Block encrypted archives…”  for scanning HTTP content requested from Internet.
In HTTPS Inspection Settings, select “Allow users to establish HTTPS connections to Web sites” and “Inspect HTTPS traffic and validate HTTPS site certificates” option for let TMG can scan HTTPS traffic.
In HTTPS Inspection Preferences, select “No, do not notify users of HTTPS inspection” option if HTTPS traffic is inspected and “Use a certificate automatically generated by Forefront TMG” option for generating the HTTPS inspection certificate.
Web Caching
Due to this TMG is not a member of a Windows Active Directory Domain, it just only selection for us to choose “I will manually export and deploy the certificate” for deploying HTTPS inspection trusted root CA to the client computers.
Please click “Browse…” button for where is the exported certificate location.
Choose the right location as “My TMG 2010” and assign a file name as “https inspection trusted root CA” next to click “Save” button
Click “Next >” button if the certificate path and name is right.
In Web Cache Configuration, I want to enable the default Web caching rule so that need to create Cache Size by click “Cache Drives…” button
Select “Drive C:” and write down Maximum cache size(MB) “1024” next to click “Set” button
You will see Cache size has value “1024” now. Click “OK” to exist this setting.
Click “Next >” button to complete Web Cache Configuration.
Until now, we have already complete the Web Access Policy Wizard”.
Finally, we need to save changes and update the configuration by clicking “Apply” button.
The Firewall Policy will define some policy based on the above setting now.

<<< Install Microsoft Forefront TMG 2010 (part 2 of 3)

Install Microsoft Forefront TMG 2010 (part 1 of 3) >>>

Install Microsoft Forefront TMG 2010 (part 2 of 3)

Last article, I have already finish Software installation based on role selection and assign the internal network adapter. In the moment, I will continue to do the related configuration.

Network Settings
Click “Start” –> "Forefront TMG Management” to launch “Getting Started Wizard”
In Getting Started Wizard, click “Configure network settings”
Click “Next >” button
Select “Edge firewall” option next to click “Next >” button
Select the Internal network adapter next to click “Next >” button
Select one network adapter to connect to the Internet and “Obtain an IP address automatically” option next to click “Next >” button. In the moment,the alert message will show up and tell us the suggestion --- Use a static IP for a more secure configuration. Due to the selection is right for me, I decide to ignore this alert next to click “OK” button.
Click “Finish” button to complete the network setup wizard.
Now we will continue to configure system settings

System SettingsIn Getting Started Wizard, click “Configure network settings”
Click “Next >” button
Click “Next >” button if host identification is exact.
Click “Finish” button to complete the system setup wizard.
Now we will continue to define deployment options.

Define Deployment
In Getting Started Wizard, click “Define deployment options”click “Next >” button
Select “User the Microsoft Update service to check for updates” option next to click “Next >” button
In the NIS and Web Protection selection, it will depend on whether you need this function on TMG. In the moment, I will enable NIS and Web Protection by default next to click “Next >” button.
In the configuration of Signature Set Update and New Signature Set, it still depend on your decision. I still select recommended option next to click “Next >” button.
Select a feedback option next to click “Next >” button
Select your level of participation next to click “Next >” button
Click “Finish” button to complete the Deployment Wizard
Until now, we have already finish Getting Started Wizard.
In next article, we will continue to run the Web Access Wizard.

<<<  Install Microsoft Forefront TMG 2010 (part 1 of 3)

Install Microsoft Forefront TMG 2010 (part 1 of 3)

To install TMG 2010 as install the Microsoft Product --- mount the DVD next to trigger execution file automatically that the installation guidance will show up. It is very friendly window to explain or guide you about “Before You Start”, “Prepare and Install”, “Additional Options” scenario. In the moment, I have installed Windows Update with up to date into my Server. So I will follow up this flow --- first decide to run Preparation Tool next to Run Installation Wizard.

When click “Run Preparation Tool”, the Forefront TMG Preparation Tool wizard will show up.
Click “Next >” button
Enable “I accept the terms of the License Agreements” check box next to click “Next >” button
Select “Forefront TMG services and Management” option next to click “Next >” button
Enable “Launch Forefront TMG Installation Wizard” check box next to “Finish” button
So does that the Forefront TMG Enterprise Installation Wizard will show up automatically and click “Next >” button to go the next process.
(The above result is the same as execute executable file in TMG 2010 DVD again to select “Run Installation Wizard”.)
Select “I accept the terms in the license agreement” option next to click “Next >” button
Enter some information as User Name、Organization、Product Serial Number next to click “Next >” button
Select Installation path for Forefront TMG next to click “Next >” button
Click “Add…” button to specify the internal network address range
Click “Add Adapter…” button
Select one network adapter for Internal range next to click “OK” button
If the IP address ranges have already added into this network, please click “OK” button to return to the Define Internal Network windows.
So does that the Internal Network Address Ranges will show the defined value. If it is no any problem, click “Next >” button.
This windows just notify you the some Services will be restarted during the installation. Please directly ignore this message to click “Next >” button.
Click “Install” button to begin the installation.
The Installation Wizard is progressing now.
Click “Finish” button to exit the wizard. If you want to continue to do next action, please enable “Launch Forefront TMG Management when the wizard closes” check box.
Until now, we just install the initial software installation and basic internal selection. In next article, I will introduce the three steps --- Configure network settings, Configure system settings, Define deployment option.

Install Microsoft Forefront TMG 2010 (part 2 of 3) >>>