Windows Forefront

-
Client: Forefront Client Security / Forefront Endpoint Protection
Server: Forefront for Exchange Server / Forefront for SharePoint Server / Forefront for Lync Server
Edge: Forefront TMG 2010 / Forefront UAG 2010

ISA 2006 vs TMG 2010
1. ISA 2006 only support Windows Server 2003
TMG 2010 only support Windows Server 2008 or 2008R2 or 2012
2. ISA 2006 only have 32 bit; TMG 2010 only have 64 bit

Hardware firewall vs Software firewall
1. Hardware firewall ISO is based on linux which makes it more stable
2. Hardware firewall: Transfer package is more efficient
3. Software firewall: TMG price is not cheap, similar with Hardware firewall

TMG Standard vs Enterprise
Standard: all in one
Enterprise: array

TMG Server has two network adaptor(one for internal, one for internet)

TMG Config
1. Network config
A. Choose "edge firewall"
B. Choose the network adaptor for internal as LAN
C. Choose the network adaptor for internet as Internet
D. Choose to use Workgroup(recommendation): separate the firewall from domain
Choose to use domain: control internet visit by domain account
E. Choose the apply windows update

Test Network Diagram 
client     --> TMG                            --> Internet
10.0.0.100   10.0.0.1 / 192.168.1.1        

TMG Rule needs 20 second after apply.

1. By default, TMG deny all the connection visit. Therefore the client pc can not ping to TMG server
TMG Server create "visiting rule" for client to ping TMG server

2. Close the firewall on client, TMG Server can ping client
By default, TMG server has access to local computer

3. Create rule in TMG server to allow client to visit web and email
Add DNS, HTTP, HTTPS, POP3, SMTP, PING protocol

4. Block the executable file transfer from internet to internal
I. Right click the rule create in step3 and click the last item.
II. choose "block response to file which contain executable one"
III. set the file extension to block

5. Block one comput visit internet
I. Create one comput information on the right TMG Setting
II. Set the internal exception by adding the computer

6. Config the internet visiting time

7. Block specific URL
I. Create one URL information on the right TMG Setting
II. Set the internet exception by adding the URL

8. Control download
cancel the step 4 setting, and define the security policy for download.
Depending on it, TMG will download on TMG server and scan. Only it find it security, download from it. 

9. Three network (Add one network for DMZ zone)
I. Add network adaptor for TMG server, set IP as 20.0.0.1
II. Start one server work in DMZ zone, set IP as 20.0.0.100
III. Add network in TMG config
1). Add "网络连接"
2). Add “网络规则”
3). Add “访问规则”

Comments

Post a Comment

Popular posts from this blog

Nginx Proxy & Load Balance & LNMP

-
Nginx Proxy Service E-commerce website Server 1: provide image request response (  apache / nginx ) Server 2: provide dynamic request response ( php-fpm / apache-php ) Server 3: provide static request response ( apache / nginx ) Server 4: provide data request response ( mysql ) It need one additional nginx server 1. Install nginx 2. proxy to specific server Example location / {      proxy_pass http://192.168.199.187:80/; } location /bbs/ {      proxy_pass http://192.168.199.187:80/bbs/; } location ~* \.(jpg|png|gif)$  {      proxy_pass http://172.16.100.7; } Enhance the log information and specific the hostname location / {      proxy_pass  http://192.168.199.187:80/;      proxy_set_header <parameter name>  $host;  (client requst the hostname )      proxy_set_header <parameter name> $remote_addr; ...
Read more

Snort+barnyard2+Snorby CentOS 6.5_64 Installation

-
#download packages: daq-2.0.2.tar.gz ImageMagicK-6.8.9-8.tar.gz oinkmaster-2.0.tar.gz ruby-1.9.3-p547.tar.gz snort-2.9.6.2.tar.gz snortrules-snapshot-2962.tar.gz MySQL-server-5.5.40-1.rhel5.x86_64.rpm MySQL-client-5.6.21-1.rhel5.x86_64.rpm MySQL-devel-5.6.21-1.rhel5.x86_64.rpm MySQL-shared-5.6.21-1.rhel5.x86_64.rpm epel-release-6-8.noarch.rpm barnyard2-2.1.13.tar.gz #install yum package rpm -ivh epel-release-6-8.noarch.rpm yum install gcc-c++ patch readline readline-devel zlib zlib-devel flex git yum install libyaml-devel libffi-devel openssl-devel make  yum install bzip2 autoconf automake libtool bison iconv-devel libxml2-devel libxslt  yum install gcc g++ build-essential libssl-devel libreadline5-devel zlib1g-devel linux-headers-generic libsqlite3-devel libxslt-devel curl-devel sqlite-devel yum --enablerepo=epel install jasper jasper-libs jasper-devel #Mysql install yum remove mysql mysql-libs rpm -ivh MySQL-server-5.5.40-1.rh...
Read more

ORACLE Error

-
Image
oracle official error explanation  http://docs.oracle.com/cd/E11882_01/server.112/e17766/toc.htm 从服务器下载ALERT日志文件,传输方式需要选择"ASCII" ORA-01078: failure in processing system parameters 发生场景:新建数据库第一次启动时 SQL> startup ORA-01078: failure in processing system parameters LRM-00109: could not open parameter file ‘/home/oracle/oracle/product/10.2.0/db_1/dbs/initorcl.ora’ 原因:oracle_sid没有配置正确 解决方案: 1. 修改oracle用户.bash_profile文件中ORACLE_SID后的内容; 2. 重新已oracle用户登录; ORA-01157: cannot identify/lock data file string - see DBWR trace file  Cause: The background process was either unable to find one of the data files or failed to lock it because the file was already in use. The database will prohibit access to this file but other files will be unaffected. However the first instance to open the database will need to access all online data files. Accompanying error from the operating system describes why the file could not be identified. Action: Have operating system make file ...
Read more